问题描述
如果两个不同的开发人员使用不同版本的节点 (12/15) &npm (6/7) 在最初使用 package-lock.json
"lockfileVersion": 1
创建的项目中,当开发人员使用 npm 7x 安装新包时似乎 package-lock.json
是使用 "lockfileVersion": 2
重新创建的.
If two different developers are using different versions of node (12/15) & npm (6/7) in a project that was originally created using a package-lock.json
"lockfileVersion": 1
, when the developer using npm 7x installs new packages it seems that the package-lock.json
is re-created using "lockfileVersion": 2
.
这似乎会给使用 npm v6 的开发人员带来问题,因为它尝试使用 lockfileVersion 2
,但最终会产生新的差异.
This seems to cause issues for the developer using npm v6, as it tries to work with the lockfileVersion 2
, but it ends up producing new diffs.
npm WARN read-shrinkwrap 这个版本的 npm 兼容 lockfileVersion@1,但是 package-lock.json 是为 lockfileVersion@2 生成的.我会努力做到最好!
有什么方法可以将 npm
的新版本指定为 only 使用 lockfileVersion": 1
?还是我们只需要让所有开发人员都使用相同版本的 npm
?
Is there any way to specify to newer versions of npm
to only use "lockfileVersion": 1
? Or do we just have to get all devs on the same version of npm
?
推荐答案
我会建议您固定 Node/npm 版本并使其在您的环境(开发、暂存和生产)中保持一致.
I will advise you to pin the Node/npm version and align it across your environments (development, staging, and production).
您可以利用 nvm
通过添加来管理节点版本到您的项目 .nvmrc
文件(不要忘记将其存储在您的源代码管理中).
you can leverage nvm
for managing the node version by adding to your project .nvmrc
file (don't forget to store it in your source control).
例如,.nvmrc
看起来像:
$ cat .nvmrc
14.15.0
然后,您可以使用 nvm install &&nvm use
使用固定版本的node.
then, you can use nvm install && nvm use
to use the pined version of node.
npm 还支持 engines
:
npm also supports engines
:
你可以指定你的东西工作的节点版本:
{ 引擎":{节点":>=0.10.3<0.12";} }
而且,与依赖项一样,如果您不指定版本(或者如果您指定*"作为版本),那么任何版本的 Node 都可以.
And, like with dependencies, if you don't specify the version (or if you specify "*" as the version), then any version of Node will do.
如果您指定了引擎"字段,然后 npm 将需要该节点"在那个名单上的某个地方.如果引擎"被省略,那么 npm 会假设它在 Node 上工作.
If you specify an "engines" field, then npm will require that "node" be somewhere on that list. If "engines" is omitted, then npm will just assume that it works on Node.
您也可以使用引擎"字段来指定哪些版本的 npm 能够正确安装您的程序.例如:
You can also use the "engines" field to specify which versions of npm are capable of properly installing your program. For example:
{ 引擎":{npm";:~1.0.20"} }
除非用户设置了 engine-strict config 标志,否则这个字段只是建议性的,只有当你的包作为依赖项安装时才会产生警告.
Unless the user has set the engine-strict config flag, this field is advisory only and will only produce warnings when your package is installed as a dependency.
另一种方法是使用 Docker 容器作为开发和执行的运行时环境,这意味着您既不需要安装 node,也不需要安装 npm.例如
Another approach is to use a Docker container as a runtime environment for development and execution, which implies that you neither need to install node, nor npm. e.g.
$ mkdir my-project
$ cd my-project
$ docker run --rm -it -v $PWD:/app --entrypoint /bin/bash --workdir /app node:14.15.0
root@4da6ee3c2ac0:/app# npm init -y
Wrote to /app/package.json:
{
"name": "app",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC"
}
root@4da6ee3c2ac0:/app# npm install
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No description
npm WARN [email protected] No repository field.
up to date in 1.694s
found 0 vulnerabilities
root@4da6ee3c2ac0:/app# exit
exit
$ ls -x1
package-lock.json
package.json
如您所见,既没有 Node 也没有 npm:
As you can see, with neither Node, nor npm:
- 为新项目创建了一个新目录
- 启动一个 node docker 容器,它带有 node 和 npm
- 创建了一个新项目 (
npm init -y
) - 退出 docker 容器
- 列出容器所在工作目录中的文件
由于上面的 docker run
命令很长,您可能希望利用 docker-撰写以获得更简化的工作流程.
since the docker run
command above is long, you might wish to leverage docker-compose for a more streamlined workflow.
这篇关于有没有办法修复 package-lock.json lockfileVersion 以便 npm 使用特定格式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!