更新时间:2021-11-26 09:54:55
无法从package-lock.json
生成完整的package.json
,因为后者未包含所有必需的数据.它仅包含具有特定版本的依赖项列表,而没有原始存储库.生产和开发的依赖关系与嵌套的依赖关系混合在一起.
It's not possible to generate full package.json
from package-lock.json
because the latter doesn't contain all necessary data. It contains only a list of dependencies with specific versions without original semvers. Production and development dependencies are mixed up along with nested dependencies.
新鲜的package.json
,然后通过以下类似方式增强这些依赖性:
Fresh package.json
could be generated, then augmented with these dependencies with something like:
const fs = require('fs');
const packageLock = require('./package-lock.json');
const package = require('./package.json');
package.dependencies = Object.entries(packageLock.dependencies)
.reduce((deps, [dep, { version }]) => Object.assign(deps, { [dep]: version }), {});
fs.writeFileSync('./package-new.json', JSON.stringify(package, null, 2));
可以通过选中requires
键来过滤嵌套的依赖关系,但这会影响项目自身的依赖关系.
Nested dependencies could be filtered out by checking requires
key, but this can affect project's own dependencies.