package.json vs. package-lock.json

Photo by Caspar Camille Rubin on Unsplash

What is package.json

package.json is a file holds various metadata relevant to the project. It is usually located at the root directory of a Node.js project.

This file will give information to npm for it to identify the project as well as handle the project’s dependencies.

It lists the packages your project depends on, specifies versions of a package to use, so it makes your build reproducible, and therefore easier to share with other developers.

Note package.json is used not only for dependencies management, its purpose is to give detail information about the project such as author, license, repository, scripts, …etc.

What is package-lock.json

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json.

The dependencies we list in package.json is semantic versioning, means it doesn’t have to be a strict certain version, instead we can just specify the acceptable version ranges.

However, if we want every team member set up a development environment with exactly identical dependencies, here is when package-lock.json comes into play.

package-lock.json describes the exact tree that was generated, so that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

That’s why this file is intended to be committed into source repositories.

Do we need both ?

We will definitely need package.json , but we may have a project withoutpackage-lock.json.

In short, the package.json is used for more than dependencies management. The package-lock.json is solely used to lock dependencies to a specific version number.




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Build a TCP Application with Node.js on ECS

DOM Selectors and Their Array-Like Objects

Chargify webhook verification in nodejs

7 New Features of Alibaba Cloud Container Service Blockchain Solution

Some Basic Things About React

Do You Have Experience with Node.js?

Running Your Node.js Application on ECS with Systemd or Forever

React- (JSX, Component Lifecycle, Virtual DOM)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adela Chao

Adela Chao

More from Medium

What is Node.js Exactly?

How to use DynamoDB with NodeJS? (The easy way😉)

The Top 4 Reasons for Using Node.js

Node.js development consulting, the development speed booster you need