Home Explore Help
Sign In
CocoRoboLabs
/
CocoRoboDesktop
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d6262b52a8
Branches Tags
CocoRoboDesk...
/
pdf1.js
/
node_modules
/
npm
/
man
/
man5
/
package-lock-json.5

package-lock-json.5 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. .TH "PACKAGE\-LOCK\.JSON" "5" "August 2021" "" ""
    2. 

  2. .SH "NAME"
    3. 

  3. \fBpackage-lock.json\fR \- A manifestation of the manifest
    4. 

  4. .SS Description
    5. 

  5. .P
    6. 

  6. \fBpackage\-lock\.json\fP is automatically generated for any operations where npm
    7. 

  7. modifies either the \fBnode_modules\fP tree, or \fBpackage\.json\fP\|\. It describes the
    8. 

  8. exact tree that was generated, such that subsequent installs are able to
    9. 

  9. generate identical trees, regardless of intermediate dependency updates\.
    10. 

  10. .P
    11. 

  11. This file is intended to be committed into source repositories, and serves
    12. 

  12. various purposes:
    13. 

  13. .RS 0
    14. 

  14. .IP \(bu 2
    15. 

  15. Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies\.
    16. 

  16. .IP \(bu 2
    17. 

  17. Provide a facility for users to "time\-travel" to previous states of \fBnode_modules\fP without having to commit the directory itself\.
    18. 

  18. .IP \(bu 2
    19. 

  19. To facilitate greater visibility of tree changes through readable source control diffs\.
    20. 

  20. .IP \(bu 2
    21. 

  21. And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously\-installed packages\.
    22. 

  22. 

  23. .RE
    24. 

  24. .P
    25. 

  25. One key detail about \fBpackage\-lock\.json\fP is that it cannot be published, and it
    26. 

  26. will be ignored if found in any place other than the toplevel package\. It shares
    27. 

  27. a format with npm help npm\-shrinkwrap\.json, which is essentially the same file, but
    28. 

  28. allows publication\. This is not recommended unless deploying a CLI tool or
    29. 

  29. otherwise using the publication process for producing production packages\.
    30. 

  30. .P
    31. 

  31. If both \fBpackage\-lock\.json\fP and \fBnpm\-shrinkwrap\.json\fP are present in the root of
    32. 

  32. a package, \fBpackage\-lock\.json\fP will be completely ignored\.
    33. 

  33. .SS File Format
    34. 

  34. .SS name
    35. 

  35. .P
    36. 

  36. The name of the package this is a package\-lock for\. This must match what's in
    37. 

  37. \fBpackage\.json\fP\|\.
    38. 

  38. .SS version
    39. 

  39. .P
    40. 

  40. The version of the package this is a package\-lock for\. This must match what's in
    41. 

  41. \fBpackage\.json\fP\|\.
    42. 

  42. .SS lockfileVersion
    43. 

  43. .P
    44. 

  44. An integer version, starting at \fB1\fP with the version number of this document
    45. 

  45. whose semantics were used when generating this \fBpackage\-lock\.json\fP\|\.
    46. 

  46. .SS packageIntegrity
    47. 

  47. .P
    48. 

  48. This is a subresource
    49. 

  49. integrity \fIhttps://w3c\.github\.io/webappsec/specs/subresourceintegrity/\fR value
    50. 

  50. created from the \fBpackage\.json\fP\|\. No preprocessing of the \fBpackage\.json\fP should
    51. 

  51. be done\. Subresource integrity strings can be produced by modules like
    52. 

  52. \fBssri\fP \fIhttps://www\.npmjs\.com/package/ssri\fR\|\.
    53. 

  53. .SS preserveSymlinks
    54. 

  54. .P
    55. 

  55. Indicates that the install was done with the environment variable
    56. 

  56. \fBNODE_PRESERVE_SYMLINKS\fP enabled\. The installer should insist that the value of
    57. 

  57. this property match that environment variable\.
    58. 

  58. .SS dependencies
    59. 

  59. .P
    60. 

  60. A mapping of package name to dependency object\.  Dependency objects have the
    61. 

  61. following properties:
    62. 

  62. .SS version
    63. 

  63. .P
    64. 

  64. This is a specifier that uniquely identifies this package and should be
    65. 

  65. usable in fetching a new copy of it\.
    66. 

  66. .RS 0
    67. 

  67. .IP \(bu 2
    68. 

  68. bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes\.
    69. 

  69. .IP \(bu 2
    70. 

  70. registry sources: This is a version number\. (eg, \fB1\.2\.3\fP)
    71. 

