npm5 equivalent to yarn's --pure-lockfile flag?

Question

I'm looking for an equivalent for yarn's --pure-lockfile flag.

This flag is useful when installing dependencies in CI, when you want it to read your lockfile but not modify it.

Does npm v5 have an equivalent?

Kind of duplicate https://stackoverflow.com/q/45022048/1480391 — Yves M., Jul 22 '17 at 21:22

score 27 · Accepted Answer · edited Jun 20 '20 at 09:12

npm 5.7 introduced the npm ci subcommand:

the main differences between using npm install and npm ci are:

The project must have an existing package-lock.json or npm-shrinkwrap.json.

If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.

npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.

If a node_modules is already present, it will be automatically removed before npm ci begins its install.

It will never write to package.json or any of the package-locks: installs are essentially frozen.

score -3 · Answer 2 · answered Dec 03 '18 at 12:05

-3

this is how I did in my dockerfile

RUN npm install --pure-lockfile

it should work perfect.

answered Dec 03 '18 at 12:05

Eddie Smag

3
3

1

I've looked and found no documentation for anything called `--pure-lockfile` in npm. I believe this flag is ignored. – Nateowami Oct 18 '19 at 22:04

npm5 equivalent to yarn's --pure-lockfile flag?

2 Answers2

Linked