TL;DR How do I update package.json and package-lock.json version number without updating dependencies?
We have a problem where we want to uptick our version number after development and before deployments.
However if I uptick the version in my package.json and then npm install it could change versions of dependencies which could cause issues of production running with different dependencies than what developers tested their code with.
We use npm ci in our ci system, and my understanding that it would build off the package-lock.json file. The issue comes in if our package-lock.json has a version that previously was built the ci system will just use what it has previously built. I can't update our ci System.
I could manually update the version in package-lock.json but that feels wrong. Is there a best practice for this situation?
This question is almost a year old, but
npm install --package-lock-only
should do the trick.
The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.
https://docs.npmjs.com/cli/install
It's buried near the bottom of the docs page.