From d0cdcb61fe3a237be7d905cecc9ff1b95dbfdfa3 Mon Sep 17 00:00:00 2001 From: Rebecca Turner Date: Fri, 20 Apr 2018 18:26:37 -0700 Subject: deps: upgrade npm to 6.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR-URL: https://github.com/nodejs/node/pull/20190 Reviewed-By: Rich Trott Reviewed-By: Ruben Bridgewater Reviewed-By: Tiancheng "Timothy" Gu Reviewed-By: Benjamin Gruenbaum Reviewed-By: Michaƫl Zasso --- deps/npm/html/doc/files/npm-package-locks.html | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'deps/npm/html/doc/files/npm-package-locks.html') diff --git a/deps/npm/html/doc/files/npm-package-locks.html b/deps/npm/html/doc/files/npm-package-locks.html index 775c6b4ca2..fe9115c14a 100644 --- a/deps/npm/html/doc/files/npm-package-locks.html +++ b/deps/npm/html/doc/files/npm-package-locks.html @@ -53,7 +53,7 @@ registry, then a normal npm install A will install:

A@0.1.0
 `-- B@0.0.1
     `-- C@0.0.1
-

However, if B@0.0.2 is published, then a fresh npm install A will +

However, if B@0.0.2 is published, then a fresh npm install A will install:

A@0.1.0
 `-- B@0.0.2
@@ -61,7 +61,7 @@ install:

assuming the new version did not modify B's dependencies. Of course, the new version of B could include a new version of C and any number of new dependencies. If such changes are undesirable, the author of A -could specify a dependency on B@0.0.1. However, if A's author and B's +could specify a dependency on B@0.0.1. However, if A's author and B's author are not the same person, there's no way for A's author to say that he or she does not want to pull in newly published versions of C when B hasn't changed at all.

@@ -125,6 +125,19 @@ package source to get the exact same dependency tree that you were developing on. Additionally, the diffs from these changes are human-readable and will inform you of any changes npm has made to your node_modules, so you can notice if any transitive dependencies were updated, hoisted, etc.

+

Resolving lockfile conflicts

+

Occasionally, two separate npm install will create package locks that cause +merge conflicts in source control systems. As of `npm@5.7.0, these conflicts +can be resolved by manually fixing anypackage.jsonconflicts, and then +runningnpm install [--package-lock-only]again. npm will automatically +resolve any conflicts for you and write a merged package lock that includes all +the dependencies from both branches in a reasonable tree. If--package-lock-onlyis provided, it will do this without also modifying your +localnode_modules/`.

+

To make this process seamless on git, consider installing +npm-merge-driver, which will teach git how +to do this itself without any user interaction. In short: $ npx +npm-merge-driver install -g will let you do this, and even works with +pre-`npm@5.7.0versions of npm 5, albeit a bit more noisily. Note that ifpackage.jsonitself conflicts, you will have to resolve that by hand and runnpm install` manually, even with the merge driver.

SEE ALSO