I deleted it by accident and have made many changes to package.json
since. An npm install
or npm update
do not generate package-lock.json
anymore. I tried clearing my npm cache and my nvm cache, but nothing seems to be working. I tried it on several versions of Node.js (6.10.3 Node.js - 3.10.10 npm is what I would like it to work on), and it doesn't work on any.
Is there a way to force npm to generate the package-lock.json
file?
package-lock.json
is generating automatically by default in npm starting from v5, in the previous versions, the lock file name was npm-shrinkwrap.json
and it was generated manually using npm shrinkwrap
command.
node 8.6.0
and with it npm 5.3.0
and it worked.
.gitignore
. I accidentally had package-lock.json
in the .gitignore
somehow and because package-lock.json
wasn't showing up in the git status
it was throwing me off.
In npm 6.x and 7.x you can use
npm i --package-lock-only
According to the docs of npm v6, npm v7 or latest version:
The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.
By default, package-lock.json
is updated whenever you run npm install
. However, this can be disabled globally by setting package-lock=false
in ~/.npmrc
.
When the global package-lock=false
setting is active, you can still force a project’s package-lock.json
file to be updated by running:
npm install --package-lock
This command is the only surefire way of forcing a package-lock.json
update.
package-lock.json
. package-lock.json
is only supported by npm v5+.
This is answered in the comments; package-lock.json
is a feature in npm
v5 and higher. npm shrinkwrap
is how you create a lockfile in all versions of npm
.
package-lock.json
s are not the exact same thing as shrinkwrap files.
npm-shrinkwrap.json
will be published to the registry, and package-lock.json
will not.
npm shrinkwrap
generates npm-shrinkwrap.json
, but how do you generate package-lock.json
?
--package-lock
As several answer explained the you should run:
npm i
BUT if it does not solve...
Check the version of your npm
executable. (For me it was 3.x.x which doesn't uses the package-lock.json
(at all))
npm -v
It should be at least 5.x.x (which introduced the package-lock.json file.)
To update npm
on Linux, follow these instructions.
For more details about package files, please read this medium story.
If you're like me, you tried all the answers here and wondered why no package-lock.json
was appearing in your Git "Changed Files". In this case, check to make sure nobody has added package-lock.json
to the .gitignore
in the past!
Not really a direct answer, but maybe it will help someone else who spent entirely too long on this 😅
When working with local packages, the only way I found to reliably regenerate the package-lock.json file is to delete it, as well as in the linked modules and all corresponding node_modules folders and let it be regenerated with npm i
If your npm version is lower than version 5 then install the higher version for getting the automatic generation of package-lock.json.
Example: Upgrade your current npm to the version 6.14.0 (example - You can choose any other latest version)
npm i -g npm@6.14.0
You could view the latest npm version list by
npm view npm versions
Success story sharing
npm i --package-lock-only --only=production
doesn't seem to work.package-lock.json
only for production dependencies. But if you runnpm i --only=production
it should install only production dependencies. So your build process could look like this: install all dependencies, build app, removenode_modules
and install only production dependencies.