Node.js的更新到V8.0后自带npm5出现的新坑

  Node.js v8.0后，自带的npm也升级到了5.0，第一次使用的时候确实惊艳到了：原本重新安装一次模块要十几秒到事情，现在一秒多就搞定了先不要激动，现在我来大概讲一下npm 5的一些大的变化：

        1，使用npm install xxx命令安装模块时，不再需要--save选项，会自动将模块依赖信息保存到package.json文件;

        2，安装模块操作（改变node_modules文件夹内容）会生成或更新package-lock.json文件

        3，发布的模块不会包含package-lock.json文件

        4，如果手动修改了package.json文件中已有模块的版本，直接执行npm安装不会安装新指定的版本，只能通过npm install xxx @ yy更新

        重新安装模块之所以快，是因为package-lock.json文件中已经记录了整个node_modules文件夹的树状结构，甚至连模块的下载地址都记录了，再重新安装的时候只需要直接下载文件即可（这样看起来facebook的纱好像没有啥优势了）以下是package-lock.json文件的例子：

{
  "name": "topSdk",
  "version": "0.0.1",
  "lockfileVersion": 1,
  "dependencies": {
    "address": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/address/-/address-1.0.2.tgz",
      "integrity": "sha1-SACB6CtYe6MZRZ/vUS9Rb+A9WK8="
    },
    "any-promise": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
      "integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8="
    },
    "content-type": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz",
      "integrity": "sha1-t9ETrueo3Se9IRM8TcJSnfFyHu0="
    },
    "debug": {
      "version": "2.6.8",
      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
      "integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw="
    },
    "default-user-agent": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/default-user-agent/-/default-user-agent-1.0.0.tgz",
      "integrity": "sha1-FsRu/cq6PtxF8k8r1IaLAbfCrcY="
    },
    "digest-header": {
      "version": "0.0.1",
      "resolved": "https://registry.npmjs.org/digest-header/-/digest-header-0.0.1.tgz",
      "integrity": "sha1-Ecz23uxXZqw3l0TZAcEsuklRS+Y="
    },
    "ee-first": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
    },
    "humanize-ms": {
      "version": "1.2.1",
      "resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.1.tgz",
      "integrity": "sha1-xG4xWaKT9riW2ikxbYtv6Lt5u+0="
    },
    "iconv-lite": {
      "version": "0.4.18",
      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.18.tgz",
      "integrity": "sha512-sr1ZQph3UwHTR0XftSbK85OvBbxe/abLGzEnPENCQwmHf7sck8Oyu4ob3LgBxWWxRoM+QszeUyl7jbqapu2TqA=="
    },
    "minimist": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
      "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ="
    },
    "ms": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
    },
    "os-name": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/os-name/-/os-name-1.0.3.tgz",
      "integrity": "sha1-GzefZINa98Wn9JizV8uVIVwVnt8="
    },
    "osx-release": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/osx-release/-/osx-release-1.1.0.tgz",
      "integrity": "sha1-8heRGigTaUmvG/kwiyQeJzfTzWw="
    },
    "qs": {
      "version": "6.4.0",
      "resolved": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
      "integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM="
    },
    "semver": {
      "version": "5.3.0",
      "resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz",
      "integrity": "sha1-myzl094C0XxgEq0yaqa00M9U+U8="
    },
    "statuses": {
      "version": "1.3.1",
      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
      "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4="
    },
    "urllib": {
      "version": "2.22.0",
      "resolved": "https://registry.npmjs.org/urllib/-/urllib-2.22.0.tgz",
      "integrity": "sha1-KWXcSuEnpvtpW32yfTGE8X2Cy0I="
    },
    "utility": {
      "version": "0.1.11",
      "resolved": "https://registry.npmjs.org/utility/-/utility-0.1.11.tgz",
      "integrity": "sha1-/eYM+bTkdRlHoM9dEEzik2ciZxU="
    },
    "win-release": {
      "version": "1.1.1",
      "resolved": "https://registry.npmjs.org/win-release/-/win-release-1.1.1.tgz",
      "integrity": "sha1-X6VeAr58qTTt/BJmVjLoSbcuUgk="
    }
  }
}

        带来速度的同时，npm也挖了个大大的坑：

        以后直接改package.json文件相应模块的版本号，再执行npm安装不会更新了（好可怕），你只能手动用npm install xxx @ yy指定版本号来安装，然后它会自动更新包锁.json文件。直接执行npm install时，如果不存在package-lock.json文件，它会根据安装模块后的node_modules目录结构来创建;如果已经存在package-lock.json文件，则它只会根据package- lock.json文件指定的结构来下载模块，并不会理会package.json文件。

网上已经有很多人反应这个问题了：GitHub上的问题：package_lock.json文件在package.json文件更改后未更新

链接：https：//github.com/npm/npm/issues/16866 

        文章：了解NPM中的锁文件5

        链接：HTTP：//jpospisil.com/2017/06/02/understanding-lock-files-in-npm-5.html

        这里是  npm文档关于package-locks的说明

        链接：HTTPS：//docs.npmjs.com/files/package-locks

        目前还不知道关于package-lock.json的最佳实践，果断切换回Node v6.x，等别人把坑填了再上。