Skip to content
/ how-package-lock-works Public

As of npm v5.1.0, dependencies versions in package.json *override* the values specified in package-lock.json

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

agconti/how-package-lock-works

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
node_modules
node_modules
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 
demo.sh
demo.sh
 
 
package-lock.gif
package-lock.gif
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Your package-lock.json isn't respected when there are ^ and ~ in your package.json. Instead, npm will install the most recent version allowed by the ^ and ~. This means that your builds are not reproducable since your underlying dependencies can change when running the same build at different points in time.

To prove this to yourself, run the demo:

./demo.sh

Supporting information:

demo.gif

About

As of npm v5.1.0, dependencies versions in package.json *override* the values specified in package-lock.json

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages