Deleting `package-lock.json` to Resolve Conflicts

2020-02-20 06:59发布

In a team set up, usually, I have faced merge conflicts in package-lock.json and my quick fix has always been to delete the file and regenerate it with npm install. I have not seriously thought about the implication of this fix because it has not caused any perceivable problem before.

Is there a problem with deleting the file and having npm recreate it that way instead of resolving the conflicts manually?

2条回答
Summer. ? 凉城
2楼-- · 2020-02-20 07:42

Yes, it can and will affect all the project in really bad way.

  1. if your team does not run npm install after each git pull you all are using different dependencies' versions. So it ends with "but it works for me!!" and "I don't understand why my code does not work for you"

  2. even if all the team runs npm install it still does not mean everything is ok. at some moment you may find your project acts differently. in a part that you have not been changing for years. and after (probably, quite painful) debugging you will find it's because of 3rd level dependency has updated for next major version and this led some breaking changes.

Conclusion: don't ever delete package-lock.json. in your case you better do next way:

Approach 1

  1. revert your changes in package-lock.json
  2. stash your changes
  3. pull most recent code version
  4. run npm install for all the dependencies you need to be added
  5. unstash your changes.

Approach 2

  1. run merging
  2. for conflict resolution choose "their changes only" strategy on package-lock.json
  3. run npm install so dependencies you want to add are also included into package-lock.json
  4. finish with committing merge commit.

PS yes, for first level dependencies if we specify them without ranges (like "react": "16.12.0") we get the same versions each time we run npm install. But we cannot say the same about dependencies of 2+ level deep (dependencies that our dependencies are relying on), so package-lock.json is really important for stability.

查看更多
叼着烟拽天下
3楼-- · 2020-02-20 07:51

I know it's an old question but for future seekers, you can also use npm-merge-driver which try to automatically resolve the npm related files' merge issues.

Just install it globally npx npm-merge-driver install --global. You can read more about it here npm-merge-driver

查看更多
登录 后发表回答