Brief Introduction to npm 5.0 and npm5.0

Brief Introduction to npm 5.0 and npm5.0

Preface

Node was upgraded a few days ago. after js v8.0, the npm is upgraded to 5.0. The first time it was used, it was amazing that it would take more than a dozen seconds to reinstall the module. Now it will take more than one second.

Don't be excited. Now let's talk about some major changes in npm 5:

• Usenpm install xxxWhen the command is used to install a module, the -- save option is no longer required, and the module dependency information is automatically saved to the package. json file;
• Installing module operations (changing the contents of the node_modules folder) will generate or update the package-lock.json File
• Released modules do not contain package-lock.json files
• If you manually modify the version of the existing module in the package. json file, runnpm installThe specified version is not installed.npm install xxx@yyUpdate

The reason for the fast re-installation of the module is that the tree structure of the entire node_modules folder has been recorded in the package-lock.json file, and even the module has been recorded, you only need to download the file directly when re-installing it (it seems that facebook's yarn has no advantages ).

The following is an example of a package-lock.json file:

{ "name": "test_pkg_lock", "version": "1.0.0", "lockfileVersion": 1, "dependencies": { "commander": { "version": "2.9.0", "resolved": "https://registry.npmjs.org/commander/-/commander-2.9.0.tgz", "integrity": "sha1-nJkJQXbhIkDLItbFFGCYQA/g99Q=" }, "cssfilter": { "version": "0.0.8", "resolved": "https://registry.npmjs.org/cssfilter/-/cssfilter-0.0.8.tgz", "integrity": "sha1-ZWTKzLqKdt2bS5IGaLn7f9pQ5Uw=" }, "graceful-readlink": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/graceful-readlink/-/graceful-readlink-1.0.1.tgz", "integrity": "sha1-TK+tdrxi8C+gObL5Tpo906ORpyU=" }, "xss": { "version": "0.2.18", "resolved": "https://registry.npmjs.org/xss/-/xss-0.2.18.tgz", "integrity": "sha1-bfX7XKKL3FHnhiT/Y/GeE+vXO6s=" } }}

While bringing speed, npm has also dug a big pitfall:

In the future, directly change the version number of the corresponding module in the package. json file, and then executenpm installIt won't be updated (terrible). You can only use npm manuallyinstall xxx@yySpecifies the version number to install, and then it automatically updates the package-lock.json file. Direct executionnpm installIf the package-lock.json file does not exist, it is created based on the node_modules directory structure after the module is installed; if a package-lock.json file already exists, it downloads the module only according to the structure specified by the package-lock.json file, does not handle package. json file.

There are already a lot of people on the internet responding to this problem: issue on GitHub: package-lock.json file not updated after package. json file is changed

Link: https://github.com/npm/npm/issues/16866

Clean project with some deps in package. json. you run npm imodules are installed and package-lock.json file is created. say you update module A in package. json file. you run npm I. I wocould could just CT this updates the package-lock.json file but it doesn't. which results in module A not being updated.

Article: Understanding lock files in NPM 5

Link: http://jpospisil.com/2017/06/02/understanding-lock-files-in-npm-5.html

Here is a description of package-locks in the npm document.

Link: https://docs.npmjs.com/files/package-locks

At present do not know about the best practices of package-lock.json, decisive switch back to Node v6.x, wait for others to fill the trap again.

Summary

The above is all the content of this article. I hope the content of this article will help you in your study or work. If you have any questions, please leave a message, thank you for your support.