Tag Archive for: tricks&tips

What the heck is package-lock.json? And Why You Need it

,

Before we can describe what package-json.lock is, we need to get back to the beginning and describe how it is created and who created that file.

What the heck is the package manager?


In modern development, almost anyone has got in touch with the package manager, and current development cannot be imagined without this collection of software tools. The package manager is a programming language tool to create project environments and easily import external dependencies.
There are several package managers, most knows are COMPOSER, YARN, NUGGET, NPM, etc. We are going to focus on NPM.

What is a popular package manager NPM?


npm is the package manager for JavaScript. It is the world’s largest software repository. npm hosts extremely popular packages like jQuery, Bootstrap, React, Angular, etc. One of the slogans on their website https://www.npmjs.com/ is to build amazing things, and I will add completely free and fast. If you haven’t used npm for now, please try it will make your life much easier.

How to use NPM?

npm you can use from the command line, let’s say that you need to install Express module, it can be simply done with the command:

npm install express –save

package-lock.json - npm install express

This is the simples and fastest solution to import your dependencies in the project and not copy them manually, for more detailed NPM commands you can visit

https://docs.npmjs.com/cli-documentation/cli

What the heck is package.json?

package.json defines the required dependencies and their respective versions using semantic versioning. However, semantic versioning can be tricky. This file holds various metadata relevant to the project. It is used to give information to npm that allows it to identify the project as well as handle the project’s dependencies. It can also contain other metadata such as a project description, the version of the project, license information, even configuration data – all of which can be vital to both npm and to the end-users of the package.

What the heck are dependencies in package.json?


Sets a list of npm packages installed as dependencies. When you install a package using npm that package is automatically inserted in this list. But there are some rules that you can use that npm knows what version of the package to use.


You probably have seen the tilde (~) and caret (^) in the package.json. What is the difference between them?


When you do npm install moment –save, It saves the entry in the package.json with the caret (^) prefix.


The tilde (~)


In the simplest terms, the tilde (~) matches the most recent minor version (the middle number). ~1.2.3 will match all 1.2.x versions but will miss 1.3.0.

The caret (^)


The caret (^), on the other hand, is more relaxed. It will update you to the most recent major version (the first number). ^1.2.3 will match any 1.x.x release including 1.3.0 but will hold off on 2.0.0.

Here comes the reason why you are reading this blog, star of the evening “package-lock.json”

package-lock.json explained

Starting from version 5, NPM introduces package-lock.json. It’s a very important improvement for npm: guarantee exact same version of every package.

How to make sure your project built with the same packages in different environments at different times? Let’s say, you may use ^1.2.3 in your package.json, or some of your dependencies are using that way, but how can u ensure each time npm install will pick up the same version in your dev machine and in the build server? package-lock.json will ensure that. npm install will re-generate the lock file, when on the build server or deployment server. One important thing to mention as well is the security improvement that comes with the package-lock file. Since it keeps all the hashes of the packages if someone would tamper with the public npm registry and change the source code of a package without even changing the version of the package itself it would be detected by the package-lock file.

What the heck should I do with package-lock.json?

The simple answer is nothing, it should be part of your source control; you should not update it manually. All dependencies in the file will be updated with the command.

npm update

Just sit back and relax, and let NPM take care of that for you, or maybe you prefer playing Playstation. Either way thanks for reading this simple blog post.

Miomir Dančević
Senior FrontEnd Developer

/by

IEquality Comparer

IEqualityComparer is interface which defines methods for object comparation. IEqualityComparer can be used for comparation of Dictionary Collections. Equals is methid which compares 2 object values. If they are equal it will return true, else it will return false.

Read more
/by

Parameter Sniffing Problem with Stored Procedures

If you are writing a SQL queries or stored procedures, probably sometimes you noticed that stored procedure execution sometimes is quick and sometimes is slow.

Read more
/by

REST

The development of internet infrastructure has led to a significant increase in the flow amounts of data, and Internet speed.

Read more
/by

EMAIL-Parallel sending or not?

In my work I had a problem with sending large number of emails through application. I had an idea of parallel sending

Read more
/by

Single Sign On (SSO)

Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.

Read more
/by

PlUpload

File upload is standard functionality supported by HTML standard since 1995. Although this control is serving its purpose very well…

Read more
/by