What is package-lock.json ?

Last Updated : 14 Mar, 2024

package-lock.json is a file that is generated when we try to install the node. It is generated by the Node PackageManager(npm). package-lock.json will ensure that the same versions of packages are installed.

It contains the name, dependencies, and locked version of the project. It will check that same versions are installed for the different users so that errors can be prevented (Dependency locking).

Table of Content

Steps to get package-lock.json file :

Step 1: Check the version of node and npm to verify that it is installed in our system.

node -v
npm -v

The above command will display the version of the node installed.

Step 2: Now open Visual Studio Code. Click on Create New File and name it with .js extension. ( Example: index.js) .

Within that, open the terminal/command line and execute the below command.

npm init -y

Step 3: Install the required dependencies for the project.

npm i express

The common method of starting a package is npm init. After doing this, a package.json file is created. But when we install a express, we can notice the package-lock.json file (usually very long) gets automatically created.

Output: The output will be the package-lock.json file with a long descriptions. Since we are installing express , the package-lock.json will show the dependencies of express.

👁 Screenshot-from-2024-03-04-21-10-10-(1)-min-(1)-(1)

Properties of package-lock.json :

From the above output image consider first few lines . Let's describe some of them.

name: The name of your package.
description: The purpose of your package.
dependencies: It contains dependencies which would be required by your package to work.
version : The version which the package corresponds to
license: Name of the license used

Key Features of package-lock.json:

Only the verified and secured versions are found in package - lock.json can be installed. This offers a high security preventing from other malicious downloads.
It provides a faster installation of dependencies .
It uses same version of dependencies in a project and assure a consistent working behaviour
It ensures that the same dependencies are installed at the same version every time leading to a standard deployment and development.

Best Practices of package-lock.json:

To get the package - lock . json file , use npm CLI for installation. It will download the necessary version thereby preventing unknown installations.
We should not edit the package -lock.json file manually . It can be adjusted through package.json file and package-lock.json gets automatically downloaded
Check for updated versions and update the dependencies to prevent from errors . This can be done using 'npm update command'.

Difference between package.json vs package-lock.json:

package.json	package-lock.json
It displays the basic information about the project	It describe a exact tree structures that allow to download identical trees
It is required for every project.	It is automatically generated when installing node modules
It contains information such as name, description, author, script, and dependencies.	It contains the name, dependencies, and locked version of the project.

Comment

Article Tags:

Web Technologies

Node.js

Node-npm

Explore

Introduction & Installation

Node.js Modules , Buffer & Streams

Node.js Asynchronous Programming

Node.js NPM

Node.js Deployments & Communication

Resources & Tools

Courses

URL: https://www.geeksforgeeks.org/node-js/what-is-package-lock-json/