npm notice created a lockfile as package-lock.json. You should commit this file

Question

I have been trying to load the skeleton of express with npm install express. It outputs the following line:

npm notice created a lockfile as package-lock.json. You should commit this file.

What should I do in order to load the template ejs and css engine automatically?

zoecarver · Answer 1 · 2018-04-29T00:49:46.003

33

Yes. You should add this file to your version control system, i.e. You should commit it.

This file is intended to be committed into source repositories

You can read more about what it is/what it does here:

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

edited Apr 29 '18 at 00:49

answered Jun 03 '17 at 20:33

zoecarver

5,523
2
26
56

17

how do i commit the file – Venkateshreddy Pala Jun 05 '17 at 15:53
4

I assume your are talking about git: 1. `git add -A` 2. `git commit -m "text here"` 3. `git push -u origin master` – zoecarver Jun 05 '17 at 16:59
26

The message should be more clear, e.g. "You should add this file to your version control system." – Stephan Windmüller Jul 18 '17 at 06:44
3

@StephanWindmüller And if there is no version control (for the moment, I am not using node for anything other than personal use), can I just delete the `package-lock.json` file? – Mike Williamson Aug 02 '17 at 17:02
1

@MikeWilliamson From what I know about the file, I would say: Just delete it. But at least think about some local version control, "git init" does not cost much. – Stephan Windmüller Aug 04 '17 at 17:55
1

@StephanWindmüller Thanks! Yes, I know git very well. I just didn't need it for my tasks. (I'm not a fan of using git as basically just a "back up drive", as I have an actual external hard drive as backup, and if that's all I need it for, Apple's Time Machine is easier to use than git.) – Mike Williamson Aug 09 '17 at 16:19
12

@MikeWilliamson _"if there is no version control (for the moment, I am not using node for anything other than personal use)"_ -- with over 30 years of professional programming experience, I say ... Always use version control. Always. Even for tiny personal-use projects. Backups and version control are two separate things. – Stephen P Aug 22 '17 at 20:38
but, the third command by pudity tries to put the file to the parse-community. is that necessary for everyday commits? – nyxee Sep 12 '17 at 06:35
VCS is not about backup. Even when I'm the only one on personal project I use VCS and have atomic commits and use branches. It's better to know what I was doing and be able to revert something. You should not delete the lock file. It's there so next install will not give you different version. Version 3.1.* can give you some package one day and different the next day. – martin.malek Nov 03 '17 at 10:41
1

I am perplexed. I did an "npm install" from a remote git repository which I might not have write access to. The install is the distribution process. That's it. After the install the application is run without further ado. Assume there is no "git" on the local machine, aside from what is require to install from a remote repo. How does committing this file even make sense? – Michael Nov 27 '17 at 23:14
@Michael I am not sure I understand what you are asking. If you do not have write access to the repo you do not need to worry about committing anything. – zoecarver Nov 28 '17 at 02:05
@pudility what if he's using Subversion? or CVS? or Mercurial? – kmiklas Dec 12 '17 at 23:18
2

there still is not an answer on why we should be committing this file? – Alex Gordon Apr 19 '18 at 18:29
I have real trouble with this as an error. I understand why you would want to commit this file, and I agree with that. The problem is, we have a CI build pipeline that pulls in code from a bunch of different development teams, and those teams are on different versions of node/npm, including older ones, before package-lock.json existed. It's not like I can do a commit from pipeline - nor even would I want to. It's failing the pipeline because of this. – fool4jesus Jan 10 '19 at 13:28
Because it locks the version of each and every package which you are using in your app and when you run `npm install` it install the exact same version in your node_modules folder. This is important becasue let say you are using bootstrap 3 in your application and if there is no package-lock.json file in your project then `npm install` will install bootstrap 4 which is the latest and you whole app ui will break due to version mismatch. – Neha Sharma Jul 01 '19 at 12:15
This stuff is so badly explained. I want to use @scenejs/render to convert a CSS/SVG animation to video, following mattumotu's suggestion on https://superuser.com/questions/434649/how-to-take-a-css-animation-from-a-browser-and-export-a-gif-of-it , and the instructions on https://www.npmjs.com/package/@scenejs/render . I tried installing @scenejs/render as per the latter link. It gave me the same error as named in the title of this question. I'm an animator: I'm not interested in using npm for any other purpose, and I don't have or need a version-control system, at least not for this work. – Phil van Kleur Nov 20 '20 at 10:23
So why is npm telling me (at least the comments suggest it is) that I need to dig into its internals to get it to work? Can't it just install quietly and without fuss, in the same way that Gimp, say, does? This is so %@$&*! frustrating. – Phil van Kleur Nov 20 '20 at 10:25

