package-lock.json
Why does “npm install” rewrite package-lock.json?
I just recently upgraded to [email protected]. I now have a package-lock.json file with everything from package.json. I would expect that, when I run npm install that the dependency versions would be pulled from the lock file to determine what should be installed in my node_modules directory. What’s strange is that it actually ends up modifying and rewriting my package-lock.json file.
How do I fix a vulnerable npm package in my package-lock.json that isn’t listed in the package.json?
Github is telling me that a dependency in my package-lock.json file is vulnerable and outdated. The problem is that if I do npm install or npm update, neither of them update the dependency in the package-lock.json file.
Is there any way to fix package-lock.json lockfileVersion so npm uses a specific format?
If two different developers are using different versions of node (12/15) & npm (6/7) in a project that was originally created using a package-lock.json "lockfileVersion": 1, when the developer using npm 7x installs new packages it seems that the package-lock.json is re-created using "lockfileVersion": 2.
Should package-lock.json also be published?
npm 5 introduced package-lock.json, of which the documentation is here.
Is there a way to force npm to generate package-lock.json?
I deleted it by accident and have made many changes to package.json since. An npm install or npm update do not generate package-lock.json anymore. I tried clearing my npm cache and my nvm cache, but nothing seems to be working. I tried it on several versions of Node.js (6.10.3 Node.js – 3.10.10 npm is what I would like it to work on), and it doesn’t work on any.