diff options
Diffstat (limited to 'deps/npm/man/man5/package-lock.json.5')
-rw-r--r-- | deps/npm/man/man5/package-lock.json.5 | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/deps/npm/man/man5/package-lock.json.5 b/deps/npm/man/man5/package-lock.json.5 new file mode 100644 index 0000000000..fb86d4d0c5 --- /dev/null +++ b/deps/npm/man/man5/package-lock.json.5 @@ -0,0 +1,144 @@ +.TH "PACKAGE\-LOCK\.JSON" "5" "May 2017" "" "" +.SH "NAME" +\fBpackage-lock.json\fR \- A manifestation of the manifest +.SH DESCRIPTION +.P +\fBpackage\-lock\.json\fP is automatically generated for any operations where npm +modifies either the \fBnode_modules\fP tree, or \fBpackage\.json\fP\|\. It describes the +exact tree that was generated, such that subsequent installs are able to +generate identical trees, regardless of intermediate dependency updates\. +.P +This file is intended to be committed into source repositories, and serves +various purposes: +.RS 0 +.IP \(bu 2 +Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies\. +.IP \(bu 2 +Provide a facility for users to "time\-travel" to previous states of \fBnode_modules\fP without having to commit the directory itself\. +.IP \(bu 2 +To facilitate greater visibility of tree changes through readable source control diffs\. +.IP \(bu 2 +And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously\-installed packages\. + +.RE +.P +One key detail about \fBpackage\-lock\.json\fP is that it cannot be published, and it +will be ignored if found in any place other than the toplevel package\. It shares +a format with npm help 5 shrinkwrap\.json, which is essentially the same file, but +allows publication\. This is not recommended unless deploying a CLI tool or +otherwise using the publication process for producing production packages\. +.P +If both \fBpackage\-lock\.json\fP and \fBnpm\-shrinkwrap\.json\fP are present in the root of +a package, \fBpackage\-lock\.json\fP will be completely ignored\. +.SH FILE FORMAT +.SS name +.P +The name of the package this is a package\-lock for\. This must match what's in +\fBpackage\.json\fP\|\. +.SS version +.P +The version of the package this is a package\-lock for\. This must match what's in +\fBpackage\.json\fP\|\. +.SS lockfileVersion +.P +An integer version, starting at \fB1\fP with the version number of this document +whose semantics were used when generating this \fBpackage\-lock\.json\fP\|\. +.SS packageIntegrity +.P +This is a subresource +integrity \fIhttps://w3c\.github\.io/webappsec/specs/subresourceintegrity/\fR value +created from the \fBpacakge\.json\fP\|\. No preprocessing of the \fBpackage\.json\fP should +be done\. Subresource integrity strings can be produced by modules like +\fBssri\fP \fIhttps://www\.npmjs\.com/package/ssri\fR\|\. +.SS preserveSymlinks +.P +Indicates that the install was done with the environment variable +\fBNODE_PRESERVE_SYMLINKS\fP enabled\. The installer should insist that the value of +this property match that environment variable\. +.SS dependencies +.P +A mapping of package name to dependency object\. Dependency objects have the +following properties: +.SS version +.P +This is a specifier that uniquely identifies this package and should be +usable in fetching a new copy of it\. +.RS 0 +.IP \(bu 2 +bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes\. +.IP \(bu 2 +registry sources: This is a version number\. (eg, \fB1\.2\.3\fP) +.IP \(bu 2 +git sources: This is a git specifier with resolved committish\. (eg, \fBgit+https://example\.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e\fP) +.IP \(bu 2 +http tarball sources: This is the URL of the tarball\. (eg, \fBhttps://example\.com/example\-1\.3\.0\.tgz\fP) +.IP \(bu 2 +local tarball sources: This is the file URL of the tarball\. (eg \fBfile:///opt/storage/example\-1\.3\.0\.tgz\fP) +.IP \(bu 2 +local link sources: This is the file URL of the link\. (eg \fBfile:libs/our\-module\fP) + +.RE +.SS integrity +.P +This is a Standard Subresource +Integrity \fIhttps://w3c\.github\.io/webappsec/specs/subresourceintegrity/\fR for this +resource\. +.RS 0 +.IP \(bu 2 +For bundled dependencies this is not included, regardless of source\. +.IP \(bu 2 +For registry sources, this is the \fBintegrity\fP that the registry provided, or if one wasn't provided the SHA1 in \fBshasum\fP\|\. +.IP \(bu 2 +For git sources this is the specific commit hash we cloned from\. +.IP \(bu 2 +For remote tarball sources this is an integrity based on a SHA512 of +the file\. +.IP \(bu 2 +For local tarball sources: This is an integrity field based on the SHA512 of the file\. + +.RE +.SS resolved +.RS 0 +.IP \(bu 2 +For bundled dependencies this is not included, regardless of source\. +.IP \(bu 2 +For registry sources this is path of the tarball relative to the registry +URL\. If the tarball URL isn't on the same server as the registry URL then +this is a complete URL\. + +.RE +.SS bundled +.P +If true, this is the bundled dependency and will be installed by the parent +module\. When installing, this module will be extracted from the parent +module during the extract phase, not installed as a separate dependency\. +.SS dev +.P +If true then this dependency is either a development dependency ONLY of the +top level module or a transitive dependency of one\. This is false for +dependencies that are both a development dependency of the top level and a +transitive dependency of a non\-development dependency of the top level\. +.SS optional +.P +If true then this dependency is either an optional dependency ONLY of the +top level module or a transitive dependency of one\. This is false for +dependencies that are both an optional dependency of the top level and a +transitive dependency of a non\-optional dependency of the top level\. +.P +All optional dependencies should be included even if they're uninstallable +on the current platform\. +.SS dependencies +.P +The dependencies of this dependency, exactly as at the top level\. +.SH SEE ALSO +.RS 0 +.IP \(bu 2 +npm help shrinkwrap +.IP \(bu 2 +npm help 5 package\-lock\.json +.IP \(bu 2 +npm help 5 package\.json +.IP \(bu 2 +npm help install + +.RE |