How to avoid npm install/update surprises?
Solution 1
If you use yarn
or a more recent version of npm
, it will generate for you a yarn.lock
or package-lock.json
.
This will keep exactly the version of any package when it's first installed, so further calls to yarn
or npm install
will fetch and install exactly those versions.
Of course you should add these lock files to your repository so anyone doing a fresh clone get the same dependencies installed.
See the npm docs: https://docs.npmjs.com/files/package-lock.json
And the yarn docs: https://yarnpkg.com/lang/en/docs/yarn-lock/
Solution 2
-
package.json file indicates ranges but not specific versions
: Re-read the documentation, you can specify specific versions. See point 3 for an example. -
Why would this happens in 2018
<= I/we can't speculate as to problems where you did not include any specific details, it might be a valid general gripe you have but StackOverflow is not the correct place to vent it. -
Again, see the documentation. You just have to include the version number with an
=
sign. Example below would get only the version5.0.0
of@angular/cdk
."@angular/cdk": "5.0.0"
user2080105
Updated on June 12, 2022Comments
-
user2080105 almost 2 years
How to safely npm install/update when deploying/upgrading ?
Problem 1 :
npm install
is a statefull operation that depends on the latest versions of dependencies in the time when the command is executed. This causes surprises when deploying sincepackage.json
file indicates ranges but not specific versions.Problem 2 : everytime I make
npm update
or usencu
, I spend hours/days trying to handle incoherences between modules. Why would this happens in 2018 ?Problem 3 : How to have
package.json
file that describes exactly the state of installed packages instead of ranges so that I can deploy without surprises ?
NB: I use Angular