Is there a way to force npm to generate package-lock.json?

Asked 9/10, 2017 at 19:39 Answered 16/3, 2022 at 19:55

417

I deleted it by accident and have made many changes to package.json since. An npm install or npm update do not generate package-lock.json anymore. I tried clearing my npm cache and my nvm cache, but nothing seems to be working. I tried it on several versions of Node.js (6.10.3 Node.js - 3.10.10 npm is what I would like it to work on), and it doesn't work on any.

Is there a way to force npm to generate the package-lock.json file?

Gastrolith answered 9/10, 2017 at 19:39 Comment(6)

I think package-lock.json is specific to npm 5 – Aloysia 9/10, 2017 at 19:44

package-lock.json is generating automatically by default in npm starting from v5, in the previous versions, the lock file name was npm-shrinkwrap.json and it was generated manually using npm shrinkwrap command. – Wilone 9/10, 2017 at 19:49

@BrettMerrifield Thank you! That was my problem. I updated to node 8.6.0 and with it npm 5.3.0 and it worked. – Gastrolith 9/10, 2017 at 19:49

Check your .gitignore. I accidentally had package-lock.json in the .gitignore somehow and because package-lock.json wasn't showing up in the git status it was throwing me off. – Packing 19/3, 2019 at 15:25

How do we achieve this with YARN ? – Sulfonate 2/6, 2023 at 7:48

yarn install --mode update-lockfile for yarn, pnpm i --lockfile-onlyfor pnpm, via #44438803 – Maniple 26/6, 2023 at 15:32

615

In npm 6.x and 7.x you can use

npm i --package-lock-only

According to the docs of npm v6, npm v7 or latest version:

The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.

Underwater answered 27/2, 2019 at 16:24 Comment(6)

This is the correct answer now, others are old and wont work. – Aegisthus 25/6, 2019 at 7:57

Any clue how to generate a package-lock.json without devDependencies? I need this for clean production installs. npm i --package-lock-only --only=production doesn't seem to work. – Brachio 13/5, 2020 at 15:7

I don't think it's possible to generate package-lock.json only for production dependencies. But if you run npm i --only=production it should install only production dependencies. So your build process could look like this: install all dependencies, build app, remove node_modules and install only production dependencies. – Underwater 14/5, 2020 at 14:23

This is very helpful if you want to move an older project away from yarn.lock. Thank you. – Coachman 15/10, 2021 at 22:10

Be sure you run the command listed in the answer and not npm i package-lock-only without the two dashes or you'll install a package named "package-lock-only." Guess how I found out? – Highline 7/10, 2022 at 21:40

This resolves a pretty frustrating issue when updating the import of private GH repos via SSH – Malapropos 7/3 at 12:1

245

By default, package-lock.json is updated whenever you run npm install. However, this can be disabled globally by setting package-lock=false in ~/.npmrc.

When the global package-lock=false setting is active, you can still force a project’s package-lock.json file to be updated by running:

npm install --package-lock

This command is the only surefire way of forcing a package-lock.json update.

Clapperclaw answered 13/5, 2018 at 6:6 Comment(7)

@RonNewcomb Can you share more information? What do you mean by "it doesn't work"? Which npm version are you using? – Clapperclaw 10/8, 2018 at 8:10

npm version 3.10.10 Node 6.10.3 The command you listed seems to be a no-op? Nothing happens. No error, no file change, nothing. – Bernettabernette 10/8, 2018 at 16:31

If you're using npm v3 for your project, you wouldn't have a package-lock.json. package-lock.json is only supported by npm v5+. – Clapperclaw 14/8, 2018 at 6:48

npm v 6.4.1 and this does not create package-lock.json – Duax 13/11, 2018 at 6:42

This used to not work for me (I have package-lock=false) but with npm v 6.5.0 it started properly generating the package-lock.json file. – Barretter 25/3, 2019 at 14:18

It works for me, in 6.4.1. Setting it to false also prevents it from creating one. – Ergocalciferol 5/4, 2019 at 15:57

npm 6.14.5 updates package-lock.json by npm install as expected. – Blackpoll 21/7, 2020 at 6:37

This is answered in the comments; package-lock.json is a feature in npm v5 and higher. npm shrinkwrap is how you create a lockfile in all versions of npm.

Telepathist answered 16/12, 2017 at 20:50 Comment(6)

note, however, that package-lock.jsons are not the exact same thing as shrinkwrap files. – Maladjusted 9/1, 2018 at 4:59

in npm 5+, they are, in fact, exactly the same, down to every detail, except for one thing: npm-shrinkwrap.json will be published to the registry, and package-lock.json will not. – Telepathist 9/1, 2018 at 9:20

Yep. That's a pretty important difference though, which is why I left my comment. – Maladjusted 9/1, 2018 at 18:19

npm shrinkwrap generates npm-shrinkwrap.json, but how do you generate package-lock.json ? – Millrun 30/3, 2018 at 22:22

It’s automatic in npm 5+, or you can force it in 5+ with --package-lock – Telepathist 31/3, 2018 at 2:41

@Millrun Just rename npm-shrinkwrap.json to package-lock.json. They have the same format. – Bowrah 30/4, 2020 at 16:49

If you're like me, you tried all the answers here and wondered why no package-lock.json was appearing in your Git "Changed Files". In this case, check to make sure nobody has added package-lock.json to the .gitignore in the past!

Not really a direct answer, but maybe it will help someone else who spent entirely too long on this 😅

Ornis answered 16/3, 2022 at 19:55 Comment(0)

As several answer explained the you should run:

npm i

BUT if it does not solve...

Check the version of your npm executable. (For me it was 3.x.x which doesn't uses the package-lock.json (at all))

npm -v

It should be at least 5.x.x (which introduced the package-lock.json file.)

To update npm on Linux, follow these instructions.

For more details about package files, please read this medium story.

Rudy answered 26/8, 2019 at 14:43 Comment(0)

When working with local packages, the only way I found to reliably regenerate the package-lock.json file is to delete it, as well as in the linked modules and all corresponding node_modules folders and let it be regenerated with npm i

Brannon answered 28/1, 2021 at 16:34 Comment(0)

-1

If your npm version is lower than version 5 then install the higher version for getting the automatic generation of package-lock.json.

Example: Upgrade your current npm to the version 6.14.0 (example - You can choose any other latest version)

npm i -g [email protected]

You could view the latest npm version list by

npm view npm versions

Adventure answered 6/5, 2020 at 5:38 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags