Please don't mark this as a dupe. I've done a lot of research on this and I'm very confused about something specific here.
I keep seeing everywhere (on stackoverflow and in lots of articles) that if you use a caret (^) in your package.json file, package-lock.json will keep whatever specific version you pulled down on your last npm install.
But I did this...
- Deleted my node_modules/bootstrap folder.
- Deleted the package-lock.json file.
- Changed the bootstrap line in my package.json file to
^5.0.0. - Ran
npm install.
And it recreated the package-lock.json file with "bootstrap": "^5.0.0".
With that in mind, I looked at the package.json file in node_modules/bootstrap and the version there is "5.3.0".
I understand there are other uses for the package-lock.json like viewing the dependency tree and having the current version's hash but I want to know why everyone says the package-lock.json file is supposed to lock within a version range and why I'm not seeing that here.
Thank you.
Ok ok I see now: At the top of the package-lock file, under packages > dependencies, the original caret is preserved. But way down 20 thousand lines later I see the new version number there. I'll leave this around in case someone else has the same curiosity.