Angular:全新安装npm后,为什么package-lock.json的软件包版本比package.json高?

时间:2020-06-13 03:29:47

标签: angular npm

我的理解是npm(早在2017年?)决定更新package.json中比package-lock.json上package-lock.json中版本更高的任何软件包。

我正在观察这个有趣的现象,即我的项目似乎自发地升级了我不希望升级的软件包。

例如,我最近切换到Angular 9,并且开始遇到奇怪的错误,如:

由于它不是'button'的已知属性,因此无法绑定到'ngIf'

我有tried to reproduce this on stackblitz,但运气不好(即,在堆栈闪电战中我没有得到相同的错误:在那似乎工作正常)。因为stack blitz does something weird with core-js,所以我决定在本地项目上降级我的core-js版本(github版本here),以尽可能地匹配堆栈闪电战中的工作。

在这里我很困惑。我删除了node_modules package-lock.json,并将package.json更改为以下内容:

{
  "name": "data-jitsu",
  "version": "0.0.0",
  "license": "MIT",
  "scripts": {
    "ng": "ng",
    "start": "ng serve",
    "build": "ng build",
    "test": "ng test",
    "lint": "ng lint",
    "e2e": "cypress open"
  },
  "private": true,
  "dependencies": {
    "@angular-devkit/build-angular": "^0.801.1",
    "@angular/animations": "^9.1.9",
    "@angular/cdk": "^9.2.4",
    "@angular/common": "^9.1.9",
    "@angular/compiler": "^9.1.9",
    "@angular/core": "^9.1.9",
    "@angular/fire": "^6.0.0",
    "@angular/forms": "^9.1.9",
    "@angular/material": "^9.2.4",
    "@angular/platform-browser": "^9.1.9",
    "@angular/platform-browser-dynamic": "^9.1.9",
    "@angular/router": "^9.1.9",
    "@types/youtube": "^0.0.29",
    "ajv": "^6.10.2",
    "angular-froala-wysiwyg": "^2.7.2-1",
    "core-js": "^2.0.0",
    "d3": "^4.13.0",
    "firebase": "^7.15.0",
    "grpc": "^1.24.3",
    "hammerjs": "^2.0.8",
    "jquery": "^3.0.0",
    "moment": "^2.26.0",
    "ng-starrating": "^1.0.7",
    "ngx-materialize": "^6.1.3",
    "ngx-youtube-player": "^7.1.1",
    "rxjs": "^6.0.0",
    "stripe": "^7.9.1",
    "zone.js": "^0.10.3"
  },
  "devDependencies": {
    "@angular/cli": "^9.1.7",
    "@angular/compiler-cli": "^9.1.9",
    "@angular/language-service": "^6.0.3",
    "@cypress/webpack-preprocessor": "^4.1.0",
    "@types/bootstrap": "^3.3.36",
    "@types/d3": "^4.13.0",
    "@types/jasmine": "~2.8.6",
    "@types/jasminewd2": "~2.0.3",
    "@types/node": "10.0.4",
    "chance": "^1.1.6",
    "codelyzer": "^5.0.0",
    "cypress": "^3.8.1",
    "jasmine-core": "~2.99.1",
    "jasmine-spec-reporter": "~4.2.1",
    "karma": "^3.0.0",
    "karma-chrome-launcher": "~2.2.0",
    "karma-cli": "~1.0.1",
    "karma-coverage-istanbul-reporter": "~2.0.0",
    "karma-jasmine": "~1.1.1",
    "karma-jasmine-html-reporter": "^0.2.2",
    "protractor": "^5.4.0",
    "ts-loader": "^6.0.4",
    "ts-node": "~5.0.1",
    "tslint": "~5.9.1",
    "typescript": "~3.7.0",
    "webpack": "^4.36.1"
  }
}

运行npm install后,package-lock.json会恢复,看起来像this(对于这个SO问题来说太长了)。

即使我在package.json中指定了"core-js": "^2.0.0",package-lock.json中似乎有许多不同版本的core-js,其中一些版本高于v3.0.0。有人可以解释为什么以及为什么这种行为(如果不是错误)是可取的吗?

1 个答案:

答案 0 :(得分:2)

即使将corejs版本指定为2.0.0,您的某些依赖项也可能需要更高版本才能满足其要求。例如,您的@ angular-devkit / build-angular需要corejs版本(3.1.4),该版本明显高于您提到的软件包。这可能会导致存在多个相同版本的corejs。核心思想是npm按照在package.json中提到的顺序解析依赖关系。下面的链接将使您了解如何解决依赖关系

https://medium.com/@imdongchen/how-does-npm-handle-conflicting-package-versions-44f90950cca5

相关问题
最新问题