问题
I'm looking for an equivalent for yarn's --pure-lockfile flag.
This flag is useful when installing dependencies in CI, when you want it to read your lockfile but not modify it.
Does npm v5 have an equivalent?
回答1:
npm 5.7 introduced the npm ci subcommand:
the main differences between using
npm installandnpm ciare:
- The project must have an existing
package-lock.jsonornpm-shrinkwrap.json.- If dependencies in the package lock do not match those in
package.json,npm ciwill exit with an error, instead of updating the package lock.npm cican only install entire projects at a time: individual dependencies cannot be added with this command.- If a
node_modulesis already present, it will be automatically removed beforenpm cibegins its install.- It will never write to
package.jsonor any of the package-locks: installs are essentially frozen.
回答2:
this is how I did in my dockerfile
RUN npm install --pure-lockfile
it should work perfect.
来源:https://stackoverflow.com/questions/44800747/npm5-equivalent-to-yarns-pure-lockfile-flag