The files have exactly the same content, but there are a handful of differences in how npm handles them, most of which are noted on the docs pages for package-lock.json and npm-shrinkwrap.json: package-lock.json is never published to npm, whereas npm-shrinkwrap is by default package-lock.json files that are not in the top-level package are ignored, but … Read more
Is there any way to specify to newer versions of npm to only use “lockfileVersion”: 1? Or do we just have to get all devs on the same version of npm? I will advise you to pin the Node/NPM version and align it across your environments (development, staging, and production). you can leverage nvm for … Read more
It sounds like Hoek is a dependency of one of your dependencies (so, a package you have in your package.json is requiring it from it’s own package.json). You’ve already tried deleting/reinstalling and updating your project dependencies without success, so it seems that the package dependency in question has an explicit or max version specified. Without … Read more
From your question: Note: npm install works fine on my local machine, just fails in docker container If you are using npm install, you are not sure to have the same version of dependencies. For having a reproducible environment, without unexpected issues because of different version of dependencies, you’d rather use npm ci (clean-install): This … Read more
Do you need both package-lock.json and package.json? No. Do you need the package.json? Yes. Can you have a project with only the package-lock.json? No. The package.json is used for more than dependencies – like defining project properties, description, author & license information, scripts, etc. The package-lock.json is solely used to lock dependencies to a specific … Read more
I just had the same problem. It’s related to release v6.0.0-rc.2, https://github.com/angular/angular-cli/releases: New configuration format. The new file can be found at angular.json (but .angular.json is also accepted). Running ng update on a CLI 1.7 project will move you to the new configuration. I needed to execute: ng update @angular/cli –migrate-only –from=1.7.4 This removed .angular-cli.json … Read more
Yes, it can and will affect all the project in really bad way. if your team does not run npm install after each git pull you all are using different dependencies’ versions. So it ends with “but it works for me!!” and “I don’t understand why my code does not work for you” even if … Read more
Update 3: As other answers point out as well, the npm ci command got introduced in npm 5.7.0 as additional way to achieve fast and reproducible builds in the CI context. See the documentation and npm blog for further information. Update 2: The issue to update and clarify the documentation is GitHub issue #18103. Update … Read more