Do I need both package-lock.json and package.json?

npm package.json npm-install package-lock.json

Solution 1:

Do you need both package-lock.json and package.json? No.

Do you need the package.json? Yes.

Can you have a project with only the package-lock.json? No.

The package.json is used for more than dependencies - like defining project properties, description, author & license information, scripts, etc. The package-lock.json is solely used to lock dependencies to a specific version number.

Solution 2:

package-lock.json: records the exact version of each installed package which allows you to re-install them. Future installs will be able to build an identical dependency tree.

package.json: records the minimum version you app needs. If you update the versions of a particular package, the change is not going to be reflected here.

Solution 3:

If your question is if lock file should be committed to your source control - it should. It will be ignored under certain circumstance.

I found it bloating pull requests and commit history, so if you see it change, do a separate commit for it.

Solution 4:

 Package.json vs Package.lock.json

enter image description here

enter image description here

Solution 5:

A more accurate and detailed explanation of the reason behind keeping package-lock.json can be found here

Related

Python __str__ versus __unicode__
Why is String.chars() a stream of ints in Java 8?
How to check a string for specific characters?
Why does Python code use len() function instead of a length method?
HttpClient - A task was cancelled?
How to clone a case class instance and change just one field in Scala?
How do I create a nice-looking DMG for Mac OS X using command-line tools?
Any way to exit bash script, but not quitting the terminal
JavaScript Chart Library
How to filter keys of an object with lodash?
Is there a way to call a stored procedure with Dapper?
Shell script "for" loop syntax