npm recently launched new command called
npm ci which is made for continuous integration and especially to be used in deployments and other automated processes. Learn when to use which and you can avoid the usual what just happened situations with npm.
The confusion started when npm released
package-lock.json files. There’s lot’s of good information and lot’s of bad informations about the way this file is used and what affects the generation of it.
Package lock file sounds like something that will save the current state of the npm package tree. And that is completely true. In
package-lock.json you can find the full tree and exact versions used in the current setup. There’s nothing more to it.
npm install will install packages according to package.json. It does not install the packages according to package-lock.json.
The confusion here is why doesn’t it do that? What’s the point of
package-lock.json if it doesn’t really affect anything. I really can’t say why npm did this the way they did, but the good thing is that after a while they introduced
npm ci install’s the exact packages and tree found in the
package-lock.json. It’s made only for
package-lock.json and does a great job at it.
There’s also some extra things you should know when using this command.
- The installation process will fail if the definitions in
package-lock.jsondoesn’t match the ranges or versions specified in
- It’s faster than
- It deletes old
So this command is ideal for automated environments and places where things are liked to be just like they were supposed to be.