diff options
Diffstat (limited to 'deps/node/deps/npm/doc/files/package-lock.json.md')
-rw-r--r-- | deps/node/deps/npm/doc/files/package-lock.json.md | 142 |
1 files changed, 0 insertions, 142 deletions
diff --git a/deps/node/deps/npm/doc/files/package-lock.json.md b/deps/node/deps/npm/doc/files/package-lock.json.md deleted file mode 100644 index 1b4ba934..00000000 --- a/deps/node/deps/npm/doc/files/package-lock.json.md +++ /dev/null @@ -1,142 +0,0 @@ -package-lock.json(5) -- A manifestation of the manifest -===================================================== - -## DESCRIPTION - -`package-lock.json` is automatically generated for any operations where npm -modifies either the `node_modules` tree, or `package.json`. It describes the -exact tree that was generated, such that subsequent installs are able to -generate identical trees, regardless of intermediate dependency updates. - -This file is intended to be committed into source repositories, and serves -various purposes: - -* Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies. - -* Provide a facility for users to "time-travel" to previous states of `node_modules` without having to commit the directory itself. - -* To facilitate greater visibility of tree changes through readable source control diffs. - -* And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages. - -One key detail about `package-lock.json` is that it cannot be published, and it -will be ignored if found in any place other than the toplevel package. It shares -a format with npm-shrinkwrap.json(5), which is essentially the same file, but -allows publication. This is not recommended unless deploying a CLI tool or -otherwise using the publication process for producing production packages. - -If both `package-lock.json` and `npm-shrinkwrap.json` are present in the root of -a package, `package-lock.json` will be completely ignored. - - -## FILE FORMAT - -### name - -The name of the package this is a package-lock for. This must match what's in -`package.json`. - -### version - -The version of the package this is a package-lock for. This must match what's in -`package.json`. - -### lockfileVersion - -An integer version, starting at `1` with the version number of this document -whose semantics were used when generating this `package-lock.json`. - -### packageIntegrity - -This is a [subresource -integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) value -created from the `package.json`. No preprocessing of the `package.json` should -be done. Subresource integrity strings can be produced by modules like -[`ssri`](https://www.npmjs.com/package/ssri). - -### preserveSymlinks - -Indicates that the install was done with the environment variable -`NODE_PRESERVE_SYMLINKS` enabled. The installer should insist that the value of -this property match that environment variable. - -### dependencies - -A mapping of package name to dependency object. Dependency objects have the -following properties: - -#### version - -This is a specifier that uniquely identifies this package and should be -usable in fetching a new copy of it. - -* bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes. -* registry sources: This is a version number. (eg, `1.2.3`) -* git sources: This is a git specifier with resolved committish. (eg, `git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e`) -* http tarball sources: This is the URL of the tarball. (eg, `https://example.com/example-1.3.0.tgz`) -* local tarball sources: This is the file URL of the tarball. (eg `file:///opt/storage/example-1.3.0.tgz`) -* local link sources: This is the file URL of the link. (eg `file:libs/our-module`) - -#### integrity - -This is a [Standard Subresource -Integrity](https://w3c.github.io/webappsec/specs/subresourceintegrity/) for this -resource. - -* For bundled dependencies this is not included, regardless of source. -* For registry sources, this is the `integrity` that the registry provided, or if one wasn't provided the SHA1 in `shasum`. -* For git sources this is the specific commit hash we cloned from. -* For remote tarball sources this is an integrity based on a SHA512 of - the file. -* For local tarball sources: This is an integrity field based on the SHA512 of the file. - -#### resolved - -* For bundled dependencies this is not included, regardless of source. -* For registry sources this is path of the tarball relative to the registry - URL. If the tarball URL isn't on the same server as the registry URL then - this is a complete URL. - -#### bundled - -If true, this is the bundled dependency and will be installed by the parent -module. When installing, this module will be extracted from the parent -module during the extract phase, not installed as a separate dependency. - -#### dev - -If true then this dependency is either a development dependency ONLY of the -top level module or a transitive dependency of one. This is false for -dependencies that are both a development dependency of the top level and a -transitive dependency of a non-development dependency of the top level. - -#### optional - -If true then this dependency is either an optional dependency ONLY of the -top level module or a transitive dependency of one. This is false for -dependencies that are both an optional dependency of the top level and a -transitive dependency of a non-optional dependency of the top level. - -All optional dependencies should be included even if they're uninstallable -on the current platform. - - -#### requires - -This is a mapping of module name to version. This is a list of everything -this module requires, regardless of where it will be installed. The version -should match via normal matching rules a dependency either in our -`dependencies` or in a level higher than us. - - -#### dependencies - -The dependencies of this dependency, exactly as at the top level. - -## SEE ALSO - -* npm-shrinkwrap(1) -* npm-shrinkwrap.json(5) -* npm-package-locks(5) -* package.json(5) -* npm-install(1) |