Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

JavaScript npm Basics Installing Packages with npm Managing Dependencies in the package.json File

Ewerton Luna
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Ewerton Luna
Full Stack JavaScript Techdegree Graduate 24,031 Points

npm install colors --save is adding another json file to the project. Is it right?

I'm testing this locally and I already have a package.json file. When I enter the command
npm install colors --save, a new json file is added to the project. The file name is "package-lock.json"

package-lock.json

{
  "name": "hash_generator",
  "version": "0.0.1",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "colors": {
      "version": "1.4.0",
      "resolved": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz",
      "integrity": "sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA=="
    }
  }
}

package.json

{
  "name": "hash_generator",
  "version": "0.0.1",
  "description": "A password hash generator",
  "main": "app.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "Ewerton Luna",
  "license": "MIT",
  "dependencies": {
    "colors": "^1.4.0"
  }
}

3 Answers

Sheila Anguiano
Sheila Anguiano
25,422 Points

Hi, Ewerton here is a good explanation: https://medium.com/coinmonks/everything-you-wanted-to-know-about-package-lock-json-b81911aa8ab8

package-lock.json is like a more specific file to avoid having different results when running an app, like this example from the above article:

Let’s say we create a new project that is going to use express. After running npm init, we install express: npm install express — save. At the time of writing, the latest express version is 4.15.4. So “express”: “^4.15.4” is added as a dependency within my package.json and that exact version is installed on my machine. Now maybe tomorrow, the maintainers of express release a bug fix, and so the latest version becomes 4.15.5. Then if someone were to want to contribute to my project, they would clone it, and run `npm install.’ Since 4.15.5 is a higher version with the same major version, that is installed for them. We both have express, but we have two different versions. Theoretically, they should still be compatible, but maybe that bugfix affected functionality that we are using, and our application would produce different results when run with express version 4.15.4 compared to 4.15.5.

Hope this helps

This can be disabled by typing this command in command prompt or terminal: npm config set package-lock false. Delete the packages you have installed along with your package-lock file and re-initialize. Once that is done install your packages and notice package-lock.json is no longer generating. You can reverse this by typing the following into command prompt or terminal: npm config set package-lock true.

Jordan Kittle
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Jordan Kittle
Full Stack JavaScript Techdegree Graduate 20,138 Points

I got this message from npm: Use npm install <pkg> afterwards to install a package and
save it as a dependency in the package.json file.

I typed npm install colors without any --save flag and it automatically added it to my dependencies in package.json.