Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript npm Basics (retiring) Installing Packages with npm Managing Dependencies in the package.json File

npm install colors --save is adding another json file to the project. Is it right?

I'm testing this locally and I already have a package.json file. When I enter the command
npm install colors --save, a new json file is added to the project. The file name is "package-lock.json"

package-lock.json

{
  "name": "hash_generator",
  "version": "0.0.1",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "colors": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA=="
    }
  }
}

package.json

{
  "name": "hash_generator",
  "version": "0.0.1",
  "description": "A password hash generator",
  "main": "app.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "Ewerton Luna",
  "license": "MIT",
  "dependencies": {
    "colors": "^1.4.0"
  }
}

3 Answers

Sheila Anguiano
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Sheila Anguiano
Full Stack JavaScript Techdegree Graduate 35,239 Points

Hi, Ewerton here is a good explanation: https://medium.com/coinmonks/everything-you-wanted-to-know-about-package-lock-json-b81911aa8ab8

package-lock.json is like a more specific file to avoid having different results when running an app, like this example from the above article:

Let’s say we create a new project that is going to use express. After running npm init, we install express: npm install express — save. At the time of writing, the latest express version is 4.15.4. So “express”: “^4.15.4” is added as a dependency within my package.json and that exact version is installed on my machine. Now maybe tomorrow, the maintainers of express release a bug fix, and so the latest version becomes 4.15.5. Then if someone were to want to contribute to my project, they would clone it, and run `npm install.’ Since 4.15.5 is a higher version with the same major version, that is installed for them. We both have express, but we have two different versions. Theoretically, they should still be compatible, but maybe that bugfix affected functionality that we are using, and our application would produce different results when run with express version 4.15.4 compared to 4.15.5.

Hope this helps

Kyle Cameron
Kyle Cameron
20,683 Points

This can be disabled by typing this command in command prompt or terminal: npm config set package-lock false. Delete the packages you have installed along with your package-lock file and re-initialize. Once that is done install your packages and notice package-lock.json is no longer generating. You can reverse this by typing the following into command prompt or terminal: npm config set package-lock true.

Jordan Kittle
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Jordan Kittle
Full Stack JavaScript Techdegree Graduate 20,148 Points

I got this message from npm: Use npm install <pkg> afterwards to install a package and
save it as a dependency in the package.json file.

I typed npm install colors without any --save flag and it automatically added it to my dependencies in package.json.