It is not possible to resolve conflicts of package-lock.json in GitHub's merge tool and you need to do a manual merge.
- Update the
master
branch with the latest changes:git checkout master git pull
- Merge your feature branch into
master
:
You will see something like the following message:git merge mybranch
Auto-merging package-lock.json CONFLICT (content): Merge conflict in package-lock.json Auto-merging package.json CONFLICT (content): Merge conflict in package.json Automatic merge failed; fix conflicts and then commit the result.
- Open your editor (e.g. VSCode) and:
- Carefully resolve conflicts in
package.json
(if there is any) - Ignore the conflicts in
package-lock.json
- Carefully resolve conflicts in
- Install packages, which will re-generate
package-lock.json
:npm install
- "Test drive" your application to make sure the conflicts in
package.json
have been resolved correctly. - If the application is able to start up (i.e. there are no missing dependencies), add all changes and finish the merge:
git add --update git commit
⚠️ Make sure not to commit the*.orig
files! - If everything looks fine, push to GitHub:
git push
@szemate I agree with @DaveVodrazka, if we regenerate the package-lock.json this way, don't we simply lose all benefit of it?
Say for example, I have a dependency which as, in turn, an unlocked transient dependency which uses semver to pull the latest minor version. When my package-lock.json is first generated, the transient dependency could be, for instance,
5.0.8
...when regenerating the package-lock.json, if the latest version is5.10.0
, then our package-lock.json file will now have5.10.0
listed as the dependency of the dependency.Hope that makes sense.