A problem frequently observed on PRs in CMPSC 156 is that the student will include changes to
package-lock.json when there has been no change to
When there has been no change to
package-lock.json should not be included in a PR.
We’ve been telling folks to use
npm install after first cloning a new repo, and many of our instructions still include this advice. A better choice, as it turns out, is to use
npm ci as a substitute for
npm install; the key difference being that
npm ci will attempt to the dependencies exactly as they already exist in
npm install can sometimes update the
If you start using
npm ci any time the previous instructions said
npm install, you’ll avoid this problem.
But, if you are reading this, it may be because you already have a PR with changes to
package-lock.json in them, and you are trying to fix that problem. So, read on for how to do that.
Suppose you have a PR where
package-lock.json is included, but there has been no change to
There are two ways to fix this.
This is the most straightforward way that doesn’t involve learning any new
- Go to the github.com site for your repo, and make sure that the
mainbranch is selected:
- Navigate to the
frontend/package-lock.json; it will look something like this:
- Download the
package-lock.json fileby clicking the button at upper right for
Download raw file:
- Copy the downloaded file over the top of the
package-lock.jsonfor your branch.
- Commit that version of the file:
git add frontend/package-lock.json git commit -m "ab - restore package-lock.json to version from main branch"
- Push that commit to your branch:
git push origin branch-name
- Check the PR on Github: the
package-lock.jsonfile should no longer be there.
Note that after doing this, you may still need to run
npm install to get a
package-lock.json that’s appropriate for your platform before you can run the software. If you make sure that you are using the correct version of node (e.g. with
nvm use version-number, currently:
nvm use 16.20.0 as of this writing) that will help. But it may not 100% remove the necessity to have a
package-lock.json that is different from the one on Github.
Just be careful when you use
git add . that you do not accidentally scoop up
package-lock.json into the commit unless you are also changing
package.json (e.g. to add a new dependency.)
The fancy git way to do this is to rebuild the commit history but without the changes to package-lock.json.
In this approach, we unwind all of the commits right back to where you started building on the main branch, and then read the changed files. This will lose the detailed commit history, but in the case of a very small PR, this be ok.
- Get on your branch:
git checkout branch-name
- Update your branch from github:
git pull origin branch-name
- Reset the branch back to the local version of main, but without changing the file system (that’s the
git reset --soft main
git status. You should see that none of your files are changed, i.e. you have all of the changes you made in the branch, but now, none of them have been committed; they all show as “red”.
git addcommands to all of the files you want to commit, but not
- You can do files one at a time, like this (though it may be tedious):
git add filename1 git add filename2 etc.
Or, you can add whole directories (just don’t add and path that includes
git add src git add frontend/src
- Do a
git statuscommand to ensure that the files you want in your commit are green, and the ones you don’t want are red. In particular,
package-lock.jsonshould be red.
- Do a new commit and push to your branch.
- Check the resulting PR on github. The
package-lock.jsonshould be removed.