What is project.lock.json?
Asked Answered
M

2

82

I followed the instruction to create new .NET Core project and ran this from cmd:

dotnet new
dotnet restore

The second statement creates project.lock.json that contains a lot of garbage (not really garbage but tons of dependencies, configurations etc.). I assume these dependencies is .NET framework that is broken down into separate NuGet packages.

My questions:

  1. Is my assumption correct?
  2. Can I make my application lighter by removing not needed NuGet packages/dependencies?
  3. How?
Mamba answered 28/6, 2016 at 1:18 Comment(4)
Why is this down voted? I believe NuGet is required for .net core apps. Otherwise, you may clone the packages locally and provide your own feed.Sickly
Usually, you don't touch the lock file. You would modify the project.json itself, and the lock file will update itself when you run the tools.Bensen
Your question #2 is a good one and deserves its own SO question in my opinion.Event
See Also: NuGet Docs: Project.json ReferenceMicrophyte
E
109

Update: project.json has been replaced with .csproj as the main project file for .NET Standard projects. This question refers to the old system before the introduction of PackageReference in NuGet 4.0.

You may still occasionally see project.lock.json as an artifact of the build process, but it should be ignored. Managing the NuGet packages that your .NET Standard/.NET Core project depends on should always be done by either

  • Editing the .csproj file directly
  • Using the dotnet CLI (dotnet add package, etc)
  • Using the Package Manager GUI if you're using Visual Studio

Old answer for posterity: project.lock.json is generated by the .NET tooling when you restore the project's packages. You shouldn't touch it or check it into source control. Edit project.json directly.

During the package restore process (dotnet restore), NuGet has to analyze the dependencies in your project, walk their dependency graphs, and figure out what packages should be installed for your project and your project's dependencies.

This is a non-trivial amount of work, so the results are cached in project.lock.json to make subsequent restores faster and more efficient. The lock file will be regenerated if project.json is modified and dotnet restore is executed again.

Event answered 28/6, 2016 at 2:4 Comment(2)
See Also: NuGet Docs: Project.json ReferenceMicrophyte
We are having very slow build times on Azure Devops. Looking at the logs the nuget restore is taking minutes. There were a couple of articles about using a cache. How do I get my build faster if ideally we shouldn't be doing this anymore?Microcline
E
2

Every so often, in our team, when someone updates some nuget, we have the same problem, the lock.json files doens't get updated, even running dotnet restore so, before applying the last choice (deleting them) I suggest run grunt from your command line. If that doesn't work, delete all the lock.json files and run dotnet restore, this is my favourite choice ;)

Eladiaelaeoptene answered 30/5, 2017 at 7:15 Comment(2)
What does grunt have to do with project.lock.json?Event
don't confuse package-lock.json with project.lock.jsonLineman

© 2022 - 2024 — McMap. All rights reserved.