Node.js更新到v8.0后自带npm5出现的新坑

责编:menVScode 2017-06-22 9:14 阅读(914)

         Node.js v8.0 后,自带的 npm 也升级到了5.0,第一次使用的时候确实惊艳到了:原本重新安装一次模块要十几秒到事情,现在一秒多就搞定了。先不要激动,现在我来大概讲一下 npm 5 的一些大的变化:

        1、使用npm install xxx命令安装模块时,不再需要--save选项,会自动将模块依赖信息保存到 package.json 文件;

        2、安装模块操作(改变 node_modules 文件夹内容)会生成或更新 package-lock.json 文件

        3、发布的模块不会包含 package-lock.json 文件

        4、如果手动修改了 package.json 文件中已有模块的版本,直接执行npm install不会安装新指定的版本,只能通过npm install xxx@yy更新


        重新安装模块之所以快,是因为 package-lock.json 文件中已经记录了整个 node_modules 文件夹的树状结构,甚至连模块的下载地址都记录了,再重新安装的时候只需要直接下载文件即可(这样看起来 facebook 的 yarn 好像没有啥优势了)。以下是 package-lock.json 文件的例子:

{
  "name": "topSdk",
  "version": "0.0.1",
  "lockfileVersion": 1,
  "dependencies": {
    "address": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/address/-/address-1.0.2.tgz",
      "integrity": "sha1-SACB6CtYe6MZRZ/vUS9Rb+A9WK8="
    },
    "any-promise": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
      "integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8="
    },
    "content-type": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz",
      "integrity": "sha1-t9ETrueo3Se9IRM8TcJSnfFyHu0="
    },
    "debug": {
      "version": "2.6.8",
      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
      "integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw="
    },
    "default-user-agent": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/default-user-agent/-/default-user-agent-1.0.0.tgz",
      "integrity": "sha1-FsRu/cq6PtxF8k8r1IaLAbfCrcY="
    },
    "digest-header": {
      "version": "0.0.1",
      "resolved": "https://registry.npmjs.org/digest-header/-/digest-header-0.0.1.tgz",
      "integrity": "sha1-Ecz23uxXZqw3l0TZAcEsuklRS+Y="
    },
    "ee-first": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
    },
    "humanize-ms": {
      "version": "1.2.1",
      "resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.1.tgz",
      "integrity": "sha1-xG4xWaKT9riW2ikxbYtv6Lt5u+0="
    },
    "iconv-lite": {
      "version": "0.4.18",
      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.18.tgz",
      "integrity": "sha512-sr1ZQph3UwHTR0XftSbK85OvBbxe/abLGzEnPENCQwmHf7sck8Oyu4ob3LgBxWWxRoM+QszeUyl7jbqapu2TqA=="
    },
    "minimist": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
      "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ="
    },
    "ms": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
    },
    "os-name": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/os-name/-/os-name-1.0.3.tgz",
      "integrity": "sha1-GzefZINa98Wn9JizV8uVIVwVnt8="
    },
    "osx-release": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/osx-release/-/osx-release-1.1.0.tgz",
      "integrity": "sha1-8heRGigTaUmvG/kwiyQeJzfTzWw="
    },
    "qs": {
      "version": "6.4.0",
      "resolved": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
      "integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM="
    },
    "semver": {
      "version": "5.3.0",
      "resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz",
      "integrity": "sha1-myzl094C0XxgEq0yaqa00M9U+U8="
    },
    "statuses": {
      "version": "1.3.1",
      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
      "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4="
    },
    "urllib": {
      "version": "2.22.0",
      "resolved": "https://registry.npmjs.org/urllib/-/urllib-2.22.0.tgz",
      "integrity": "sha1-KWXcSuEnpvtpW32yfTGE8X2Cy0I="
    },
    "utility": {
      "version": "0.1.11",
      "resolved": "https://registry.npmjs.org/utility/-/utility-0.1.11.tgz",
      "integrity": "sha1-/eYM+bTkdRlHoM9dEEzik2ciZxU="
    },
    "win-release": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/win-release/-/win-release-1.1.1.tgz",
      "integrity": "sha1-X6VeAr58qTTt/BJmVjLoSbcuUgk="
    }
  }
}

        带来速度的同时,npm 也挖了个大大的坑

        以后直接改 package.json 文件相应模块的版本号,再执行npm install不会更新了(好可怕),你只能手动用npm install xxx@yy指定版本号来安装,然后它会自动更新 package-lock.json 文件。直接执行npm install时,如果不存在 package-lock.json 文件,它会根据安装模块后的 node_modules 目录结构来创建;如果已经存在 package-lock.json 文件,则它只会根据 package-lock.json 文件指定的结构来下载模块,并不会理会 package.json 文件。

网上已经有很多人反应这个问题了:GitHub 上的 issue:package-lock.json file not updated after package.json file is changed

链接:https://github.com/npm/npm/issues/16866 

        文章:Understanding lock files in NPM 5

        链接:http://jpospisil.com/2017/06/02/understanding-lock-files-in-npm-5.html

        这里是 npm 文档关于 package-locks 的说明

        链接:https://docs.npmjs.com/files/package-locks

        目前还不知道关于 package-lock.json 的最佳实践,果断切换回 Node v6.x,等别人把坑填了再上。

标签: node npm nodejs
前端交流群: MVC前端网(menvscode.com)-qq交流群:551903636

邮箱快速注册

忘记密码