Is there a way to extract package.json from package-lock.json?

Issue

I’m working on a project in which the package.json file is missing. The developer has pushed the package-lock.json file without the package.json file.

How can I create a clean package.json from the package-lock.json file in case it is at all possible?

Solution

It’s not possible to generate full package.json from package-lock.json because the latter doesn’t contain all necessary data. It contains only a list of dependencies with specific versions without original semvers. Production and development dependencies are mixed up along with nested dependencies.

Fresh package.json could be generated, then augmented with these dependencies with something like:

const fs = require('fs');
const packageLock = require('./package-lock.json');
const package = require('./package.json');

package.dependencies = Object.entries(packageLock.dependencies)
.reduce((deps, [dep, { version }]) => Object.assign(deps, { [dep]: version }), {});

fs.writeFileSync('./package-new.json', JSON.stringify(package, null, 2));

Nested dependencies could be filtered out by checking requires key, but this can affect project’s own dependencies.

Answered By – Estus Flask

Answer Checked By – Marie Seifert (AngularFixing Admin)

Leave a Reply

Your email address will not be published.