Make `npm install --save` add a strict version to package.json

node.js npm version package.json

21,201

Solution 1

To specify by default a exact version, you can change your npm config with save-exact:

npm config set save-exact true

You can also specify the prepend version with a tilde with save-prefix.

And, no you can't force user to update to a minor or a patch version, NPM uses semver and it's the recommend way of publishing packages.

Solution 2

You can change the default behaviour by using the --save-exact option.

// npm
npm install --save --save-exact react

// yarn
yarn add --exact react

I created a blog post about this if anyone is looking for this in the future.

https://www.dalejefferson.com/blog/how-to-save-exact-npm-package-versions/

Solution 3

Run:

npm install --save --save-exact my-module@my-specific-version

_{Adding an answer to make this advice easier to see.}

21,201

Author by

twiz

#SOreadytohelp ... but only if SO sends me a t-shirt. They gave me a t-shirt. :-)

Updated on July 08, 2022

Comments

twiz almost 2 years
When you run npm install --save somepackage, it usually adds something like this into package.json:
```
"dependencies": {
    "somepackage": "^2.1.0"
}
```
Because the version is prepended with a caret(^), this means that if you later run npm install, it might install version 2.3.0 instead. This can be undesirable for fairly obvious reasons. npm shrinkwrap is useful, but doesn't really solve the problem.

So, I have several questions:
1. When installing a package, is it possible to specify that you want it to be set to a specific version in package.json (no caret before the version number)?
2. When publishing a package to npm, is there any way to prevent the default of including the caret before the version when other developers install your package?
gilly3 about 8 years

If you only want to do this for a specific package, you can add --save-exact to the command line. Eg, npm install --save --save-exact somepackage.
angularrocks.com almost 7 years

this only just save the exact versions of your top level packges - the ones specified in package.json, but won't work for any packages that top level packages are depends on. yarnpkg.com solving that problem with yarn.lock file so you have always exact versions of all of your packages.
Filnor over 6 years

While this code snippet may solve the question, including an explanation really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. Additionally, in you case, don't say "I've explained the code in my blog post", but include the majority of the content here, and use the link only as a reference
Dale Jefferson over 6 years

Thanks for the feedback Chade, I've added more detail.
Tommy over 2 years

Blog is 404 now
Allan Bowe over 2 years

This should be the default behaviour