- Published on
Learn more about `package-lock.json`
- Authors
- Name
- hwahyeon
The package-lock.json file records the exact versions of the packages and their dependencies specified in the package.json file. While the package.json file specifies the version ranges of dependencies (e.g., using ^ or ~ for version ranges), package-lock.json logs the exact versions of all dependencies. For example, if "lodash": "^1.23.0" is specified in package.json, the installed version of lodash could be any 1.23.x. However, the package-lock.json file will record the exact version that was installed, such as 1.23.45.
Therefore, if this file is deleted and npm install is run, the package versions will be reinstalled based on the version ranges in package.json. Without package-lock.json, the newest versions within the specified range in package.json may be installed, so it's important to handle this file carefully. Also, since npm automatically manages package-lock.json, manually editing it is not recommended.
The package-lock.json file stores resolved information, which points to the original source (URL) from which the package was installed. This helps ensure that the same exact version can be reinstalled from the same source efficiently.
Structure
- version: The exact version of the installed package.
- resolved: The source (URL, etc.) from which the package was installed.
- integrity: A hash value that guarantees the integrity of the installed package.