概述
在 package-lock.json 文件中,requires 和 dependencies 中的依赖到底有什么区别和联系呢?
"core-js-compat": {
"version": "3.12.1",
"resolved": "https://......",
"integrity": "sha1-LDAsRwhQX6cHKwrbUVbSb3gBoYs=",
"dev": true,
"requires": {
"browserslist": "^4.16.6",
"semver": "7.0.0"
},
"dependencies": {
"semver": {
"version": "7.0.0",
"resolved": "https://...",
"integrity": "sha1-XzyjV2HkfgWyBsba/yz4FPAxa44=",
"dev": true
}
}
},
参考链接
问题描述
In package-lock.json in dependency object, I have both requires and dependencies fields, e.g
"requires": {
"@angular-devkit/core": "0.8.5",
"rxjs": "6.2.2",
"tree-kill": "1.2.0",
"webpack-sources": "1.3.0"
},
"dependencies": {
"rxjs": {
"version": "6.2.2",
"resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.2.2.tgz",
"integrity": "sha512-0MI8+mkKAXZUF9vMrEoPnaoHkfzBPP4IGwUYRJhIRJF6/w3uByO1e91bEHn8zd43RdkTMKiooYKmwz7RH6zfOQ==",
"dev": true,
"requires": {
"tslib": "1.9.3"
}
}
}
What is the difference between these two? Why some dependencies are listed in requires, other in dependencies, and some of them in both of these fields?
优质回答(一)
By default, npm installs all packages directly in node_modules.
However, let’s say that package X is dependent on package Z in version 1.0 and package Y is dependent on the same package Z, but in version 2.0. In this case we have to install two versions of this package. One will be installed in root node_modules folder, and another one will be installed in node_modules folder of dependant package, e.g.
package.json
node_modules
/X
/Y
/node_modules
/Z@2.0
/Z@1.0
Equally likely, npm could build a different, but still correct, package tree:
package.json
node_modules
/X
/node_modules
/Z@1.0
/Y
/Z@2.0
The package-lock.json file will attempt to describe not only the dependencies of your project, but this tree structure as well. Which of the two trees above to build will be encoded in the JSON.
With this knowledge, it’s easy to understand:
“requires” reflects dependencies from package.json file of this dependency, while dependencies reflects actually installed dependencies in node_modules folder of this dependency.
优质回答(二)
After reading the answers above. Maybe I can put it in a more simple way
requires can be shared by among all other top levels dependencies while dependencies are standalone, belonging only to the module require it
require 可以被所有其他顶级依赖所共享,而 dependencies 是独立的,只属于需要它的模块
i.e.
“@angular-devkit/core”: “0.8.5”,“tree-kill”: “1.2.0”, “webpack-sources”: “1.3.0” do not belong only to the module, they are in the same level as the module require them. By contrast, “rxjs”: “6.2.2” exist exclusively due to the module require it. And it is used only by the module
补充
package-lock.json 注意点:
以后直接改 package.json 文件相应模块的版本号,再执行 npm install 不会更新了(好可怕),只能手动用 npm install xxx@yy 指定版本号来安装,然后它会自动更新 package-lock.json 文件。
直接执行 npm install 时,如果不存在 package-lock.json 文件,它会根据安装模块后的 node_modules 目录结构来创建;如果已经存在 package-lock.json 文件,则它只会根据 package-lock.json 文件指定的结构来下载模块,并不会理会 package.json 文件。
(引用自以下《npm 5 package-lock.json 坑坑坑!!》博客)
- package.json 与 package-lock.json 的区别
- npm 5 package-lock.json 坑坑坑!!
最后
以上就是活泼火车为你收集整理的package-lock.json 文件的 requires VS dependencies的全部内容,希望文章能够帮你解决package-lock.json 文件的 requires VS dependencies所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复