- Let's create a new directory and initialize it with
npm init -y
.- This will create a new
package.json
file.
- This will create a new
- Let’s say we’re in 2021 and we want to install moment.js in our project.
-
That time we would’ve done,
npm i moment
, but to replicate the same let’s install the latest version of this package at that time which was 2.29.0 (Currently latest is 2.29.4). So the command for that will benpm i moment@2.29.0
- This will add a new key for moment inside package.json’s dependencies key, with the value as the version number ^2.29.0.
It’ll also create
package-lock.json
and node_modules folder. Inside node_modules folder we can see that the moment library has been added with the same version number, i.e. 2.29.0 & same is in the package-lock.json
- This will add a new key for moment inside package.json’s dependencies key, with the value as the version number ^2.29.0.
It’ll also create
Push code to Github along with both
package.json
&package-lock.json
(or simply delete the node_modules folder)-
Take a clone of this repo (or simply delete the node_modules folder), and in that run
npm i
.- Now since the package-lock file is present it’ll simply install the version of moment that is mentioned in that file which is 2.29.0 inside node_modules. So both package.json & package-lock.json will be on the same package as in the screenshot shown above.
- This also means that the developer who commited the code, and someone who clones the project let’s say today, when the latest version of moment is 2.29.4, will also install the version 2.29.4 only because of package-lock.json
-
If we had NOT commited
package-lock.json
file, but onlypackage.json
, whennpm i
was done, it would have found ^2.29.0 in package.json, but then it would’ve went to npm repository to find if there’s any new minor or patch release after 2.29.0, and since current latest version is 2.29.4, in node_modules this latest version will be installed and also in the newly created package-lock.json file, this version will be present.
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (0)