npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Generating package.lock.json without touching package.json?

Hi there,

I have a scenario where we would like to generate package.lock.json without package.json getting modified. How can I accomplish this?

npm install seems to touch package.json no matter what.



I do not expect an existing package.json to be modified by a plain npm install, so not sure what is happening there. (What changes?)

However, I did find a possibly related option on the install doc page:

The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.

I tried npm install --package-lock-only and it still modifies package.json. Same thing with npm install --no-save --package-lock-only. The package.json I’m using is:

  "version": "1.0.0",
  "name": "",
  "private": true,
  "devDependencies": {
  "react": "16.8.6"


and the commands I describe reformat the file to remove the excess whiteline below "react": "16.8.6". Any other tips?

Simply run npm install <package-name> in an empty directory, and it will generate package-lock.json without a package.json. You can put as many packages into the argument list as you want.

and the commands I describe reformat the file to remove the excess whiteline below "react": "16.8.6" .

Oh, interesting, thanks. Reproduced.

To give a little more context, I want to create some tooling within Visual Studio for NPM, and the tooling will need to generate or update package.lock.json often.

So, ideally I need something quick and doesn’t take too much disk space. We could use your suggestion but that can be a lot of disk space / time to run a fresh npm install if the user has a lot of referenced packages.

If there is some command to generate package-lock.json without much overhead that’d be ideal.