Is there a way to extract package.json from package-lock.json?

Question

I'm working on a project in which the package.json file is missing. The developer has pushed the package-lock.json file without the package.json file.

How can I create a clean package.json from the package-lock.json file in case it is at all possible?

You can't. package-lock.json doesn't contain all data from package.json. It contains dependency versions. Just ask a dev to submit package.json. — Estus Flask
– Estus Flask, Commented Jan 13, 2019 at 10:35
You could get the name and version and maybe figure out the dependencies and devDependencies, but that's not all that's in the package file - it likely also contains scripts and config for some of the packages you're using, for example. — jonrsharpe
– jonrsharpe, Commented Jan 13, 2019 at 10:38
@estus no one has access to him. that's why I'm trying to reverse engineer it. — Alireza
– Alireza, Commented Jan 13, 2019 at 10:38

Estus Flask · Accepted Answer · 2019-01-13 11:43:34Z

It's not possible to generate full package.json from package-lock.json because the latter doesn't contain all necessary data. It contains only a list of dependencies with specific versions without original semvers. Production and development dependencies are mixed up along with nested dependencies.

Fresh package.json could be generated, then augmented with these dependencies with something like:

const fs = require('fs'); const packageLock = require('./package-lock.json'); const package = require('./package.json'); package.dependencies = Object.entries(packageLock.dependencies) .reduce((deps, [dep, { version }]) => Object.assign(deps, { [dep]: version }), {}); fs.writeFileSync('./package-new.json', JSON.stringify(package, null, 2));

Nested dependencies could be filtered out by checking requires key, but this can affect project's own dependencies.

Brian Fegter · Accepted Answer · 2021-01-27 15:10:53Z

6

Simply run npm init and it will pull all of the current dependencies from package-lock.json if you already have node_modules/ generated. If not, run npm ci to generate the node modules from the package-lock.json and then run npm init to generate the package.json file.

edited Jan 27, 2021 at 15:10

answered Mar 22, 2019 at 16:27

Brian Fegter

71113 silver badges22 bronze badges

4 Comments

asulaiman Over a year ago

just creates a blank package file for me!

Brian Fegter Over a year ago

@asulaiman What version are you using? I just tested it again using 6.8.0 and it works dandy.

Stevula Over a year ago

It doesn't actually generate package.json from package-lock.json, but from node_modules. If you don't have node_modules, you can run npm ci to generate node_modules from package-lock.json and then run npm init to generate a package.json.

Brian Fegter Over a year ago

@Stevula Good explanation! I'm updating the answer.

Keith River · Accepted Answer · 2022-03-18 04:13:14Z

Slightly improved version of accepted answer script. Will pull locked versions out of the package-lock.

const fs = require('fs'); const packageLock = require('./package-lock.json'); const package = require('./package.json'); package.dependencies = Object.keys(package.dependencies) .reduce((deps, dep) => Object.assign(deps, { [dep]: packageLock.dependencies[dep].version }), {}); package.devDependencies = Object.keys(package.devDependencies) .reduce((deps, dep) => Object.assign(deps, { [dep]: packageLock.dependencies[dep].version }), {}); fs.writeFileSync('./package-new.json', JSON.stringify(package, null, 2));

Rubén Cougil · Accepted Answer · 2023-05-25 10:38:53Z

Slightly improved version of improved version for newer versions of NPM:

const fs = require('fs'); const packageLock = require('./package-lock.json'); const package = require('./package.json'); const packageJsonNew = package; // Refactor above code into a function const updateDependencies = (dependencies, newDependencies) => { Object.keys(dependencies).forEach(dep => { try { console.log("✅ node_modules/" + dep + ": " + packageLock.packages["node_modules/" + dep].version); newDependencies[dep] = packageLock.packages["node_modules/" + dep].version; } catch (error) { console.log("❌ node_modules/" + dep + ": " + error); } }); } updateDependencies(package.dependencies, packageJsonNew.dependencies); updateDependencies(package.devDependencies, packageJsonNew.devDependencies); fs.writeFileSync('./package-new.json', JSON.stringify(packageJsonNew, null, 2));

Collectives™ on Stack Overflow

Is there a way to extract package.json from package-lock.json?

4 Answers 4

Comments

4 Comments

Comments

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

Comments

4 Comments

Comments

Comments

Linked

Related