npm 5忽略包锁
我想升级到npm 5并locking文件。
现在我有这个package.json:
{ "name": "typescript-test", "version": "1.0.0", "description": "", "main": "index.js", "scripts": { "build": "./node_modules/gulp/bin/gulp.js build", "apidoc": "./node_modules/gulp/bin/gulp.js apidoc", "watchApi": "BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js watchApi", "watchMqtt": "./node_modules/gulp/bin/gulp.js watchMqtt", "test-debug": "NODE_ENV=test ./node_modules/mocha/bin/mocha --no-timeouts --debug-brk release/js/api/test/e2e/**/*.js", "test": "___BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js test", "migrate": "./node_modules/sequelize-cli/bin/sequelize db:migrate", "migrate:undo": "./node_modules/sequelize-cli/bin/sequelize db:migrate:undo" }, "author": "", "license": "ISC", "dependencies": { "@types/bcrypt": "0.0.30", "@types/bluebird": "^3.0.35", "@types/body-parser": "0.0.33", "@types/config": "0.0.30", "@types/dateformat": "^1.0.1", "@types/expect.js": "^0.3.29", "@types/express": "^4.0.33", "@types/lodash": "^4.14.37", "@types/minimist": "^1.1.29", "@types/mocha": "^2.2.32", "@types/mongoose": "^4.7.11", "@types/mqtt": "0.0.32", "@types/mysql": "0.0.31", "@types/node-schedule": "0.0.36", "@types/nodemailer": "^1.3.32", "@types/passport": "^0.2.32", "@types/passport-http-bearer": "^1.0.30", "@types/passport-local": "^1.0.29", "@types/sequelize": "^4.0.38", "@types/sequelize-fixtures": "^0.4.29", "@types/should": "^8.1.30", "@types/supertest": "^1.1.31", "@types/supertest-as-promised": "^2.0.32", "@types/winston": "0.0.28", "ansi_up": "^1.3.0", "bcrypt": "^0.8.7", "bluebird": "^3.4.6", "body-parser": "1.15.2", "config": "^1.21.0", "cron-parser": "^2.4.1", "dateformat": "^2.0.0", "expect.js": "^0.3.1", "express": "^4.14.0", "express-basic-auth": "^1.1.1", "express-winston": "^2.0.0", "gulp": "^3.9.1", "gulp-clean": "^0.3.2", "gulp-copy": "0.0.2", "gulp-nodemon": "^2.2.1", "gulp-relative-sourcemaps-source": "^0.1.4", "gulp-sourcemaps": "^2.0.0", "gulp-spawn-mocha": "^3.1.0", "gulp-tslint": "^6.1.2", "gulp-typescript": "^3.0.2", "json-2-csv": "^2.1.0", "lodash": "^4.16.4", "merge2": "^1.0.2", "minimist": "^1.2.0", "mocha": "^3.1.2", "mongoose": "^4.9.7", "mongoose-fixtures": "0.0.1", "mosca": "^2.0.2", "mqtt": "^2.2.1", "mysql": "^2.11.1", "node-cron": "^1.2.0", "node-schedule": "^1.2.0", "nodemailer": "^2.6.4", "passport": "^0.3.2", "passport-http-bearer": "^1.0.1", "passport-local": "^1.0.0", "path": "^0.12.7", "pm2": "^2.4.2", "read-last-lines": "^1.1.0", "regression": "^1.4.0", "sequelize": "3.24.3", "sequelize-cli": "2.4.0", "sequelize-fixtures": "^0.5.5", "should": "^11.1.1", "supertest": "^2.0.1", "supertest-as-promised": "^4.0.1", "tslint": "^3.15.1", "typescript": "2.3.4", "typings": "^1.4.0", "winston": "^2.2.0" }, "devDependencies": { "gulp-apidoc": "^0.2.6", "gulp-debug": "^2.1.2" } } 和我的package-lock.json(即express.js)的一部分是:
{ "name": "typescript-test", "version": "1.0.0", "lockfileVersion": 1, "requires": true, "dependencies": { "express": { "version": "https://registry.npmjs.org/express/-/express-4.15.2.tgz", "integrity": "sha1-rxB/wUhQRFfy3Kmm8lcdcSm5ezU=", "requires": { "accepts": "https://registry.npmjs.org/accepts/-/accepts-1.3.3.tgz", "array-flatten": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "content-disposition": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz", "content-type": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz", "cookie": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz", "cookie-signature": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "debug": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz", "depd": "https://registry.npmjs.org/depd/-/depd-1.1.0.tgz", "encodeurl": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.1.tgz", "escape-html": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", "etag": "https://registry.npmjs.org/etag/-/etag-1.8.0.tgz", "finalhandler": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.2.tgz", "fresh": "https://registry.npmjs.org/fresh/-/fresh-0.5.0.tgz", "merge-descriptors": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", "methods": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", "on-finished": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", "parseurl": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.1.tgz", "path-to-regexp": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", "proxy-addr": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-1.1.4.tgz", "qs": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz", "range-parser": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz", "send": "https://registry.npmjs.org/send/-/send-0.15.1.tgz", "serve-static": "https://registry.npmjs.org/serve-static/-/serve-static-1.12.1.tgz", "setprototypeof": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz", "statuses": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz", "type-is": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz", "utils-merge": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz", "vary": "https://registry.npmjs.org/vary/-/vary-1.1.1.tgz" }, "dependencies": { "debug": { "version": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz", "integrity": "sha1-eYVQkLosTjEVzH2HaUkdWPBJE1E=", "requires": { "ms": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz" } }, "ms": { "version": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz", "integrity": "sha1-riXPJRKziFodldfwN4aNhDESR2U=" }, "qs": { "version": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz", "integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM=" }, "setprototypeof": { "version": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz", "integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ=" } } } } }
从package-lock.json中,express应该安装在4.15.2。
但是,如果我这样做
rm -rf node_modules npm install
express安装在4.15.3并且package-lock.json被覆盖。
这是npm的正确行为吗? 我是用错误的方式使用软件包锁吗?