📌  相关文章
📜  npmrc package-lock (1)

📅  最后修改于: 2023-12-03 14:44:47.528000             🧑  作者: Mango

NPMRC and Package-lock

Introduction

When working with Node.js and NPM, you may come across two files called .npmrc and package-lock.json. These files are crucial to understanding how packages and dependencies work in Node.js/JavaScript.

NPMRC

.npmrc is a file used by NPM to configure settings. It is basically a configuration file that allows you to set various options for NPM to use. With .npmrc file, you can:

  • Define global settings that are applied to all your projects.
  • Set project-specific settings that only apply to specific projects.

You can create an .npmrc file in either the root of your project or your home directory (~/.npmrc). The settings you can configure in the .npmrc file includes:

  • registry: The server where NPM will look to download packages.
  • prefix: The directory where global packages will be installed.
  • proxy: Your proxy server settings for downloading packages.
  • https-proxy: Your secure proxy server settings for downloading packages.
  • strict-ssl: When running NPM commands with https enabled, this setting checks the validity of the SSL certificate presented by the server.

Here's an example .npmrc file that sets a specific registry to use:

registry=https://registry.npmjs.org/
Package-lock

package-lock.json is a file that is generated when you run npm install command. It is used to lock down versions of your dependencies and ensure that all contributors are using the same set of packages and their versions. It stores the exact version number of each package which is installed in your project.

When you add a new dependency to your project, the package-lock.json file will be updated to reflect the specific version number of the new dependency.

Here is an example of what package-lock.json might look like:

{
  "name": "my-project",
  "lockfileVersion": 1,
  "dependencies": {
    "async": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/async/-/async-3.1.0.tgz",
      "integrity": "sha512-U1P/YMp3zcnd4ualMsRPqF/+dZdWx+W//ZklZkNUZ4LaUk8Hl/gHECVPlFPwzqu+1ITOsX2D2hcrdslwekanA==",
      "requires": {
        "lodash": "^4.17.14"
      }
    },
    "lodash": {
      "version": "4.17.21",
      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
      "integrity": "sha512-v2kDEe57lecTulaDItnOCuN8LCN/eZeHNZ2PvipMIbgUB2Y4UaqOf9i1pgEPsMcCnxKQEditGXnn1uya1Ms913Q=="
    }
  }
}

You should include package-lock.json in your version control system so that all contributors will use the same versions of the packages.

Conclusion

.npmrc and package-lock.json are important files to understand when working with Node.js and NPM. .npmrc allows you to configure global and project-specific settings while package-lock.json ensures that all contributors are using the same set of packages and their versions.