  71. .IP \(bu 2
    72. 

  72. git sources: This is a git specifier with resolved committish\. (eg, \fBgit+https://example\.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e\fP)
    73. 

  73. .IP \(bu 2
    74. 

  74. http tarball sources: This is the URL of the tarball\. (eg, \fBhttps://example\.com/example\-1\.3\.0\.tgz\fP)
    75. 

  75. .IP \(bu 2
    76. 

  76. local tarball sources: This is the file URL of the tarball\. (eg \fBfile:///opt/storage/example\-1\.3\.0\.tgz\fP)
    77. 

  77. .IP \(bu 2
    78. 

  78. local link sources: This is the file URL of the link\. (eg \fBfile:libs/our\-module\fP)
    79. 

  79. 

  80. .RE
    81. 

  81. .SS integrity
    82. 

  82. .P
    83. 

  83. This is a Standard Subresource
    84. 

  84. Integrity \fIhttps://w3c\.github\.io/webappsec/specs/subresourceintegrity/\fR for this
    85. 

  85. resource\.
    86. 

  86. .RS 0
    87. 

  87. .IP \(bu 2
    88. 

  88. For bundled dependencies this is not included, regardless of source\.
    89. 

  89. .IP \(bu 2
    90. 

  90. For registry sources, this is the \fBintegrity\fP that the registry provided, or if one wasn't provided the SHA1 in \fBshasum\fP\|\.
    91. 

  91. .IP \(bu 2
    92. 

  92. For git sources this is the specific commit hash we cloned from\.
    93. 

  93. .IP \(bu 2
    94. 

  94. For remote tarball sources this is an integrity based on a SHA512 of
    95. 

  95. the file\.
    96. 

  96. .IP \(bu 2
    97. 

  97. For local tarball sources: This is an integrity field based on the SHA512 of the file\.
    98. 

  98. 

  99. .RE
    100. 

  100. .SS resolved
    101. 

  101. .RS 0
    102. 

  102. .IP \(bu 2
    103. 

  103. For bundled dependencies this is not included, regardless of source\.
    104. 

  104. .IP \(bu 2
    105. 

  105. For registry sources this is path of the tarball relative to the registry
    106. 

  106. URL\.  If the tarball URL isn't on the same server as the registry URL then
    107. 

  107. this is a complete URL\.
    108. 

  108. 

  109. .RE
    110. 

  110. .SS bundled
    111. 

  111. .P
    112. 

  112. If true, this is the bundled dependency and will be installed by the parent
    113. 

  113. module\.  When installing, this module will be extracted from the parent
    114. 

  114. module during the extract phase, not installed as a separate dependency\.
    115. 

  115. .SS dev
    116. 

  116. .P
    117. 

  117. If true then this dependency is either a development dependency ONLY of the
    118. 

  118. top level module or a transitive dependency of one\.  This is false for
    119. 

  119. dependencies that are both a development dependency of the top level and a
    120. 

  120. transitive dependency of a non\-development dependency of the top level\.
    121. 

  121. .SS optional
    122. 

  122. .P
    123. 

  123. If true then this dependency is either an optional dependency ONLY of the
    124. 

  124. top level module or a transitive dependency of one\.  This is false for
    125. 

  125. dependencies that are both an optional dependency of the top level and a
    126. 

  126. transitive dependency of a non\-optional dependency of the top level\.
    127. 

  127. .P
    128. 

  128. All optional dependencies should be included even if they're uninstallable
    129. 

  129. on the current platform\.
    130. 

  130. .SS requires
    131. 

  131. .P
    132. 

  132. This is a mapping of module name to version\.  This is a list of everything
    133. 

  133. this module requires, regardless of where it will be installed\.  The version
    134. 

  134. should match via normal matching rules a dependency either in our
    135. 

  135. \fBdependencies\fP or in a level higher than us\.
    136. 

  136. .SS dependencies
    137. 

  137. .P
    138. 

  138. The dependencies of this dependency, exactly as at the top level\.
    139. 

  139. .SS See also
    140. 

  140. .RS 0
    141. 

  141. .IP \(bu 2
    142. 

  142. npm help shrinkwrap
    143. 

  143. .IP \(bu 2
    144. 

  144. npm help shrinkwrap\.json
    145. 

  145. .IP \(bu 2
    146. 

  146. npm help package\-locks
    147. 

  147. .IP \(bu 2
    148. 

  148. npm help package\.json
    149. 

  149. .IP \(bu 2
    150. 

  150. npm help install
    151. 

  151. 

  152. .RE
    153.