Javascript 删除`package-lock.json`以快速解决冲突
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/54124033/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Deleting `package-lock.json` to Resolve Conflicts quickly
提问by John Mutuma
In a team set up, usually, I have faced merge conflicts in package-lock.jsonand my quick fix has always been to delete the file and regenerate it with npm install. I have not seriously thought about the implication of this fix because it has not caused any perceivable problem before.
在团队设置中,我通常会遇到合并冲突package-lock.json,我的快速解决方法一直是删除文件并使用npm install. 我没有认真考虑过这个修复的含义,因为它之前没有引起任何可察觉的问题。
Is there a problem with deleting the file and having npmrecreate it that way instead of resolving the conflicts manually?
删除文件并以npm这种方式重新创建它而不是手动解决冲突是否有问题?
回答by skyboyer
Yes, it can and will affect all the project in really bad way.
是的,它可以而且将会以非常糟糕的方式影响所有项目。
if your team does not run
npm installafter eachgit pullyou all are using different dependencies' versions. So it ends with "but it works for me!!" and "I don't understand why my code does not work for you"even if all the team runs
npm installit still does not mean everything is ok. at some moment you may find your project acts differently. in a part that you have not been changing for years. and after (probably, quite painful) debugging you will find it's because of 3rd level dependency has updated for next major version and this led some breaking changes.
如果您的团队没有
npm install在每个之后运行,git pull那么您都在使用不同的依赖项版本。所以它以“但它对我有用!!”结尾。和“我不明白为什么我的代码对你不起作用”即使所有团队都在运行,
npm install但这并不意味着一切正常。在某些时候,您可能会发现您的项目行为有所不同。在你多年来一直没有改变的部分。在(可能非常痛苦)调试之后,您会发现这是因为第 3 级依赖项已针对下一个主要版本进行了更新,这导致了一些重大更改。
Conclusion: don't ever delete package-lock.json. in your case you better do next way:
结论:永远不要删除package-lock.json. 在你的情况下,你最好这样做:
Approach 1
方法一
- revert your changes in
package-lock.json stashyour changespullmost recent code version- run
npm installfor all the dependencies you need to be added - unstash your changes.
- 还原您的更改
package-lock.json stash你的改变pull最新的代码版本- 运行
npm install所有需要添加的依赖项 - 取消隐藏您的更改。
Approach 2
方法二
- run merging
- for conflict resolution choose "their changes only" strategy on
package-lock.json - run
npm installso dependencies you want to add are also included intopackage-lock.json - finish with committing merge commit.
- 运行合并
- 为了解决冲突,请选择“仅更改他们的”策略
package-lock.json - 运行
npm install以便您要添加的依赖项也包含在package-lock.json - 完成提交合并提交。
PS yes, for first level dependencies if we specify them without ranges (like "react": "16.12.0") we get the same versions each time we run npm install. But we cannot say the same about dependencies of 2+ level deep (dependencies that our dependencies are relying on), so package-lock.jsonis really important for stability.
PS 是的,对于第一级依赖项,如果我们在没有范围的情况下指定它们(例如"react": "16.12.0"),我们每次运行时都会得到相同的版本npm install。但是我们不能对 2+ 级深度的依赖(我们的依赖所依赖的依赖)说同样的话,所以package-lock.json对于稳定性来说真的很重要。
回答by Taha
I know it's an old question but for future seekers, you can also use npm-merge-driver which try to automatically resolve the npm related files' merge issues.
我知道这是一个老问题,但对于未来的寻求者,您还可以使用 npm-merge-driver 尝试自动解决 npm 相关文件的合并问题。
Just install it globally npx npm-merge-driver install --global. You can read more about it here npm-merge-driver
只需全局安装它npx npm-merge-driver install --global。你可以在这里阅读更多关于它的内容npm-merge-driver
Edit: Just want to warn people, who are interested in using above package, that sometime it can behave erratically and difficult to remove. So although it is a useful tool, it still need some work.
编辑:只是想警告那些对使用上述包感兴趣的人,有时它可能会表现得不稳定且难以删除。所以虽然它是一个有用的工具,但它仍然需要一些工作。
