Is it a way to update/generate package-lock.json without making real install of node_modules (like npm i)? I just need a valid package-lock.json based on my package.json, that's it.
You (or your colleagues) might use yarn locally, when CI server uses npm. It's probably not a best practice, but still might be for some reasons.
In a perfect world I'd like to have a command to update package-lock.json
2 Answers
npm
As of npm 6.x, you can use the following command:
npm i --package-lock-onlyDocumentation () says:
The
--package-lock-onlyargument will only update thepackage-lock.json, instead of checking node_modules and downloading dependencies.
yarn
As of yarn 3.0.0, you can use the following command:
yarn install --mode update-lockfileDocumentation () says:
If the
--mode=<mode>option is set, Yarn will change which artifacts are generated.
update-lockfilewill skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.
As of Sep. 10, 2019: yarn doesn't seem to support generating a lock-file without installing the modules. Relevant GitHub issue:
I don't have enough reputation to comment, so just add an answer :)
In addition to Teh's answer, for Yarn now you can:
yarn install --mode update-lockfileDocumentation:
update-lockfilewill skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.