npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm
There are several ways to deal with this:
- Ignore it. It’s just a warning and does not affect the installation of modules.
npm ci to make sure your
node_modules reflects the lock file, then remove
package-lock.json, and then run
npm install (with the newer version of
npm) to regenerate a
package-lock.json. Because everything in
node_modules will meet all the requirements, the only change from
npm install will be a newly-generated
package-lock.json file. Commit the updated version of
package-lock.json to the repo/Docker image or whatever.
npm to an older version in production. Consider running
npm version 6 as that is what ships with the current (as of this writing) LTS version of Node.js. In the case being asked about in this question, I imagine you can just leave out the
RUN npm -g install email@example.com from the Dockerfile and instead use the version of
npm that is installed with the Docker image (which in this case will almost certainly be
npm@6 since that is what ships with Node.js 14.x).
- If you want to run one command with an older version of
npm but otherwise keep the newer version, you can use
npx (which ships with
npm) to do that. Use the
-p flag to specify the version of
npm you want. For example,
npx -p npm@6 npm ci would run
npm ci with
npm version 6 even if you have version 7 installed.
npm show latest versions
npm to show latest and safe versions of all your installed packages, you can also use:
npm show installed package versions
to show installed packages and versions
npm list for local packages or
npm list -g for globally installed packages.
You can find the version of a specific package by passing its name as an argument. For example,
npm list grunt will result in:
Alternatively, you can just run
npm list without passing a package name as an argument to see the versions of all your packages:
│ └── firstname.lastname@example.org
│ ├── email@example.com
│ └── firstname.lastname@example.org
You can also add
--depth=0 argument to list installed packages without their dependencies.