package.json
package.json
and look like this (example from an angular app):package.json
you can declare a dependency using certain matchers:'4.2.4'
matches exactly version 4.2.4'~4.2.4
matches the latest 4.2.x version'^4.2.4
matches the latest 4.x.x version'latest'
matches the very latest version'>4.2.4'
/ '<=4.2.4'
matches the latest version greater than / less or equal to 4.2.4)*
matches any version.~
and ^
provide a mechanism to declare a dependency to a range of versions instead of a specific version. This can be very dangerous, since the maintainer of your dependency might update to a version that does no longer workwith your application. The next time you build your app, it might fail - and the reasons for that failure will bevery hard to find.package-lock.json
package.json
and define the exact versions of the dependencies I’m using.npm install
, npm automatically generates a file called package-lock.json
which contains alldependencies with the specific versions that were resolved at the time of the call. Future calls of npm run build
will then use those specific versions instead of resolving any version ranges.package-lock.json
into version control and you will have stable builds.package-lock.json
? Or the versions in package-lock.json
are not honored when callingnpm run build
? Make sure that your NPM version is 5 or above and if it isn’t, call npm install npm@latest
(you may also provide a specific version to npm install
, if you prefer :)).