How to generate a package-lock.json file [4 ways]
Last updated: Apr 21, 2023
Reading time·4 min
# Table of Contents
- How to generate a package-lock.json file without running npm install
- Generating a new package-lock.json file by running
npm install - Using the --package-lock option to generate a package-lock.json file
- Make sure you haven't added your package-lock.json file to .gitignore
- Generating an npm-shrinkwrap.json file
# How to generate a package-lock.json file without running npm install
Use the npm install --package-lock-only command to generate a
package-lock.json file without running npm install.
The --package-lock-only option only updates the package-lock.json file
instead of checking your node_modules folder and downloading dependencies.
Open your terminal in your project's root directory (where your package.json
file is) and issue the following command.
npm install --package-lock-only
When the
--package-lock-only
argument is set, a package-lock.json file is generated if it doesn't already
exist.
If the file exists, it is updated.
Note that the command doesn't check your node_modules folder and doesn't
download dependencies.
package-lock.json file describes the tree of your node modules, so subsequent installs are able to generate identical trees.If you need to generate a package.json file, issue the npm init -y command.
npm init -y
The command will generate a new package.json file if it doesn't already exist.
If the file exists, its contents are printed to the terminal.
# Generating a new package-lock.json file by running npm install
You can also run the
npm install command to
automatically generate a new package-lock.json file.
npm install
The package-lock.json file is automatically generated for all operations that
modify your node_modules directory or your package.json file.
The npm update command can
also be used to generate or update package-lock.json.
npm update
# Using the --package-lock option to generate a package-lock.json file
If you aren't able to generate a package-lock.json file, you might have
disabled the package-lock configuration in your ~/.npmrc file.
You can force generate a package-lock.json file by setting the
--package-lock argument when issuing npm install.
npm install --package-lock
The command will force generate a package-lock.json file even if the
package-lock
configuration key is set to false.
When the package-lock key is set to false, then the package-lock.json file
is ignored when installing modules.
You can view your current value of the package-lock key by issuing the
following command.
npm config get package-lock
If you want to disable the package-lock key, set it to false by issuing the
following command.
# disable generating/updating package-lock.json file npm config set package-lock false
Conversely, if you want to enable the package-lock key, set it to true.
# enable generating/updating package-lock.json file npm config set package-lock true
You might also have the view your global setting of the package-lock key by
using the --global argument.
npm config --global get package-lock
If you need to update the value of the global package-lock key, use either of
the following commands.
# disable generating/updating package-lock.json file npm config --global set package-lock false # enable generating/updating package-lock.json file npm config --global set package-lock true
You can also manually check the values in your NPM configuration files.
You can view where your user NPM config file is located by issuing the following command.
npm config get userconfig
And you can view where your global NPM config file is located by issuing the following command.
npm config get globalconfig
# Make sure you haven't added your package-lock.json file to .gitignore
Note that your package-lock.json file should be committed to your remote
repository.
If you have the file in your .gitignore file, make sure to remove it.
The package-lock.json file is used to:
- describe your dependencies as a tree, so the same dependencies can be installed by multiple people, on multiple machines.
- enable you to go to previous states of your
node_modulesdirectory without having to commitnode_modulesto git. - optimize the installation process of modules.
# Generating an npm-shrinkwrap.json file
You might have seen that some repositories use a npm-shrinkwrap.json file
instead of package-lock.json.
The files are very similar and have the same format, however,
npm-shrinkwrap.json is published to the NPM registry and package-lock.json
is not.
The package-lock.json file is ignored if it is found in any other location
than the root directory.
The npm-shrinkwrap.json file is most commonly used when deploying a CLI tool
or when producing production packages.
If you need to generate an npm-shrinkwrap.json file, issue the following
command.
npm shrinkwrap
If your project has both package-lock.json and npm-shrinkwrap.json, then
npm-shrinkwrap.json takes precedence and package-lock.json is ignored.
# Additional Resources
You can learn more about the related topics by checking out the following tutorials:
- Could not proxy request from localhost:3000 to http://localhost:5000
- Fix Error while fetching extensions. XHR failed in VS Code
- npm ERR! code ENOENT syscall open error [Solved]
- Cannot read properties of null (reading 'pickAlgorithm')
- npm install hangs on 'sill idealTree buildDeps' [Solved]
- React: Could not find a required file. Name: index.html
- The 'npm audit fix' command not working [Solved]
- How to add comments to your package.json file
- npm install doesn't install devDependencies issue [Solved]
- npm should be run outside of the Node.js REPL, in your normal shell
- How to set environment variables in package.json
- Get the version number from package.json in Node.js code
- NPM: View the dependency tree of a project or an NPM module
- E401 Unable to authenticate, your authentication token seems to be invalid
