package.json

Record the version information of the modules that the current project depends on, lock the major version number of the module (the first part of the version number) when updating the module, and cannot lock the subsequent minor version,

package-lock.json

package-lock.json is a file generated during `npm install`.Records the names, version numbers, download addresses, and dependencies of all modules (packages) in the node_modules directory.

The difference between the two:

before npm5

Before npm5, there was no package-lock.json file.The package.json file will record all the modules you need in your project.When you execute npm install, node will first read all the dependencies information from the package.json file, and then compare the information in the dependencies with the modules in node_modules, if there is no direct download, and the existing ones will be checked for updates.

Because package.json can only lock the major version number of the module (the first part of the version number), it cannot lock the subsequent minor version, so every time you re-npminstall, you will pull the latest version under the major version.Generally, we cannot upgrade dependent packages at will for the sake of stability, because it is difficult to troubleshoot compatibility bugs caused by changing packages, which is prone to problems, so package-lock.json is to solve the problem of package locking and not upgrading

In addition, the package.json file only records the information of the modules you installed through npm install, and the information of other submodules that these modules depend on will not be recorded.

After npm5

The package-lock.json file locks the version numbers of all modules, including the main module and all dependent submodules.When you run npm install, node reads the module name from the package.json file, gets the version number from the package-lock.json file, and then downloads or updates it.

Therefore, because the package-lock.json file locks the version number, when you execute npm install, node will not automatically update the modules in the package.json file, you must use npm install [email protected] (specifyversion number) will be updated after installation, and the version number in the package-lock.json file will also be updated accordingly.

The role of package-lock.json

If you need to use npm install to reload all dependencies when re-npm install and when the node_modules folder does not exist or is deleted, the download address and related dependencies can be directly indicated through package-lock.json, no needThen analyze the dependencies of the package one by one from package.json, so it will greatly speed up the installation. The purpose of package-lock.json is to ensure that all library packages are exactly the same as what you installed last time.

If you want to upgrade the library package in package-lock.json

npminstall [email protected]

Let me introduce myself first. The editor graduated from Shanghai Jiaotong University in 2013. I worked in a small company and went to big factories such as Huawei and OPPO. I joined Alibaba in 2018, until now.I know that most junior and intermediate java engineers want to upgrade their skills, they often need to explore their own growth or sign up to study, but for training institutions, the tuition fee is nearly 10,000 yuan, which is really stressful.Self-learning that is not systematic is very inefficient and lengthy, and it is easy to hit the ceiling and the technology stops.Therefore, I collected a "full set of learning materials for java development" for everyone. The original intention is also very simple. I hope to help friends who want to learn by themselves but don't know where to start, and at the same time reduce everyone's burden.Add the business card below to get a full set of learning materials