re: Explain package-lock.json like I am five VIEW POST

VIEW FULL DISCUSSION
 

A small thing to add here regarding lock files is speed. If your repo don't have a lock file, NPM (or any package manager) check all existing version of your dependencies and install the ones matching what you asked for. The same process if repeated for all sub-dependencies and so on.

Lock file remove this roundabout, it don't need to check to know "who need what" or "what version match this".

I just test on a project:

$ rm -rf node_modules/ package-lock.json
$ npm install
> added 1392 packages from 555 contributors, updated 2 packages and audited 52426 packages in 140.629s
$ rm -rf node_modules/
$ npm install
> added 1394 packages from 556 contributors and audited 52426 packages in 19.795s
code of conduct - report abuse