Implementation:Mlc ai Web llm Package Lock
| Knowledge Sources | |
|---|---|
| Domains | Build_System, Package_Management |
| Last Updated | 2026-02-14 22:30 GMT |
Overview
Concrete lockfile for the @mlc-ai/web-llm package that pins exact dependency versions and integrity hashes to ensure reproducible builds across all environments.
Description
The package-lock.json is an auto-generated npm lockfile (version 3) for the @mlc-ai/web-llm package (version 0.2.80). It records the complete resolved dependency tree including:
- Exact versions -- Every direct and transitive dependency is pinned to a specific version, preventing version drift
- Integrity hashes -- SHA-512 integrity hashes for each package tarball, enabling tamper detection
- Resolution metadata -- Resolved registry URLs, dependency relationships, and optional/dev classification
- Transitive dependencies -- The full flattened tree of all nested dependencies
Key dependency trees captured include:
- MLC AI packages --
@mlc-ai/web-runtime,@mlc-ai/web-tokenizers,@mlc-ai/web-xgrammar - Build tools -- Rollup and its plugins, TypeScript compiler
- Test framework -- Jest and ts-jest
- Code quality -- ESLint, Prettier, Husky
- Type definitions --
@webgpu/types,@types/chrome,@types/serviceworker
Usage
This file is consumed by npm install (or npm ci for clean installs) to reproduce the exact dependency tree. Commit this file to version control to ensure all developers and CI environments use identical dependency versions.
Code Reference
Source Location
- Repository: Mlc_ai_Web_llm
- File: package-lock.json
- Lines: 1-6878
Structure
{
"name": "@mlc-ai/web-llm",
"version": "0.2.80",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "@mlc-ai/web-llm",
"version": "0.2.80",
"license": "Apache-2.0",
"dependencies": {
"loglevel": "^1.9.1"
},
"devDependencies": { "..." : "..." }
},
"node_modules/@mlc-ai/web-runtime": { "..." : "..." },
"node_modules/@mlc-ai/web-tokenizers": { "..." : "..." },
"node_modules/@mlc-ai/web-xgrammar": { "..." : "..." }
}
}
Import
# Clean install using lockfile (CI-recommended)
npm ci
# Standard install (updates lockfile if needed)
npm install
I/O Contract
Inputs (Consumed By)
| Consumer | Description |
|---|---|
npm install |
Reads lockfile to resolve and install pinned dependency versions |
npm ci |
Performs a clean install strictly from lockfile (fails if lockfile is out of sync with package.json) |
npm audit |
Reads lockfile to check for known vulnerabilities in pinned versions |
Outputs (Produces)
| Name | Type | Description |
|---|---|---|
| node_modules/ | Directory | Installed dependency tree matching exact lockfile versions |
| Integrity verification | Boolean | npm verifies SHA-512 hashes match downloaded tarballs |
Usage Examples
Reproducible CI Build
# In CI, always use npm ci for deterministic installs
npm ci
# Build the library
npm run build
# Run tests
npm test
Updating Dependencies
# Update a specific dependency (regenerates lockfile)
npm update @mlc-ai/web-runtime
# Update all dependencies within semver ranges
npm update
# Audit for security vulnerabilities
npm audit
Related Pages
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment