I don't think I'm able to answer everything, but here's at least some points:
The ^ in ^3.0.0 indicates that the package needs to be at least version 3.0.0. So having version 2.9.9 installed on the machine would require an update to version 3.0.0 or newer
The purpose of package-lock.json is to outline the list of version requirements for each package. This is useful for 2 reasons:
If a new feature is released in fancyTool.js v. 1.1.0 that you implement, you wouldn't want users to install v. 1.0.0. and wonder why it isn't working.
If the syntax changes dramatically from v. 1.0.0 to v. 2.0.0, you want to be able to require that v. 1.0.0 be installed instead of v. 2.0.0 (which would in turn break your program).
Then why to have both package-lock.json and those symbols in package.json ? Purpose of both of these things is same right ? How do they work together ?
The symbols are part of the package-lock.json structure. Each package independently can be assigned either a specific version or a minimum version that is needed. i.e.)
In this example, cookie, cookie-signature, and debug will install their specific versions and depd needs at least 1.1.1, but would also accept something like 2.0.0 or 1.2.1
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I don't think I'm able to answer everything, but here's at least some points:
The
^
in^3.0.0
indicates that the package needs to be at least version3.0.0
. So having version2.9.9
installed on the machine would require an update to version3.0.0
or newerThe purpose of
package-lock.json
is to outline the list of version requirements for each package. This is useful for 2 reasons:fancyTool.js v. 1.1.0
that you implement, you wouldn't want users to installv. 1.0.0.
and wonder why it isn't working.v. 1.0.0
tov. 2.0.0
, you want to be able to require thatv. 1.0.0
be installed instead ofv. 2.0.0
(which would in turn break your program).Then why to have both package-lock.json and those symbols in package.json ? Purpose of both of these things is same right ? How do they work together ?
The symbols are part of the
package-lock.json
structure. Each package independently can be assigned either a specific version or a minimum version that is needed. i.e.)In this example,
cookie
,cookie-signature
, anddebug
will install their specific versions anddepd
needs at least1.1.1
, but would also accept something like2.0.0
or1.2.1