In case you have no idea what ^ and ~ symbol mean in package.json file, please take a look at this blog post that I did.
package-lock.json file is useful when multiple people are collaborating on the same project and wanting all the dev members to have similar environment (in this case, similar library versioning across all their packages and its dependencies) as the lock file is simply a snapshot of the dependencies tree graph. Also, useful for CI/CD build pipeline. A popular build pipeline is Azure DevOps.
There are many reasons why you want to update the package-lock.json file, few reason we can think of is, fix vulnerabilities, update library to keep the project up to update, update library to use the new feature provided by the library. If you came here with those reason in mind, read on, this post will give you steps on how to update the package-lock.json file.
It is actually very easy to update the package-lock.json file in order to honour the ^ and ~ symbol. These are all the steps that you need to follow,
- Delete your package-lock.json file in the root directory of your project,
- Simply run
npm installas in default, it checks if your directory has package-lock.json file otherwise, it will create one for you. (This command will honour the ^ and ~ symbol and update the packages to its latest that is provided by the library author(s)).
- Run unit tests and any other necessary tests to ensure getting the latest packages does not break your code/project.
- Commit it and push it so that other dev members can leverage it.
Okay, do let me know in the comments below if you have any questions/concerns and I would be happy to help in any way. Have fun using npm.
I’ll try to keep this list current and up to date. If you know of a great resource you’d like to share or notice a broken link, please let us know.