Make `npm install --save` add a strict version to package.json
Solution 1
To specify by default a exact version, you can change your npm config with save-exact
:
npm config set save-exact true
You can also specify the prepend version with a tilde with save-prefix
.
And, no you can't force user to update to a minor or a patch version, NPM uses semver and it's the recommend way of publishing packages.
Solution 2
You can change the default behaviour by using the --save-exact
option.
// npm
npm install --save --save-exact react
// yarn
yarn add --exact react
I created a blog post about this if anyone is looking for this in the future.
https://www.dalejefferson.com/blog/how-to-save-exact-npm-package-versions/
Solution 3
Run:
npm install --save --save-exact my-module@my-specific-version
Adding an answer to make this advice easier to see.
twiz
#SOreadytohelp ... but only if SO sends me a t-shirt. They gave me a t-shirt. :-)
Updated on July 08, 2022Comments
-
twiz almost 2 years
When you run
npm install --save somepackage
, it usually adds something like this into package.json:"dependencies": { "somepackage": "^2.1.0" }
Because the version is prepended with a caret(^), this means that if you later run
npm install
, it might install version 2.3.0 instead. This can be undesirable for fairly obvious reasons.npm shrinkwrap
is useful, but doesn't really solve the problem.So, I have several questions:
- When installing a package, is it possible to specify that you want it to be set to a specific version in package.json (no caret before the version number)?
- When publishing a package to npm, is there any way to prevent the default of including the caret before the version when other developers install your package?
-
gilly3 about 8 yearsIf you only want to do this for a specific package, you can add
--save-exact
to the command line. Eg,npm install --save --save-exact somepackage
. -
angularrocks.com almost 7 yearsthis only just save the exact versions of your
top level packges
- the ones specified inpackage.json
, but won't work for any packages thattop level packages
are depends on. yarnpkg.com solving that problem withyarn.lock
file so you have always exact versions of all of your packages. -
Filnor over 6 yearsWhile this code snippet may solve the question, including an explanation really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. Additionally, in you case, don't say "I've explained the code in my blog post", but include the majority of the content here, and use the link only as a reference
-
Dale Jefferson over 6 yearsThanks for the feedback Chade, I've added more detail.
-
Tommy over 2 yearsBlog is 404 now
-
Allan Bowe over 2 yearsThis should be the default behaviour