While trying to research how the new lock file system works for NPM 5's new package.lock.json, I have become a little confused. While I'm not currently able to test some of these questions, either way I had still hoped to find answers in documentation to resolve any ambiguities. My confusion concerns the behavior of following:
npm install <module> --savenpm updatenpm install- lockFileVersion
- manual edits
Does 1) install a module initially into package.json and then only in package.lock.json if there is not already a versioned module present?
Does 2) update all modules across both files?
Does 3) only use package.lock.json to install all documented packages? What happens if the lock file is not present, will it then resort to package.json?
Does 4) maintain some kind of record of each and every package.lock.json that has ever been used by this particular project? If so, how can you view them and how can you switch between them effectively?
Lastly 5) what would happen if either package.json and/or package.lock.json were manually edited ?
The most helpful answers for me and others will restate the part of the question being answered to avoid any ambiguities. Thanks!