无法从package-lock.json生成完整的package.json，因为后者未包含所有必需的数据.它仅包含具有特定版本的依赖项列表，而没有原始存储库.生产和开发的依赖关系与嵌套的依赖关系混合在一起.

It's not possible to generate full package.json from package-lock.json because the latter doesn't contain all necessary data. It contains only a list of dependencies with specific versions without original semvers. Production and development dependencies are mixed up along with nested dependencies.

新鲜的package.json，然后通过以下类似方式增强这些依赖性:

Fresh package.json could be generated, then augmented with these dependencies with something like:

const fs = require('fs');
const packageLock = require('./package-lock.json');
const package = require('./package.json');

package.dependencies = Object.entries(packageLock.dependencies)
.reduce((deps, [dep, { version }]) => Object.assign(deps, { [dep]: version }), {});

fs.writeFileSync('./package-new.json', JSON.stringify(package, null, 2));

可以通过选中requires键来过滤嵌套的依赖关系，但这会影响项目自身的依赖关系.

Nested dependencies could be filtered out by checking requires key, but this can affect project's own dependencies.