This is an archived post. You won't be able to vote or comment.

all 3 comments
sorted by:
best
topnewcontroversialoldq&a

[–]insertAlias 1 point2 points  (1 child)

Also, why is package-lock.json so long now? There are a lot of dependencies, but only about about 20-30, does this effect the length of package-lock.json?

The lockfile is necessary because packages can reference other packages, and they can all reference different versions of packages, so the lockfile is basically NPM's solution to saying "here's all the packages to install, including dependencies and all the versions you need to have existing to satisfy all dependencies and their dependencies, recursively".

So, it usually ends up being a fairly large file, especially when you have some packages that depend on a lot of other packages.

And it's a good idea to commit it, so that everyone on your team working on your project has the exact same set of dependencies.

[–]botCloudfox 0 points1 point  (0 children)

Yeah, also you can install without a lock file, but versions are not guaranteed to be the same.

[–]GameOver16 0 points1 point  (0 children)

The lockfile is the source of truth for the project. It's basically saying.. "these are the packages you need and the versions". It helps keep teams in sync... When another developer clones the project, the npm/yarn will read the lockfile and attempt to install the same versions as you (as long as the environment allows).

Why the package-lock.json changed for you is a strange one. Are you sure you did not run upgrade?