devbox
花生_TL007
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

package-lock.json文件

作者:花生_TL007 | 2024-06-05 15:55:28

把package-lock 下所有的ansi-regex 改成3.0.1版本

In version 5, npm introduced the package-lock.json file.

在版本5中, npm引入了package-lock.json文件。

What’s that? You probably know about the package.json file, which is much more common and has been around for much longer.

那是什么? 您可能知道package.json文件 ,该文件更常见并且存在时间更长。

The goal of the file is to keep track of the exact version of every package that is installed so that a product is 100% reproducible in the same way even if packages are updated by their maintainers.

该文件的目标是跟踪安装的每个软件包的确切版本,以便即使软件包的维护者更新了软件包,产品也可以以相同的方式100%复制。

This solves a very specific problem that package.json left unsolved. In package.json you can set which versions you want to upgrade to (patch or minor), using the semver notation, for example:

这解决了package.json尚未解决的非常具体的问题。 在package.json中,您可以使用semver表示法设置要升级到的版本(补丁程序或次要版本),例如:

  • if you write ~0.13.0, you want to only update patch releases: 0.13.1 is ok, but 0.14.0 is not.

    如果你写~0.13.0 ,你只想更新补丁发布: 0.13.1是好的,但0.14.0不是。

  • if you write ^0.13.0, you want to update patch and minor releases: 0.13.1, 0.14.0 and so on.

    如果你写^0.13.0 ,要更新补丁和次要版本: 0.13.10.14.0等等。

  • if you write 0.13.0, that is the exact version that will be used, always

    如果您编写0.13.0 ,那么将始终使用确切的版本

You don’t commit to Git your node_modules folder, which is generally huge, and when you try to replicate the project on another machine by using the npm install command, if you specified the ~ syntax and a patch release of a package has been released, that one is going to be installed. Same for ^ and minor releases.

您无需提交给Git您的node_modules文件夹(该文件夹通常很大),并且当您尝试使用npm install命令在另一台计算机上复制项目时,如果您指定了~语法并且已经发布了软件包的修补程序版本,这将要安装。 ^和次要版本相同。

If you specify exact versions, like 0.13.0 in the example, you are not affected by this problem.

如果您指定确切的版本,例如示例中的0.13.0 ,则不会受到此问题的影响。

It could be you, or another person trying to initialize the project on the other side of the world by running npm install.

可能是您,或者是另一个人尝试通过运行npm install初始化世界另一端的项目。

So your original project and the newly initialized project are actually different. Even if a patch or minor release should not introduce breaking changes, we all know bugs can (and so, they will) slide in.

因此,您的原始项目和新初始化的项目实际上是不同的。 即使补丁程序或次要发行版不应该引入重大更改,我们都知道错误可以(因此,它们也会)潜入。

The package-lock.json sets your currently installed version of each package in stone, and npm will use those exact versions when running npm install.

package-lock.json将每个软件包的当前安装版本设置为stone ,并且npm在运行npm install时将使用这些确切版本。

This concept is not new, and other programming languages package managers (like Composer in PHP) use a similar system for years.

这个概念并不新鲜,其他编程语言包管理器(例如PHP中的Composer)使用类似的系统已有多年了。

The package-lock.json file needs to be committed to your Git repository, so it can be fetched by other people, if the project is public or you have collaborators, or if you use Git as a source for deployments.

package-lock.json文件需要提交到您的Git存储库,因此,如果项目是公共的或您有合作者,或者您将Git用作部署源,则可以由其他人获取。

The dependencies versions will be updated in the package-lock.json file when you run npm update.

运行npm update时,依赖关系版本将在package-lock.json文件中npm update

一个例子 (An example)

This is an example structure of a package-lock.json file we get when we run npm install cowsay in an empty folder:

这是在空文件夹中运行npm install cowsay时获得的package-lock.json文件的示例结构: 

  1. {
  2.   "requires": true,
  3.   "lockfileVersion": 1,
  4.   "dependencies": {
  5.     "ansi-regex": {
  6.       "version": "3.0.0",
  7.       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.
  8. 0.0.tgz",
  9.       "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg="
  10.     },
  11.     "cowsay": {
  12.       "version": "1.3.1",
  13.       "resolved": "https://registry.npmjs.org/cowsay/-/cowsay-1.3.1.tgz"
  14. ,
  15.       "integrity": "sha512-3PVFe6FePVtPj1HTeLin9v8WyLl+VmM1l1H/5P+BTTDkM
  16. Ajufp+0F9eLjzRnOHzVAYeIYFF5po5NjRrgefnRMQ==",
  17.       "requires": {
  18.         "get-stdin": "^5.0.1",
  19.         "optimist": "~0.6.1",
  20.         "string-width": "~2.1.1",
  21.         "strip-eof": "^1.0.0"
  22.       }
  23.     },
  24.     "get-stdin": {
  25.       "version": "5.0.1",
  26.       "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-5.0.
  27. 1.tgz",
  28.       "integrity": "sha1-Ei4WFZHiH/TFJTAwVpPyDmOTo5g="
  29.     },
  30.     "is-fullwidth-code-point": {
  31.       "version": "2.0.0",
  32.       "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/
  33. is-fullwidth-code-point-2.0.0.tgz",
  34.       "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="
  35.     },
  36.     "minimist": {
  37.       "version": "0.0.10",
  38.       "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.10
  39. .tgz",
  40.       "integrity": "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8="
  41.     },
  42.     "optimist": {
  43.       "version": "0.6.1",
  44.       "resolved": "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz",
  45.       "integrity": "sha1-2j6nRob6IaGaERwybpDrFaAZZoY=",
  46.  
  47.       "requires": {
  48.         "minimist": "~0.0.1",
  49.         "wordwrap": "~0.0.2"
  50.       }
  51.     },
  52.     "string-width": {
  53.       "version": "2.1.1",
  54.       "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
  55.       "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
  56.       "requires": {
  57.         "is-fullwidth-code-point": "^2.0.0",
  58.         "strip-ansi": "^4.0.0"
  59.       }
  60.     },
  61.     "strip-ansi": {
  62.       "version": "4.0.0",
  63.       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
  64.       "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
  65.       "requires": {
  66.         "ansi-regex": "^3.0.0"
  67.       }
  68.     },
  69.     "strip-eof": {
  70.       "version": "1.0.0",
  71.       "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz",
  72.       "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8="
  73.     },
  74.     "wordwrap": {
  75.       "version": "0.0.3",
  76.       "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz",
  77.       "integrity": "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="
  78.     }
  79.   }
  80. }

We installed cowsay, which depends on

我们安装了cowsay ,具体取决于

  • get-stdin

    get-stdin

  • optimist

    optimist

  • string-width

    string-width

  • strip-eof

    strip-eof

In turn, those packages require other packages, as we can see from the requires property that some have:

反过来,这些软件包还需要其他软件包,正如我们从requires属性中可以看到的那样:

  • ansi-regex

    ansi-regex

  • is-fullwidth-code-point

    is-fullwidth-code-point

  • minimist

    minimist

  • wordwrap

    wordwrap

  • strip-eof

    strip-eof

They are added in alphabetical order into the file, and each one has a version field, a resolved field that points to the package location, and an integrity string that we can use to verify the package.

它们按字母顺序添加到文件中,每个都有一个version字段,一个指向包位置的可resolved字段以及一个可用于验证包的integrity字符串。

翻译自: https://flaviocopes.com/package-lock-json/

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/花生_TL007/article/detail/677146
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号