npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

How to build a new matching node environment using just a package-lock.json (no package.json)

I’m not writing a node module or publishing, just wanting to use which is just a wrapper around google chrome puppeteer.

I have a working docker container which produced the package-lock.json and now I want to build another using the same versions of all the node tree. I am using npm 6.9.0.

If I try to use npm ci it complains about not having a package.json file. I create one with just a name and version, and it tells me 0 packages added.

I try using npm install and it replaces my package-lock.json with one just referring to my package.

Running npm init -y also seems to ignore the lock file despite some SO comments suggesting it should use the lock file to construct the tree.

How can I use the package-lock.json file to construct a matching node environment in docker?

I am cross-posting this from

Hi @ruidc! Stepping back and checking what the problem is, why can’t you transfer the package.json as well as the package-lock.json?

(The package-lock.json file is an optional file with extra configuration. It is not a replacement for package.json, it is in addition.)

If you need to pick and choose what parts of package.json are transferred from your reference setup, I suggest try npm init -y for a fresh file followed by transferring the dependencies and devDependencies.

Thanks for trying to help.
I haven’t got a package.json because i’m not building a package, I just want to use one piece of software that happens to be in npm and I want to build a matching environment to where it is deployed. I saw the existence of this lock file tracking all the versions and thought I could somehow use it to build a matching environment, is that not possible? or is the only way to manually create a package.json from all the elements in the package-lock?


Are you using npm install in your Dockerfile? If you create a package.json before running the installs then npm will update both it and the package-lock.json file.

You could create one easily with npm init -y, or even an empty json file is probably enough for your purposes:


Thanks, but it still seems to ignore the lock file:
start with nothing other than npm installed
I create an empty package.json file as you suggest
I copy over the lock file from the working install. In the lockfile, the specification for puppeteer is:

"puppeteer": {
      "version": "1.17.0",
      "resolved": "",
      "integrity": "sha512-3EXZSximCzxuVKpIHtyec8Wm2dWZn1fc5tQi34qWfiUgubEVYHjUvr0GOJojqf3mifI6oyKnCdrGxaOI+lWReA==",
      "requires": {
        "debug": "^4.1.0",
        "extract-zip": "^1.6.6",
        "https-proxy-agent": "^2.2.1",
        "mime": "^2.0.3",
        "progress": "^2.0.1",
        "proxy-from-env": "^1.0.0",
        "rimraf": "^2.6.1",
        "ws": "^6.1.0"

I run npm install chromehtml2pdf
I run npm list and get:

`-- chromehtml2pdf@1.0.4
  +-- commander@2.20.0
  `-- puppeteer@1.18.0

the package.json file is updated to:

  "dependencies": {
    "chromehtml2pdf": "^1.0.4"

the lock file is updated to:

 "puppeteer": {
      "version": "1.18.0",

am I missing a step?

I am suggesting you create a package.json before doing the installs that create the package-lock.json. Then you copy both files to reproduce the installed modules.

That’s just it, I haven’t got one on the working installation. If I create one now, it will have newer versions of the sub-dependencies which is not what I need.

Ah, I was suggesting something for the future rather than the past.

Given you effectively have a reference docker image, I’ll mention a non-npm option is to copy the node_modules folder directly from the existing image into a new image:

Ok, thanks for the tip, am still surprised there’s not a more elegant solution given a lock file. Especially as it’s been quite a while since it’s introduction and npm ci