Install npm packages from package-lock file
April 10, 2022 ‐ 1 min read
The yarn package manager for node modules has the --frozen-lockfile option for its install command. Using this option will ensure that the exact package versions are installed as they are defined in the yarn.lock file.
Just like yarn with its yarn.lock file, npm allows you to install the packages as defined in the package-lock.json file with the ci subcommand.
$ npm ci
If the name of the subcommand is confusing to you; ci is short for continuous integration. This since it was introduced to increase the performance and reliability of builds in a continuous integration (and continuous deployment) process.
Using either npm ci or yarn's --frozen-lockfile option is useful when installing dependencies in production or in a continuous integration environment because it guarantees that you will get the same versions of packages that you used in local development. This makes it less likely that you encounter new bugs in your production builds.
The performance boost is due to the fact that the ci command bypasses the package.json file and no version resolutions are required: the package-lock.json defines the exact required packages.