How to generate a package-lock.json file [4 ways] | bobbyhadz (2024)

# Table of Contents

1. How to generate a package-lock.json file without running npm install
2. Generating a new package-lock.json file by running npm install
3. Using the --package-lock option to generate a package-lock.json file
4. Make sure you haven't added your package-lock.json file to .gitignore
5. Generating an npm-shrinkwrap.json file

# How to generate a package-lock.json file without running npm install

Use the npm install --package-lock-only command to generate apackage-lock.json file without running npm install.

The --package-lock-only option only updates the package-lock.json fileinstead of checking your node_modules folder and downloading dependencies.

Open your terminal in your project's root directory (where your package.jsonfile is) and issue the following command.

Copied!
npm install --package-lock-only

When the--package-lock-onlyargument is set, a package-lock.json file is generated if it doesn't alreadyexist.

If the file exists, it is updated.

Note that the command doesn't check your node_modules folder and doesn'tdownload dependencies.

If you need to generate a package.json file, issue the npm init -y command.

Copied!
npm init -y

The command will generate a new package.json file if it doesn't already exist.

If the file exists, its contents are printed to the terminal.

# Generating a new package-lock.json file by running npm install

You can also run thenpm install command toautomatically generate a new package-lock.json file.

Copied!
npm install

The package-lock.json file is automatically generated for all operations thatmodify your node_modules directory or your package.json file.

The npm update command canalso be used to generate or update package-lock.json.

Copied!
npm update

# Using the --package-lock option to generate a package-lock.json file

If you aren't able to generate a package-lock.json file, you might havedisabled the package-lock configuration in your ~/.npmrc file.

You can force generate a package-lock.json file by setting the--package-lock argument when issuing npm install.

Copied!
npm install --package-lock

The command will force generate a package-lock.json file even if thepackage-lockconfiguration key is set to false.

When the package-lock key is set to false, then the package-lock.json fileis ignored when installing modules.

You can view your current value of the package-lock key by issuing thefollowing command.

Copied!
npm config get package-lock

If you want to disable the package-lock key, set it to false by issuing thefollowing command.

Copied!
# disable generating/updating package-lock.json filenpm config set package-lock false

Conversely, if you want to enable the package-lock key, set it to true.

Copied!
# enable generating/updating package-lock.json filenpm config set package-lock true

You might also have the view your global setting of the package-lock key byusing the --global argument.

Copied!
npm config --global get package-lock

If you need to update the value of the global package-lock key, use either ofthe following commands.

Copied!
# disable generating/updating package-lock.json filenpm config --global set package-lock false# enable generating/updating package-lock.json filenpm config --global set package-lock true

You can also manually check the values in your NPM configuration files.

You can view where your user NPM config file is located by issuing the followingcommand.

Copied!
npm config get userconfig

And you can view where your global NPM config file is located by issuing thefollowing command.

Copied!
npm config get globalconfig

# Make sure you haven't added your package-lock.json file to .gitignore

Note that your package-lock.json file should be committed to your remoterepository.

If you have the file in your .gitignore file, make sure to remove it.

The package-lock.json file is used to:

• describe your dependencies as a tree, so the same dependencies can beinstalled by multiple people, on multiple machines.
• enable you to go to previous states of your node_modules directory withouthaving to commit node_modules to git.
• optimize the installation process of modules.

# Generating an npm-shrinkwrap.json file

You might have seen that some repositories use a npm-shrinkwrap.json fileinstead of package-lock.json.

The files are very similar and have the same format, however,npm-shrinkwrap.json is published to the NPM registry and package-lock.jsonis not.

The package-lock.json file is ignored if it is found in any other locationthan the root directory.

The npm-shrinkwrap.json file is most commonly used when deploying a CLI toolor when producing production packages.

If you need to generate an npm-shrinkwrap.json file, issue the followingcommand.

Copied!
npm shrinkwrap

If your project has both package-lock.json and npm-shrinkwrap.json, thennpm-shrinkwrap.json takes precedence and package-lock.json is ignored.

# Additional Resources

You can learn more about the related topics by checking out the followingtutorials:

• Could not proxy request from localhost:3000 to http://localhost:5000
• Fix Error while fetching extensions. XHR failed in VS Code
• npm ERR! code ENOENT syscall open error [Solved]
• Cannot read properties of null (reading 'pickAlgorithm')
• npm install hangs on 'sill idealTree buildDeps' [Solved]
• React: Could not find a required file. Name: index.html
• The 'npm audit fix' command not working [Solved]
• How to add comments to your package.json file
• npm install doesn't install devDependencies issue [Solved]
• npm should be run outside of the Node.js REPL, in your normal shell
• How to set environment variables in package.json
• Get the version number from package.json in Node.js code
• NPM: View the dependency tree of a project or an NPM module
• E401 Unable to authenticate, your authentication token seems to be invalid