score 3 · Answer 2 · answered May 05 '19 at 10:55

3

You can update the existing package-lock.json file instead of creating a new one. Just change the version number to a different one.

{ "name": "theme","version": "1.0.1", "description": "theme description"}

answered May 05 '19 at 10:55

Rahul Mankar

114
1
11

This worked for me, because the project created by ng scaffolding, the version defaults to 0.0.0 – januw a Feb 08 '20 at 03:59

score 1 · Answer 3 · answered Jul 01 '19 at 12:16

Yes you should, As it locks the version of each and every package which you are using in your app and when you run npm install it install the exact same version in your node_modules folder. This is important becasue let say you are using bootstrap 3 in your application and if there is no package-lock.json file in your project then npm install will install bootstrap 4 which is the latest and you whole app ui will break due to version mismatch.

score 0 · Answer 4 · answered Sep 24 '18 at 00:27

It should also be noted that one key detail about package-lock.json is that it cannot be published, and it will be ignored if found in any place other than the top level package. It shares a format with npm-shrinkwrap.json(5), which is essentially the same file, but allows publication. This is not recommended unless deploying a CLI tool or otherwise using the publication process for producing production packages.

If both package-lock.json and npm-shrinkwrap.json are present in the root of a package, package-lock.json will be completely ignored.

score 0 · Answer 5 · answered Jan 06 '19 at 10:14

Yes it is wise to use a version control system for your project. Anyway, focusing on your installation warning issue you can try to launch npm install command starting from your root project folder instead of outside of it, so the installation steps will only update the existing package-lock.json file instead of creating a new one. Hope this helps.

score 0 · Answer 6 · edited Dec 26 '19 at 19:33

0

Check for package-lock.json file at C:\Windows\system32.

If it doesn't exist, run cmd as admin and execute the following commands:

Set EXPO_DEBUG=true
npm config set package-lock false
npm install

edited Dec 26 '19 at 19:33

mjuarez

16,372
11
56
73

answered Jun 30 '19 at 12:35

antorpramanik

1
1

score 0 · Answer 7 · answered Mar 19 '20 at 07:42

0

came out of this issue by changing the version in package.json file and also changing the name of the package and finally deleted the package-lock.json file

answered Mar 19 '20 at 07:42

Abhishek

528
6
17

score 0 · Answer 8 · answered Oct 14 '20 at 15:18

0

If this is output from a Dockerfile then you don't want / need to commit it.

However you will want to tag the base image and any other contributing images / applications.

E.g.

FROM node:12.18.1

answered Oct 14 '20 at 15:18

Snowcrash

80,579
89
266
376

score 0 · Answer 9 · answered Jan 14 '21 at 15:11

0

I had same issue and the solution was to rename name field in package.json (remove white spaces)

answered Jan 14 '21 at 15:11

Max Zavodniuk

79
1
7

score 0 · Answer 10 · answered Aug 07 '21 at 11:49

Simply follow below steps to overcome this issue.

copy and paste package.json and package-lock.json from some other project, later on you can change/delete the dependencies which you won't require in your project.
now run npm install command.

Voilla!!, you got it.

npm notice created a lockfile as package-lock.json. You should commit this file

10 Answers10

Linked