package.json generated when we run
npm init
or
npm init -y
package-lock.json is generated when we install any package.
npm install package-name
Both package.json & package-lock.json should be commited to version
control system e.g. git.both have dependencies section in there json.
package.json is human readable while package-lock.json is machine
redable.usually
package.json can be updated manually by package-lock.json is not.It is always
regenerated when we install a package.if it preexist then new
package-lock.json is generated
package-lock.json save url for the package from where it can be downloaded
along with integrity that is hash of package so any chnage in latter download
of same vertsion can be detected.
package-lock.json speeds up the installation process by avoiding unnecessary
network requests and redundant calculations to determine dependency versions.
It enhances security by ensuring that only authorized and non-malicious
packages are installed.
package.json typically contains minimal information about dependency
resolution.package.json does not record the precise versions of packages
and their dependencies. It allows npm or yarn to select the latest compatible
versions when installing dependencies.
package-lock.json locks down the precise versions of packages used in your
project, which enhances reproducibility and consistency.
when we pass on a project from one person to other person and run
npm i
then new person not necessarilly end up with same node_module folder
as package.json dependency section contain package version with ~ & ^
sign which are used get latest patch & minor versions of packages mentioned
respectively
if that person runs
npm ci
then he will end up with exactly same node_module folder
No comments:
Post a Comment