Clever Geek Handbook

File kunci Npm

File kunci Npm



Halo! Di postingan terakhir, kami melihat ekosistem npm sebagai sumber kekacauan dalam proyek kami, dan belajar bagaimana memilih dependensi dengan bijak untuk meminimalkan risiko kami. Hari ini kita akan melanjutkan dan melihat file kunci npm yang membantu meningkatkan stabilitas proyek saat kita mengerjakannya.



Ketika manifesto tidak cukup



, npm ( package.json) , node_modules, .



node_modules, , , , . , , , . 100 %, , , .



npm , .



, semver, ? , , npm registry , . , , ( ) .



, , npm registry, . npm registry, . , , - ?



, , node_modules , .



, ( semver): , , . . , , , , .



, CI/CD , , . , ID Git ( Git-), ( ). , Git-, ID , . , (pure function): , , . node_modules Git, , npm. , , ( npm registry, npm . .). , npm CI/CD ID .



Lock-



, npm ( ) . : npm install, npm node_modules, package-lock.json. lock- , , URL npm registry, , SHA- . , lock- npm , .



npm install , lock- , lock-. , npm install ( ), node_modules. , lock- , npm , npm. npm , lock- , , , . - .



lock-, . , Git. CI/CD « ».



, , Git- , , . «, » (“it works on my machine”).



itu bekerja di mesin saya



package-lock.json



Npm lock- , npm registry npm. code review. Diff lock- , , , . , , - . , ( , , ).



package-lock.json , — express.



400 , , .


package-lock.json



{
  "name": "test",
  "version": "1.0.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "express": {
      "version": "4.17.1",
      "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
      "integrity": "sha512-mHJ9O79RqluphRr…7xlEMXTnYt4g==",
      "requires": {
        "debug": "2.6.9",
        "send": "0.17.1"
      }
    },
    "debug": {
      "version": "2.6.9",
      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
      "integrity": "sha512-bC7ElrdJaJnPbAP…eAPVMNcKGsHMA==",
      "requires": {
        "ms": "2.0.0"
      }
    },
    "ms": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
    },
    "send": {
      "version": "0.17.1",
      "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz",
      "integrity": "sha512-BsVKsiGcQMFwT8U…cNuE3V4fT9sAg==",
      "requires": {
        "debug": "2.6.9",
        "depd": "~1.1.2",
        "destroy": "~1.0.4",
        "encodeurl": "~1.0.2",
        "escape-html": "~1.0.3",
        "etag": "~1.8.1",
        "fresh": "0.5.2",
        "http-errors": "~1.7.2",
        "mime": "1.6.0",
        "ms": "2.1.1",
        "on-finished": "~2.3.0",
        "range-parser": "~1.2.1",
        "statuses": "~1.5.0"
      },
      "dependencies": {
        "ms": {
          "version": "2.1.1",
          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
          "integrity": "sha512-tgp+dl5cGk28utY…YaD/kOWhYQvyg=="
        }
      }
    }
  }
}


, . :



  • name version — , lock-.
  • lockfileVersion — , lock-. , npm - .
  • dependencies — ; , , — .


:



  • version — .
  • resolved — URL npm, .
  • integrity — SHA- ; , , , ( ). npm, , - . npm install .
  • requires — , ( dependencies ). , — semver.
  • dependencies — dependencies, . , , .
  • dev — true, ( ).




, express ( ) debug, , , ms@2.0.0. , send ms, 2.1.1. , node_modules ms ( ), , Node.js, . (ms@2.0.0), — send (ms@2.1.1). lock-. node_modules.



.





lock- , , . , . lock- .



lock- npm



lock-, - merge- Git. ( ), npm install: lock-.



lock- , merge- Git, npm. package-lock.json . , , , npm install.



merge- npm :



npx npm-merge-driver install -g


Git :



npm WARN conflict A git conflict was detected in package-lock.json.
Attempting to auto-resolve. Auto-merging package-lock.json


lock-



lock- - , npm lock-, . , npm install lodash, , npm , lock-. , npm , lock- .



, , , «» () lock-. , : npm install, npm lock-, , lock-, .



CI/CD



, npm lock- , lock- . , , CI/CD, - .



, npm npm ci. npm install, lock-. , lock-, npm ci , , ( Fail-fast). , npm ci node_modules , .



npm install CI/CD, npm ci . ! ( ).





lock- . , : package-lock.json npm registry. , npm (), lock- - . . : , ( ?) . .



Shrinkwrap



npm npm shrinkwrap. npm-shrinkwrap.json , lock-, . , , package-lock.json, npm . , , .



, , . , , Node.js, (, webpack, gulp, create-react-app . .). (npm i -g), shrinkwrap- , , . , , npm shrinkwrap. .



, npm-shrinkwrap.json package-lock.json. .



-



. , , . , ( shrinkwrap, , ).



, , , . , lock- , , ( ). npm update .



, lock- . , . , runtime- dev-. lock-, dev- - , .



, , CI/CD , lock-, . ( ) lock- ( CI/CD ).



…



lock- , , - . package-lock.json .gitignore npm, lock-. ( ) , . , - , , , . , , , , , .



, , , , .



!



, lock- , , , .



, . , . Diff lock- , . , . , , , , .



, , , . , ( , , ) (diff ).



, , , . : , .





, lock- npm. .



npm.



, , , , . , , .



- , , .



More articles:


All Articles