Update: project.json
has been replaced with .csproj
as the main project file for .NET Standard projects. This question refers to the old system before the introduction of PackageReference in NuGet 4.0.
You may still occasionally see project.lock.json
as an artifact of the build process, but it should be ignored. Managing the NuGet packages that your .NET Standard/.NET Core project depends on should always be done by either
- Editing the
.csproj
file directly
- Using the dotnet CLI (
dotnet add package
, etc)
- Using the Package Manager GUI if you're using Visual Studio
Old answer for posterity: project.lock.json
is generated by the .NET tooling when you restore the project's packages. You shouldn't touch it or check it into source control. Edit project.json
directly.
During the package restore process (dotnet restore
), NuGet has to analyze the dependencies in your project, walk their dependency graphs, and figure out what packages should be installed for your project and your project's dependencies.
This is a non-trivial amount of work, so the results are cached in project.lock.json
to make subsequent restores faster and more efficient. The lock file will be regenerated if project.json
is modified and dotnet restore
is executed again.