npm 5 игнорирует блокировку пакета

Я пытаюсь обновить до npm 5 и заблокировать файлы.

Прямо сейчас у меня есть этот package.json:

{
  "name": "typescript-test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "build": "./node_modules/gulp/bin/gulp.js build",
    "apidoc": "./node_modules/gulp/bin/gulp.js apidoc",
    "watchApi": "BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js watchApi",
    "watchMqtt": "./node_modules/gulp/bin/gulp.js watchMqtt",
    "test-debug": "NODE_ENV=test ./node_modules/mocha/bin/mocha --no-timeouts --debug-brk release/js/api/test/e2e/**/*.js",
    "test": "___BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js test",
    "migrate": "./node_modules/sequelize-cli/bin/sequelize db:migrate",
    "migrate:undo": "./node_modules/sequelize-cli/bin/sequelize db:migrate:undo"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "@types/bcrypt": "0.0.30",
    "@types/bluebird": "^3.0.35",
    "@types/body-parser": "0.0.33",
    "@types/config": "0.0.30",
    "@types/dateformat": "^1.0.1",
    "@types/expect.js": "^0.3.29",
    "@types/express": "^4.0.33",
    "@types/lodash": "^4.14.37",
    "@types/minimist": "^1.1.29",
    "@types/mocha": "^2.2.32",
    "@types/mongoose": "^4.7.11",
    "@types/mqtt": "0.0.32",
    "@types/mysql": "0.0.31",
    "@types/node-schedule": "0.0.36",
    "@types/nodemailer": "^1.3.32",
    "@types/passport": "^0.2.32",
    "@types/passport-http-bearer": "^1.0.30",
    "@types/passport-local": "^1.0.29",
    "@types/sequelize": "^4.0.38",
    "@types/sequelize-fixtures": "^0.4.29",
    "@types/should": "^8.1.30",
    "@types/supertest": "^1.1.31",
    "@types/supertest-as-promised": "^2.0.32",
    "@types/winston": "0.0.28",
    "ansi_up": "^1.3.0",
    "bcrypt": "^0.8.7",
    "bluebird": "^3.4.6",
    "body-parser": "1.15.2",
    "config": "^1.21.0",
    "cron-parser": "^2.4.1",
    "dateformat": "^2.0.0",
    "expect.js": "^0.3.1",
    "express": "^4.14.0",
    "express-basic-auth": "^1.1.1",
    "express-winston": "^2.0.0",
    "gulp": "^3.9.1",
    "gulp-clean": "^0.3.2",
    "gulp-copy": "0.0.2",
    "gulp-nodemon": "^2.2.1",
    "gulp-relative-sourcemaps-source": "^0.1.4",
    "gulp-sourcemaps": "^2.0.0",
    "gulp-spawn-mocha": "^3.1.0",
    "gulp-tslint": "^6.1.2",
    "gulp-typescript": "^3.0.2",
    "json-2-csv": "^2.1.0",
    "lodash": "^4.16.4",
    "merge2": "^1.0.2",
    "minimist": "^1.2.0",
    "mocha": "^3.1.2",
    "mongoose": "^4.9.7",
    "mongoose-fixtures": "0.0.1",
    "mosca": "^2.0.2",
    "mqtt": "^2.2.1",
    "mysql": "^2.11.1",
    "node-cron": "^1.2.0",
    "node-schedule": "^1.2.0",
    "nodemailer": "^2.6.4",
    "passport": "^0.3.2",
    "passport-http-bearer": "^1.0.1",
    "passport-local": "^1.0.0",
    "path": "^0.12.7",
    "pm2": "^2.4.2",
    "read-last-lines": "^1.1.0",
    "regression": "^1.4.0",
    "sequelize": "3.24.3",
    "sequelize-cli": "2.4.0",
    "sequelize-fixtures": "^0.5.5",
    "should": "^11.1.1",
    "supertest": "^2.0.1",
    "supertest-as-promised": "^4.0.1",
    "tslint": "^3.15.1",
    "typescript": "2.3.4",
    "typings": "^1.4.0",
    "winston": "^2.2.0"
  },
  "devDependencies": {
    "gulp-apidoc": "^0.2.6",
    "gulp-debug": "^2.1.2"
  }
}

и часть моего пакета-lock.json (то есть для express.js):

{
  "name": "typescript-test",
  "version": "1.0.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "express": {
      "version": "https://registry.npmjs.org/express/-/express-4.15.2.tgz",
      "integrity": "sha1-rxB/wUhQRFfy3Kmm8lcdcSm5ezU=",
      "requires": {
        "accepts": "https://registry.npmjs.org/accepts/-/accepts-1.3.3.tgz",
        "array-flatten": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
        "content-disposition": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz",
        "content-type": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz",
        "cookie": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
        "cookie-signature": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
        "debug": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
        "depd": "https://registry.npmjs.org/depd/-/depd-1.1.0.tgz",
        "encodeurl": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.1.tgz",
        "escape-html": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
        "etag": "https://registry.npmjs.org/etag/-/etag-1.8.0.tgz",
        "finalhandler": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.2.tgz",
        "fresh": "https://registry.npmjs.org/fresh/-/fresh-0.5.0.tgz",
        "merge-descriptors": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
        "methods": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
        "on-finished": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
        "parseurl": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.1.tgz",
        "path-to-regexp": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
        "proxy-addr": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-1.1.4.tgz",
        "qs": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
        "range-parser": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
        "send": "https://registry.npmjs.org/send/-/send-0.15.1.tgz",
        "serve-static": "https://registry.npmjs.org/serve-static/-/serve-static-1.12.1.tgz",
        "setprototypeof": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
        "statuses": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
        "type-is": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz",
        "utils-merge": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz",
        "vary": "https://registry.npmjs.org/vary/-/vary-1.1.1.tgz"
      },
      "dependencies": {
        "debug": {
          "version": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
          "integrity": "sha1-eYVQkLosTjEVzH2HaUkdWPBJE1E=",
          "requires": {
            "ms": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz"
          }
        },
        "ms": {
          "version": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
          "integrity": "sha1-riXPJRKziFodldfwN4aNhDESR2U="
        },
        "qs": {
          "version": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
          "integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM="
        },
        "setprototypeof": {
          "version": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
          "integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ="
        }
      }
    }
  }
}

Из пакета package-lock.json, экспресс должен быть установлен на 4.15.2.

Однако, если я сделаю

rm -rf node_modules
npm install

Экспресс установлен на 4.15.3 и пакет-lock.json перезаписан.

Это правильное поведение npm? Я неправильно использую пакетную блокировку?

0 ответов

Каждое изменение node_modules папка, созданная npm, включая npm install, отражается в package-lock.json. Он регистрирует фактически установленные в настоящее время зависимости.

Если теперь вы хотите установить зависимости, заблокированные в вашем package-lock.json, если вы, например, строите на сервере. Вы можете использоватьnpm ci команда, чтобы установить зависимости.

Из документации: package-lock.json, npm-ci.

Другие вопросы по тегам