Commit 9a85fc8
committed
Change
Running `npm install` will change the dependencies
in node_modules and what is listed in
package-lock.json if the dependencies in
package-lock.json don't match the dependency tree
possible for the versions specified in
package.json.
Running `npm ci` deletes node_modules at the start
and installs exactly what's in package-lock.json,
irrelevant of whether any sub-dependencies of the
packages listed in package.json have newer
versions allowed by their semver ranges or not.
A nicer way to explain might be this example:
If the 'standard' package changes by a patch
version and we run `npm install`:
1. its version includes the '^' prefix so allows
patch and minor version bumps
2. the new version would be installed into node_modules
3. package-lock.json would be updated to reference the new version
4. `npm install` is then run on the new version of
'standard', checking for the latest versions of
its dependencies allowed and installing them,
all the way down the tree
If the 'standard' package changes by a patch
version and we run `npm ci`:
1. the node_modules folder is emptied
2. all the dependencies listed in
package-lock.json are installed at the versions
specified
So in the second example, `npm ci` ignores the
new patched version because it only goes by what's
in package-lock.json.
I think we want the later behaviour, because it
splits updates out into a separate step and stops
them happening during gem installation.
References:
- https://docs.npmjs.com/cli/v11/commands/npm-install
- https://docs.npmjs.com/cli/v11/commands/npm-cinpm install to npm ci
1 parent 5885826 commit 9a85fc8
1 file changed
+2
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
8 | | - | |
| 7 | + | |
| 8 | + | |
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| |||
0 commit comments