Is there any way to fix package-lock.json lockfileVersion so npm uses a specific format?


If two different developers are using different versions of node (12/15) & npm (6/7) in a project that was originally created using a package-lock.json "lockfileVersion": 1, when the developer using npm 7x installs new packages it seems that the package-lock.json is re-created using "lockfileVersion": 2.

This seems to cause issues for the developer using npm v6, as it tries to work with the lockfileVersion 2, but it ends up producing new diffs.

npm WARN read-shrinkwrap This version of npm is compatible with [email protected], but package-lock.json was generated for [email protected] I'll try to do my best with it!

Is there any way to specify to newer versions of npm to only use "lockfileVersion": 1? Or do we just have to get all devs on the same version of npm?


Is there any way to specify to newer versions of npm to only use "lockfileVersion": 1? Or do we just have to get all devs on the same version of npm?

i will advise you to pin node\npm version and align it across your environments (development, staging, and production).

you can leverage nvm for managing the node version by adding to your project .nvmrc file (don't forget to store it in your source control).

for instance, .nvmrc will look like:

$ cat .nvmrc

then, you can use nvm install && nvm use to use the pined version of node.

npm also supports engines:

You can specify the version of node that your stuff works on:

{ "engines" : { "node" : ">=0.10.3 <0.12" } }

And, like with dependencies, if you don't specify the version (or if you specify "*" as the version), then any version of node will do.

If you specify an "engines" field, then npm will require that "node" be somewhere on that list. If "engines" is omitted, then npm will just assume that it works on node.

You can also use the "engines" field to specify which versions of npm are capable of properly installing your program. For example:

{ "engines" : { "npm" : "~1.0.20" } }

Unless the user has set the engine-strict config flag, this field is advisory only and will only produce warnings when your package is installed as a dependency.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at


Login to comment


Is there a way to force npm to generate package-lock.json?

How do I fix a vulnerable npm package in my package-lock.json that isn't listed in the package.json?

Proper way to fix potential security vulnerability in a dependency defined in package-lock.json

How to update package-lock.json without doing npm install?

Why does "npm install" rewrite package-lock.json?

What is the difference between npm-shrinkwrap.json and package-lock.json?

npm package.json OS specific script

What are the main uses for the NPM package.json file?

Is it possible to not generate package-lock.json with npm 5?

npm install: Is there a way to ignore a particular dependency in package.json

package-lock.json not created with npm install

Not modify package.json when doing npm audit fix

npm to create a package.json file out of the package-lock.json file?

Is there any point in adding 'npm' in the 'dependencies' field in 'package.json'?

Any way to fix this type deduction?

Is there any way to know whether an npm package has OS specific build requirements?

NPM detect pre-release dependency in package.json/package-lock.json?

Is there a way of making "npm ci" install devDependencies, or "npm install" not update package-lock.json?

Is there any way to determine if a program uses a specific Windows API functions?

Is there a way to see if any installed brew package has a specific dependency?

Is there any way to automatic change package.json's latest or asterisk(*) mark to specific version?

Fix unquoted keys in JSON-like file so that it uses correct JSON syntax

Why does `npm install` hang with this specific `package.json`?

Creating npm package for site which uses redux

Install npm dependencies for specific node version using package-lock.json

Is there a way to extract package.json from package-lock.json?

published npm package warning Fix

npm package uses fs in wrong dir

Is there any way to convert specific JSON data to CSV?