npm - package-lock.json 包含非精确版本
问题描述
它描述了生成的确切树,以便后续安装能够生成相同的树,而不管中间依赖项更新如何。
我正在查看包含以下版本的 package-lock.json 文件:
"less": "^3.0.4",
"less-loader": "^4.1.0",
"license-webpack-plugin": "^1.3.1",
"lodash": "^4.17.4",
"memory-fs": "^0.4.1
在requires
依赖项之一的块中。
虽然主项目的子依赖项被“锁定”,因为没有版本歧义,但这些传递依赖项却没有。但是,如果树中的任何依赖项都需要解释,那么 npm 如何“能够生成相同的树,而不管中间依赖项更新如何”?
解决方案
根据这个线程,在 npm@6 中,package-lock.json 在内部表示依赖版本的方式发生了变化,它记录了最初请求的范围依赖,但仍锁定特定版本。
以前,包锁不记录依赖项最初请求的版本,只记录它在创建时将其解析为哪个版本。
这是示例:package-lock.json
// OLD npm format
// Notice that ajv.requires contains specific version for 'fast-json-stable-stringify'
// also notice that 'fast-json-stable-stringify' entry **mentions for the second time** specific version
{
...
"dependencies": {
...
"ajv": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.11.0.tgz",
"integrity": "sha512-nCprB/0syFYy9fVYU1ox1l2KN8S9I+tziH8D4zdZuLT3N6RMlGSGt5FSTpAiHB/Whv8Qs1cWHma1aMKZyaHRKA==",
"dev": true,
"requires": {
"fast-deep-equal": "3.1.1",
"fast-json-stable-stringify": "2.1.0",
"json-schema-traverse": "0.4.1",
"uri-js": "4.2.2"
}
},
...
"fast-json-stable-stringify": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
"integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
"dev": true
},
...
}
...
}
这是 npm6 方法
// "new" npm format (as of npm@6)
// Notice that ajv.requires is not showing specific versions
// but instead shows same values as package.json contains
// However 'fast-json-stable-stringify' entry contains
// SPECIFIC version to have reproducible build
{
...
"dependencies": {
...
"ajv": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/ajv/-/ajv-6.11.0.tgz",
"integrity": "sha512-nCprB/0syFYy9fVYU1ox1l2KN8S9I+tziH8D4zdZuLT3N6RMlGSGt5FSTpAiHB/Whv8Qs1cWHma1aMKZyaHRKA==",
"dev": true,
"requires": {
"fast-deep-equal": "^3.1.1",
"fast-json-stable-stringify": "^2.0.0",
"json-schema-traverse": "^0.4.1",
"uri-js": "^4.2.2"
}
},
...
"fast-json-stable-stringify": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
"integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
"dev": true
},
...
}
...
}
推荐阅读
- function - Propagate Execution Status
- php - 在 Windows 任务调度程序上运行的 PHP 中使用 ftp 函数有什么问题吗?
- python - 无法解析的联系点,无法连接到 azure cosmos db 数据库
- excel - AutoFitting Columns With Maximum Width Condition?
- symfony - 标记服务和依赖注入
- netsuite - 自定义提醒上的 Netsuite 批准复选框?
- sql - SQL似乎在说1不是整数
- reactjs - 来自服务器套接字的更新不会在反应 ui 中重新呈现
- c# - C# windows 服务 - 每秒调用方法的最佳方式(不带 Windows.Forms.Timer)
- delphi - 如何在 TProgressBar 上显示打印进度