It is not possible to resolve conflicts of package-lock.json in GitHub's merge tool and you need to do a manual merge.
- Update the
masterbranch with the latest changes:git checkout master git pull - Merge your feature branch into
master:
You will see something like the following message:git merge mybranchAuto-merging package-lock.json CONFLICT (content): Merge conflict in package-lock.json Auto-merging package.json CONFLICT (content): Merge conflict in package.json Automatic merge failed; fix conflicts and then commit the result. - Open your editor (e.g. VSCode) and:
- Carefully resolve conflicts in
package.json(if there is any) - Ignore the conflicts in
package-lock.json
- Carefully resolve conflicts in
- Install packages, which will re-generate
package-lock.json:npm install - "Test drive" your application to make sure the conflicts in
package.jsonhave been resolved correctly. - If the application is able to start up (i.e. there are no missing dependencies), add all changes and finish the merge:
git add --update git commit⚠️ Make sure not to commit the*.origfiles! - If everything looks fine, push to GitHub:
git push
@DaveVodrazka 👏 bravo--excellent explanation.
In regards to this entire conversation, I posed a similar question regarding the maintenance of package-lock.json files to a contributor of npm ~2 weeks ago here: npm/cli#4844 (comment).
Since npm v6 there is no longer any mention about how to resolve lockfile conflicts within the npm documentation, though it appears the appropriate solution is to utilize something like parse-conflict-json. I haven't looked into it much but it may be the solution we are all looking for, it would just be helpful is the npm team would actually codify some of this in their documentation.