Bird
Raised Fist0
Node.jsframework~10 mins

package-lock.json and deterministic installs in Node.js - Interactive Code Practice

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to install dependencies exactly as specified in package-lock.json.

Node.js
npm [1]
Drag options to blanks, or click blank then click option'
Aci
Binstall
Cupdate
Drun
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'npm install' which may update dependencies.
Using 'npm update' which changes versions.
Using 'npm run' which executes scripts, not installs.
2fill in blank
medium

Complete the code to generate a package-lock.json file after installing dependencies.

Node.js
npm [1]
Drag options to blanks, or click blank then click option'
Aci
Block
Cinstall
Dupdate
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'npm ci' which requires an existing lock file.
Using 'npm update' which changes versions.
Using 'npm lock' which is not a valid command.
3fill in blank
hard

Fix the error in the command to ensure deterministic installs using package-lock.json.

Node.js
npm [1]
Drag options to blanks, or click blank then click option'
Aupdate
Binstall --no-package-lock
Cinstall --package-lock-only
Dci
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'install --no-package-lock' which disables lock file usage.
Using 'install --package-lock-only' which only updates the lock file.
Using 'update' which changes dependency versions.
4fill in blank
hard

Fill both blanks to create a script in package.json that runs deterministic installs.

Node.js
""
{
  "scripts": {
    "deterministic-install": "npm [1] --prefer-offline --no-audit --progress=false [2]"
  }
}
"""
Drag options to blanks, or click blank then click option'
Aci
Binstall
C--frozen-lockfile
D--no-package-lock
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'install' instead of 'ci' for deterministic installs.
Using '--no-package-lock' which disables lock file usage.
Omitting '--frozen-lockfile' which allows lock file updates.
5fill in blank
hard

Fill all three blanks to explain the role of package-lock.json in deterministic installs.

Node.js
"""
The package-lock.json file [1] the exact versions of dependencies installed.
It [2] the dependency tree to ensure consistent installs.
Using npm [3] installs dependencies exactly as locked.
"""
Drag options to blanks, or click blank then click option'
Arecords
Blocks
Cci
Dupdates
Attempts:
3 left
💡 Hint
Common Mistakes
Saying the file 'updates' versions instead of locking them.
Using 'install' instead of 'ci' for deterministic installs.
Confusing 'records' with 'updates' in the first blank.

Practice

(1/5)
1. What is the main purpose of the package-lock.json file in a Node.js project?
easy
A. To store user credentials for npm registry
B. To list all available npm packages globally
C. To configure environment variables for the project
D. To lock exact versions of installed packages for consistent installs

Solution

  1. Step 1: Understand the role of package-lock.json

    This file records the exact versions of all installed packages and their dependencies.

  2. Step 2: Compare with other options

    Options A, B, and D describe unrelated functions not handled by package-lock.json.

  3. Final Answer:

    To lock exact versions of installed packages for consistent installs -> Option D

  4. Quick Check:

    Locking versions = C [OK]
Hint: Remember: lock file fixes versions to avoid surprises [OK]
Common Mistakes:
  • Confusing package-lock.json with package.json
  • Thinking it stores user or environment info
  • Assuming it lists global packages
2. Which command should you run to install packages exactly as specified in package-lock.json without updating it?
easy
A. npm ci
B. npm update
C. npm init
D. npm install

Solution

  1. Step 1: Identify the command for deterministic installs

    npm ci installs packages exactly as locked in package-lock.json without modifying it.

  2. Step 2: Understand other commands

    npm install may update the lock file; npm update upgrades packages; npm init initializes a new project.

  3. Final Answer:

    npm ci -> Option A

  4. Quick Check:

    Deterministic install = npm ci [OK]
Hint: Use npm ci for exact installs, no changes [OK]
Common Mistakes:
  • Using npm install which can update lock file
  • Confusing npm update with install
  • Thinking npm init installs packages
3. Given a project with package-lock.json committed, what happens when a teammate runs npm install on their machine?
medium
A. They install latest package versions ignoring package-lock.json
B. They install exact package versions locked in package-lock.json
C. They only install packages listed in package.json without lock file
D. They get an error because package-lock.json is ignored

Solution

  1. Step 1: Understand npm install behavior with package-lock.json

    When package-lock.json exists, npm install installs the exact versions locked in it to keep consistency.

  2. Step 2: Evaluate other options

    Installing latest package versions ignoring package-lock.json is wrong because npm install respects the lock file. Only installing packages listed in package.json without considering the lock file is incorrect. No error occurs because of the package-lock.json file.

  3. Final Answer:

    They install exact package versions locked in package-lock.json -> Option B

  4. Quick Check:

    Install respects lock file = A [OK]
Hint: Lock file guides install versions unless deleted [OK]
Common Mistakes:
  • Assuming npm install ignores package-lock.json
  • Thinking it installs latest versions always
  • Believing npm install errors if lock file exists
4. You run npm ci but get an error saying the package-lock.json file is missing. What is the likely cause?
medium
A. You forgot to commit package-lock.json to the repository
B. npm ci requires package.json only, not package-lock.json
C. Your Node.js version is too old to support npm ci
D. You need to run npm install first to generate package.json

Solution

  1. Step 1: Understand npm ci requirements

    npm ci requires a valid package-lock.json file to install exact versions.

  2. Step 2: Identify cause of missing lock file error

    If the lock file is missing, it is often because it was not committed or shared in the project repository.

  3. Final Answer:

    You forgot to commit package-lock.json to the repository -> Option A

  4. Quick Check:

    Missing lock file = forgot to commit [OK]
Hint: Always commit package-lock.json for npm ci [OK]
Common Mistakes:
  • Thinking npm ci works without lock file
  • Assuming Node.js version causes this error
  • Confusing package.json with lock file
5. You want to ensure your CI/CD pipeline installs dependencies exactly as your team tested, avoiding any version drift. Which approach best achieves this?
hard
A. Run npm update before every build to get latest packages
B. Run npm install and commit package.json only
C. Run npm ci and commit both package.json and package-lock.json
D. Delete package-lock.json and run npm install fresh each time

Solution

  1. Step 1: Identify the goal of deterministic installs in CI/CD

    To avoid version drift, installs must use exact versions tested by the team.

  2. Step 2: Choose the correct commands and files to commit

    npm ci installs exactly from package-lock.json, so committing both files and using npm ci ensures consistency.

  3. Step 3: Evaluate other options

    Run npm install and commit package.json only risks version drift; C updates packages which breaks consistency; D removes lock file causing unpredictable installs.

  4. Final Answer:

    Run npm ci and commit both package.json and package-lock.json -> Option C

  5. Quick Check:

    CI consistency = npm ci + commit lock file [OK]
Hint: Use npm ci with committed lock file for CI [OK]
Common Mistakes:
  • Not committing package-lock.json
  • Using npm install in CI causing version drift
  • Running npm update in CI builds