Implementation:Apache Spark Dev NPM Lock
| Knowledge Sources | |
|---|---|
| Domains | Build_System, JavaScript |
| Last Updated | 2026-02-08 22:00 GMT |
Overview
NPM lock file that pins exact versions and integrity hashes for all transitive Node.js dependencies used in Spark's dev tooling.
Description
dev/package-lock.json uses lockfileVersion 2 format to record the full dependency tree for the dev dependencies declared in `dev/package.json` (primarily ESLint and its transitive dependencies). It includes resolved registry URLs and SHA-512 integrity hashes for each package to ensure reproducible installs. The file also pins security-sensitive overrides for `ansi-regex`, `minimatch`, and `brace-expansion`.
Usage
This file is automatically used by `npm ci` or `npm install` within the `dev/` directory to install JavaScript linting tools (ESLint). It ensures deterministic and secure dependency resolution across all developer and CI environments.
Code Reference
Source Location
- Repository: Apache_Spark
- File: dev/package-lock.json
- Lines: 1-2169
Signature
{
"name": "spark-dev",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"devDependencies": {
"eslint": "..."
}
}
}
}
Import
# Used implicitly by npm
cd dev/ && npm ci
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| package.json | JSON | Yes | Declares the top-level dev dependencies |
| npm registry | Network | Yes | NPM registry for resolving packages |
Outputs
| Name | Type | Description |
|---|---|---|
| node_modules/ | Directory | Installed JavaScript dependencies with pinned versions |
Usage Examples
Install Dev Dependencies
# From the dev/ directory, install locked dependencies
cd dev/
npm ci # Uses package-lock.json for deterministic install