How to update package-lock.json without doing npm install?
NpmNpm Problem Overview
Is it a way to update/generate package-lock.json
without making real install of node_modules
(like npm i
)? I just need a valid package-lock.json
based on my package.json
, that's it.
You (or your colleagues) might use yarn
locally, when CI server uses npm
. It's probably not a best practice, but still might be for some reasons.
In a perfect world I'd like to have a command to update package-lock.json
Npm Solutions
Solution 1 - Npm
npm
As of npm 6.x, you can use the following command:
npm i --package-lock-only
Documentation (https://docs.npmjs.com/cli/install.html) says:
> The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.
yarn
As of Sep. 10, 2019: yarn doesn't seem to support generating a lock-file without installing the modules. Relevant GitHub issue: https://github.com/yarnpkg/yarn/issues/5738
Solution 2 - Npm
I don't have enough reputation to comment, so just add an answer :)
In addition to Teh's answer, for Yarn now you can:
yarn install --mode update-lockfile
Documentation: https://yarnpkg.com/cli/install#options-mode%20%230
> update-lockfile
will skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.