Both files are part of Node.js projects, but they serve different purposes.
1️⃣ package.json
- Defines project metadata and dependencies.
- Lists direct dependencies your project needs (
dependenciesanddevDependencies). - Used by npm/yarn to know what to install.
- Human-readable and can be manually edited.
Example:
{
"name": "my-app",
"version": "1.0.0",
"dependencies": {
"react": "^18.2.0",
"axios": "^1.5.0"
},
"devDependencies": {
"jest": "^29.0.0"
}
}
2️⃣ package-lock.json
- Automatically generated by npm.
- Records exact versions of installed dependencies and their nested dependencies.
- Ensures consistent installs across machines and environments.
- Should not be manually edited.
Example (simplified):
{
"name": "my-app",
"lockfileVersion": 3,
"dependencies": {
"axios": {
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/axios/-/axios-1.5.0.tgz",
"integrity": "sha512-..."
},
"react": {
"version": "18.2.0",
"resolved": "https://registry.npmjs.org/react/-/react-18.2.0.tgz",
"integrity": "sha512-..."
}
}
}
🔹 Key Differences
| Feature | package.json | package-lock.json |
|---|---|---|
| Purpose | List project dependencies | Lock exact dependency versions |
| Editable by developer | Yes | No |
| Generated by npm | Optional | Automatically |
| Ensures consistency | No | Yes |
💡 In Short:
package.json→ what your project needs.package-lock.json→ exact versions your project actually installed, ensuring consistent builds across environments.
