package-lock.json is a file that is generated when we try to install the node. It is generated by the Node Package Manager(npm). package-lock.json will ensure that the same versions of packages are installed.
It contains the name, dependencies, and locked version of the project. It will check that same versions are installed for the different users so that errors can be prevented (Dependency locking).
Table of Content
Steps to get package-lock.json file :
Step 1: Check the version of node and npm to verify that it is installed in our system.
node -v
npm -v
The above command will display the version of the node installed.
Step 2: Now open Visual Studio Code. Click on Create New File and name it with .js extension. ( Example: index.js) .
Within that, open the terminal/command line and execute the below command.
npm init -y
Step 3: Install the required dependencies for the project.
npm i express
The common method of starting a package is npm init. After doing this, a package.json file is created. But when we install a express, we can notice the package-lock.json file (usually very long) gets automatically created.
Output: The output will be the package-lock.json file with a long descriptions. Since we are installing express , the package-lock.json will show the dependencies of express.
Properties of package-lock.json :
From the above output image consider first few lines . Let’s describe some of them.
- name: The name of your package.
- description: The purpose of your package.
- dependencies: It contains dependencies which would be required by your package to work.
- version : The version which the package corresponds to
- license: Name of the license used
Key Features of package-lock.json:
- Only the verified and secured versions are found in package – lock.json can be installed. This offers a high security preventing from other malicious downloads.
- It provides a faster installation of dependencies .
- It uses same version of dependencies in a project and assure a consistent working behaviour
- It ensures that the same dependencies are installed at the same version every time leading to a standard deployment and development.
Best Practices of package-lock.json:
- To get the package – lock . json file , use npm CLI for installation. It will download the necessary version thereby preventing unknown installations.
- We should not edit the package -lock.json file manually . It can be adjusted through package.json file and package-lock.json gets automatically downloaded
- Check for updated versions and update the dependencies to prevent from errors . This can be done using ‘npm update command’.
Difference between package.json vs package-lock.json:
|
package.json |
package-lock.json |
|---|---|
|
It displays the basic information about the project |
It describe a exact tree structures that allow to download identical trees |
|
It is required for every project. |
It is automatically generated when installing node modules |
|
It contains information such as name, description, author, script, and dependencies. |
It contains the name, dependencies, and locked version of the project. |