npm install colors --save is adding another json file to the project. Is it right?

Question

I'm testing this locally and I already have a package.json file. When I enter the command
npm install colors --save, a new json file is added to the project. The file name is "package-lock.json"

package-lock.json

{
  "name": "hash_generator",
  "version": "0.0.1",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "colors": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA=="
    }
  }
}

package.json

{
  "name": "hash_generator",
  "version": "0.0.1",
  "description": "A password hash generator",
  "main": "app.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "Ewerton Luna",
  "license": "MIT",
  "dependencies": {
    "colors": "^1.4.0"
  }
}

Answer 1 · 2019-12-30T04:41:20Z

December 30, 2019 4:41am

Hi, Ewerton here is a good explanation: https://medium.com/coinmonks/everything-you-wanted-to-know-about-package-lock-json-b81911aa8ab8

package-lock.json is like a more specific file to avoid having different results when running an app, like this example from the above article:

Let’s say we create a new project that is going to use express. After running npm init, we install express: npm install express — save. At the time of writing, the latest express version is 4.15.4. So “express”: “^4.15.4” is added as a dependency within my package.json and that exact version is installed on my machine. Now maybe tomorrow, the maintainers of express release a bug fix, and so the latest version becomes 4.15.5. Then if someone were to want to contribute to my project, they would clone it, and run `npm install.’ Since 4.15.5 is a higher version with the same major version, that is installed for them. We both have express, but we have two different versions. Theoretically, they should still be compatible, but maybe that bugfix affected functionality that we are using, and our application would produce different results when run with express version 4.15.4 compared to 4.15.5.

Hope this helps

Answer 2 · 2020-11-10T00:29:58Z

November 10, 2020 12:29am

This can be disabled by typing this command in command prompt or terminal: npm config set package-lock false. Delete the packages you have installed along with your package-lock file and re-initialize. Once that is done install your packages and notice package-lock.json is no longer generating. You can reverse this by typing the following into command prompt or terminal: npm config set package-lock true.

Answer 3 · 2020-12-02T14:37:45Z

December 2, 2020 2:37pm

I got this message from npm: Use npm install <pkg> afterwards to install a package and
save it as a dependency in the package.json file.

I typed npm install colors without any --save flag and it automatically added it to my dependencies in package.json.

Welcome to the Treehouse Community

Looking to learn something new?

Ewerton Luna

Ewerton Luna

npm install colors --save is adding another json file to the project. Is it right?

3 Answers

Sheila Anguiano

Sheila Anguiano

Kyle Cameron

Kyle Cameron

Jordan Kittle

Jordan Kittle