如何在不进行 npm 安装的情况下更新 package-lock. json?

提问

在不真正安装 node_modules的情况下更新/生成 package-lock.json的方法是什么(npm install所做的) ?

我只想要一个有效的 package-lock.json基于我的 package.json,就是这样。

动机

当 CI 服务器使用 npm时,您可以在本地使用 yarn。这可能不是最佳实践,但仍可以作为一个临时解决方案。

额外的问题 : yarn也是一样。是否有可能在不进行实际安装的情况下生成 yarn-lock.json

100641 次浏览
小开
最佳答案

npm

As of npm 6.x, you can use the following command:

npm i --package-lock-only

Documentation (https://docs.npmjs.com/cli/install.html) says:

The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.

yarn

As of yarn 3.0.0, you can use the following command:

yarn install --mode update-lockfile

Documentation (https://yarnpkg.com/cli/install#options-mode%20%230) says:

If the --mode=<mode> option is set, Yarn will change which artifacts are generated.

update-lockfile will skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.

As of Sep. 10, 2019: yarn doesn't seem to support generating a lock-file without installing the modules. Relevant GitHub issue: https://github.com/yarnpkg/yarn/issues/5738

小开

I don't have enough reputation to comment, so just add an answer :)

In addition to Teh's answer, for Yarn now you can:

yarn install --mode update-lockfile

Documentation: https://yarnpkg.com/cli/install#options-mode%20%230

update-lockfile will skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.


提交答案