In my React project, I see one version number in the package.json file. Then I see two more instances of it in the package-lock.json file.
I see the purpose of the first one but don’t understand the need for it elsewhere. When updating the version number on our project at work, my colleagues are insisting that all 3 need to be updated.
Would there be anything wrong with me deleting the version instances in package-lock.json ?
2
Answers
It is not recommended to delete the version numbers in the
package-lock.json. The version numbers in thepackage-lock.jsonfile specify the exact versions that were installed for each package whennpm installwas last run. These versions are used to recreate the exact same environment when someone else installs your project or when you deploy it to a production environment.It’s important to keep all three version numbers in sync. If you update the version number in
package.json, you need to run npm install to update the packages and generate a newpackage-lock.jsonfile with the updated versions. If you don’t update the version numbers inpackage-lock.json, other developers (your colleagues) who clone your project or your deployment scripts may end up with a different set of package versions, leading to unexpected behavior or compatibility issues. I hope this clears things up!Two more instances you see in
package-lock.jsoncan be also sub dependencies of other module you have in your dependencies.