Run npm ci with only package-lock.json


(Xingcan Lan) #1

npm ci is a great command for continue integration.
I believe it can be further improved by make it only require a valid package-lock.json (without package.json).
So that when people do ci with docker they could modify there Dockerfile to

ADD package-lock.json .
RUN npm ci
ADD pacakge.json .

So the node_modules could take the advantage of cache when no dependencies is changed, even if other part of package.json has been modified, e.g. a version bump, cache is still available.

This change lost the ability to check the consistency between package.json and package-lock.json. But it could be with another command, suppose it will be called npm ci verify-lock-file, then Dockerfile could be written as

ADD package-lock.json .
RUN npm ci
ADD pacakge.json .
RUN npm ci verify-lock-file