Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
`package-lock.json` keeps being altered.
See original GitHub issueEvery single pull request made by others contains a commit that shows the package-lock.json being altered. However, the user and creator of the pull-request hasn’t done anything or made any changes. I think it automatically updates things such as the version every time someone forks and clones, and adds changes.
EDIT: An easy solution would be to create a file named .gitignore, and add the following content to it:
node_modules
package-lock.json
package.json
Thank you.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:14 (13 by maintainers)
Top Results From Across the Web
Solving the annoying package-lock.json integrity discrepancy
The issue is that when working in a team, with multiple different machines, and potentially different setups such as different Node and NPM ......
Read more >Why does "npm install" rewrite package-lock.json?
For example, the lock file had typescript specified to be at version 2.1.6. Then, after the npm install command, the version was changed...
Read more >package-lock.json - npm Docs
package -lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json . It describes the exact tree ......
Read more >But what the hell is package-lock.json?
So if your package.json is somehow changed or updated and the version in package.json does not match with the version in package-lock.json ......
Read more >Be aware of the package-lock.json and npm install
To fix the issue I went back in the history of the branch and found the latest package-lock.json file committed. After that I...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Heyy @CodingSpecies , I digged into this issue and looks like this is intended by npm. Whenever you run a
npm installthe package-lock.json file will get updated to have the newest version of dependencies. We have one possible solutions for thisnpm ci, that will install from package-lock.json only ( Stack overflow ) [ This will fail the install if there are mismatch of versions in package and package-lock rather than update]Any other possible solutions that you can add ?
Thanks all for he collaboration everyone 👍 yes the docs where not clear, but have now been improved
I will close this issue for now, if we need to re-open or create a new one in the future we can 🤓