Is there any way to fix package-lock.json lockfileVersion so npm uses a specific format?

by

Is there any way to specify to newer versions of npm to only use "lockfileVersion": 1? Or do we just have to get all devs on the same version of npm?

I will advise you to pin the Node/NPM version and align it across your environments (development, staging, and production).

you can leverage nvm for managing Node version by adding to your project .nvmrc file (don’t forget to store it in your source control).

for instance, .nvmrc will look like:

$ cat .nvmrc
14.15.0

then, you can use nvm install && nvm use to use the pinned version of Node.

NPM also supports engines:

You can specify the version of node that your stuff works on:

{ "engines" : { "node" : ">=0.10.3 <0.12" } }

And, like with dependencies, if you don’t specify the version (or if you specify “*” as the version), then any version of Node will do.

If you specify an “engines” field, then npm will require that “node” be somewhere on that list. If “engines” is omitted, then npm will just assume that it works on Node.

You can also use the “engines” field to specify which versions of npm are capable of properly installing your program. For example:

{ "engines" : { "npm" : "~1.0.20" } }

Unless the user has set the engine-strict config flag, this field is advisory only and will only produce warnings when your package is installed as a dependency.

When utilizing the engines field and make npm fail when the version constraints are unmet, set engine-strict=true (since it is false by default) in .npmrc file or as an npm_config_engine_strict=true environment variable

If set to true, then npm will stubbornly refuse to install (or even consider installing) any package that claims to not be compatible with the current Node.js version.

This can be overridden by setting the –force flag.

Another approach is to use a Docker container as a runtime environment for development and execution, which implies that you neither need to install Node, nor NPM. e.g.

$ mkdir my-project
$ cd my-project
$ docker run --rm -it -v $PWD:/app --entrypoint /bin/bash --workdir /app node:14.15.0
root@4da6ee3c2ac0:/app# npm init -y
Wrote to /app/package.json:

{
  "name": "app",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}


root@4da6ee3c2ac0:/app# npm install
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

up to date in 1.694s
found 0 vulnerabilities

root@4da6ee3c2ac0:/app# exit
exit
$ ls -x1
package-lock.json
package.json

As you can see, with neither Node, nor NPM:

  1. Created a new directory for a fresh project
  2. Spun up a Node Docker container, which comes with Node and NPM
  3. Created a new project (npm init -y)
  4. Exited the Docker container
  5. Listed the files within the working directory, where the container was spun

Since the docker run command above is long, you might wish to leverage docker-compose for a more streamlined workflow.

More Related Contents:

  1. Why does “npm install” rewrite package-lock.json?
  2. Why does `package-lock.json` causes a failure in a docker container build when `npm install`?
  3. How do I fix a vulnerable npm package in my package-lock.json that isn’t listed in the package.json?
  4. how to specify local modules as npm package dependencies
  5. NPM run * doesn’t do anything
  6. NPM global install “cannot find module”
  7. npm not working – “read ECONNRESET”
  8. How to include scripts located inside the node_modules folder?
  9. How can I make multiple projects share node_modules directory?
  10. Command to remove all npm modules globally
  11. nvm keeps “forgetting” node in new terminal session
  12. npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents
  13. npm install errors with Error: ENOENT, chmod
  14. How can I change the version of npm using nvm?
  15. Angular 6 many Can’t resolve errors (crypto, fs, http, https, net, path, stream, tls, zlib)
  16. Install dependencies globally and locally using package.json
  17. Deleting `package-lock.json` to Resolve Conflicts quickly
  18. Node package ( Grunt ) installed but not available
  19. Laravel 5.4 ‘cross-env’ Is Not Recognized as an Internal or External Command
  20. How to set npm credentials using `npm login` without reading from stdin?
  21. How to resolve Nodejs: Error: ENOENT: no such file or directory
  22. `npm install` fails on node-gyp rebuild with `gyp: No Xcode or CLT version detected!`
  23. npx command not found
  24. When I run `npm install`, it returns with `ERR! code EINTEGRITY` (npm 5.3.0)
  25. What does -save-dev mean in npm install grunt –save-dev
  26. Node JS NPM modules installed but command not recognized
  27. How to Reinstall Broken npm
  28. How to deploy Node.js application with deep node_modules structure on Windows?
  29. How to install npm package while offline?
  30. What could cause an error related to npm not being able to find a file? No contents in my node_modules subfolder. Why is that?

Leave a Comment