npm - 当相关包保持不变时，为什么 package.lock 文件要求部分会更改？

问题描述

这种package-lock.json变化如何可能：

前：

...
    "chokidar": {
      "version": "1.7.0",
      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-1.7.0.tgz",
      "integrity": "sha1-eY5ol3gVHIB2tLNg5e3SjNortGg=",
      "requires": {
        "anymatch": "1.3.2",
        "async-each": "1.0.3",
        "glob-parent": "2.0.0",
        "inherits": "2.0.4",
        "is-binary-path": "1.0.1",
        "is-glob": "2.0.1",
        "path-is-absolute": "1.0.1",
        "readdirp": "2.2.1"
      }
    },
...

后：

...
    "chokidar": {
      "version": "1.7.0",
      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-1.7.0.tgz",
      "integrity": "sha1-eY5ol3gVHIB2tLNg5e3SjNortGg=",
      "requires": {
        "anymatch": "^1.3.0",
        "async-each": "^1.0.0",
        "fsevents": "^1.0.0",
        "glob-parent": "^2.0.0",
        "inherits": "^2.0.1",
        "is-binary-path": "^1.0.0",
        "is-glob": "^2.0.0",
        "path-is-absolute": "^1.0.0",
        "readdirp": "^2.0.0"
      }
    },
...

这发生在 docker 容器内——所以平台不是问题。完整性字段匹配 - 所以WTF。所需的版本发生了变化（可能是npm audit），但作为要求的 fsevents 是新的，而包没有更改。任何人都可以给我一个线索吗？

标签： npmdependenciessemantic-versioningpackage-lock.json