Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding NodeJs Package-lock.json - requires vs dependencies

Thread Rating:
  • 224 Vote(s) - 3.66 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Package-lock.json - requires vs dependencies

Offline janifereyu


Member
*
Member
Posts: 0
Threads: 0
Joined: Nov 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-21-2023, 08:15 AM
In package-lock.json in dependency object, I have both `requires` and `dependencies` fields, e.g

"requires": {
"@angular-devkit/core": "0.8.5",
"rxjs": "6.2.2",
"tree-kill": "1.2.0",
"webpack-sources": "1.3.0"
},
"dependencies": {
"rxjs": {
"version": "6.2.2",
"resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.2.2.tgz",
"integrity": "sha512-0MI8+mkKAXZUF9vMrEoPnaoHkfzBPP4IGwUYRJhIRJF6/w3uByO1e91bEHn8zd43RdkTMKiooYKmwz7RH6zfOQ==",
"dev": true,
"requires": {
"tslib": "1.9.3"
}
}
}

What is the difference between these two? Why some dependencies are listed in `requires`, other in `dependencies`, and some of them in both of these fields?
Reply

Offline garv339


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Nov 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-21-2023, 08:15 AM
By default, npm installs all packages directly in `node_modules`.

However, let's say that package `X` is dependent on package `Z` in version 1.0 and package `Y` is dependent on the same package `Z`, but in version 2.0. In this case we have to install two versions of this package. One will be installed in root `node_modules` folder, and another one will be installed in `node_modules` folder of dependant package, e.g.

package.json
node_modules
/X
/Y
/node_modules
/[email protected]
/[email protected]

Equally likely, npm could build a different, but [still correct](

[To see links please register here]

), package tree:

package.json
node_modules
/X
/node_modules
/[email protected]
/Y
/[email protected]

The `package-lock.json` file will attempt to describe not only the dependencies of your project, but this tree structure as well. Which of the two trees above to build will be encoded in the JSON.

With this knowledge, it's easy to understand:


"requires" reflects dependencies from `package.json` file of this dependency, while `dependencies` reflects actually installed dependencies in node_modules folder of this dependency.



[1]:

[To see links please register here]

Reply

Offline brose492


Member
*
Member
Posts: 0
Threads: 0
Joined: Aug 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-21-2023, 08:45 AM
After reading the answers above, maybe I can put it more simply:

`requires` can be **shared** among all other top levels dependencies, while `dependencies` are **standalone**, belonging only to the module requiring them.

i.e.

`"@angular-devkit/core": "0.8.5"`,`"tree-kill": "1.2.0"`, and `"webpack-sources": "1.3.0"` do not belong **only** to the module. They are in the same level as the module requiring them. By contrast, `"rxjs": "6.2.2"` exists exclusively due to the module requiring it, and it is used only by that module.



Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through