Say you get a warning in some libraries in a repo about security concerns from github. You want to quickly bump the version just to make the github warnings going away. You are not worried about re-installing, rebuilding and testing.
Is there a way to do this with npm?
npm update mypackage does not do anything.
Now it works different, if you notice package versions in package lock.json have a prefix, sometimes its ~ sometimes ^, they have big importance when it comes to package updating, as fixing package mismatches is the worst hell.
Suppose you have package in package.json called packX with version ~1.1.1 or ^1.1.1
When you run npm update for packX npm will first of all check the version prefix for it.
If there is ~ in this case it will be understood as install packX version >=1.1.1 and <1.2.0 so the highest version it can install can only be in range of 1.1.N, it will not go up to 1.2.N.
If there is ^ then it will be understood as >=1.1.1 <2.0.0 so the highest version that can be installed will be in range of 1.N.N but connot go up to 2.N.N
Hope My explication is clear enough, anyways you can check the docs for details
npm update will only update minor versions.
Eg: It will update version 1.2.3 to 1.5.2
But it will not update version 1.2.3 to 2.0.1 because there can be breaking changes.
To check new major releases of the packages, you run npm outdated
To update to a new major versions for all the packages, you can use npm-check-updates
npm install -g npm-check-updates
Then run ncu -u
This will upgrade all the versions in the package.json file, to dependencies and devDependencies, so npm can install the new major version. Now you can update packages to new major releases by npm update
Reference
As Title.
I am working with a team developing on a js application. However, sometimes we will build and deploy the application without aware of some of dependencies is updated. This causes some defects.
Is there any way we can resolve it? Let say any way to enforce checking dependency version before npm build/yarn run build.
You can use dependency locking, via a yarn.lock or a package-lock.json file. Checking in the lockfile will ensure that every developer is using the same versions of your dependencies.
Then, before building you can reinstall dependencies with yarn install or npm install or just validate that local installation matches with yarn install --check-files or npm ci.
You can remove the caret sign (^) before versions of packages from your package.json.
This will ensure that the exact version is installed every time you run npm i on the server.
Using package-lock.json as suggested in the other answer also helps achieve the same.
I have an Electron app that I'm trying to install node modules for. When I run npm install, it creates the node_modules folder but all the modules go into a subfolder called .staging. Each module also has -xxxxx appended to it, where the x's are some random alphanumerics.
Other Electron apps I've created have never done this. All the node modules sit in the root of node_modules and don't have -xxxxx appended.
Any idea why this is happening?
I was also facing the same issue, I tried the steps below:
Delete package-lock.json
Delete Node Modules folder
Try installing it using below command (should be in open network)
npm install
Note: - ".staging" means, those dependencies are getting downloaded so for the temporary basis it keeps all those dependencies under ".staging" folder. Once all gets downloaded properly then it will showcase them under node_modules only.
I hope this will work.
This only happens temporarily until the modules are downloaded and installed. Node seems to do this so it can place together common submodules from all the modules you are installing so it can better structure the node modules folder(mainly for windows users).
If this is happening after an npm install finishes it is likely that there is something wrong with your node installation or something in the install failed.
If you're automatically installing node_modules using CI/CD you should check out npm ci. Also check out this Stackoverflow question.
npm ci
The documentation points out the differences between npm install and npm ci.
The project must have an existing package-lock.json or npm-shrinkwrap.json
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.
If a node_modules is already present, it will be automatically removed before npm ci begins its install. This is nice, because it prevents having to do something like rm -rf node_modules.
It will never write to package.json or any of the package-locks: installs are essentially frozen.
.staging is a temporary npm folder, where the modules are temporarily saved while they are being downloaded, if the package.json downloads are still not completed, the created folder remains, until the installation is complete.
The problem may be lack of space on your hard drive.
I was having 2 versions of node installed on my system.
nodejs v4.2 and node v8.6
I thought this could be conflicting, so I deleted nodejs v4.2 with following commands.
sudo apt-get remove nodejs
and linked the path with
sudo ln -s /usr/bin/node /usr/bin/nodejs
Again I ran npm install and it got fixed
Delete package.lock.json
Delete node_modules
run npm update
This worked for me
I moved the project from C drive to other drive and ran the following commands
take a backup of older node modules if you are running this and existing project
npm cache clean --force
npm update
I faced similar issue and tried the above answers but it did'nt worked for me;
I followed below steps to resolve this issue-
1.npm audit
By running npm audit I got list of pending packages to install-
2.npm i packagename
After installing one or two package one by one from list, I used
3.npm install
At this time the installation went smooth without any lag or hangup. Hope this help who is facing similar issue :).
Sometimes the cache is corrupt and also unremovable.
This fixed the issue I was experiencing.
If you are using nvm
Get the current node version node --version
nvm uninstall (that version)
nvm install (that version)
nvm use
npm install
If you have a windows machine where you do not posses Admin rights to it.
Try deleting node_modules and install using 'npm install' from command line as
'ADMINISTRATOR'
It works!
Anyways, it comes down to an open network thing ;)
I have the following scenario:
project with installed node_modules
work directory is emptied
project is freshly cloned from git
npm install is run
I have a dependency required as ~1.0.0 in package.json. This dependency was previously installed in version 1.0.1. It has now newer versions, e.g. 1.0.2, available but still gets installed as 1.0.1 by npm install. But I want the dependency to get updated within the range that I specified.
Why is that and how could I solve this? Would using npm update instead/ afterwards help?
BR
Chris
Just migrated to Node 4.1.2 from 0.10. One of the packages being installed via npm install errors due to node-gyp having a problem with one of its dependencies, it's quite a few versions out of date. The issue has been brought up on the repo but hasn't seen activity since May. Is there a way to tell NPM to install this package but with the outdated dependency using a newer version?
EDIT:
I've copied over an installed version from node_modules in an older project. npm install -g npm-check-updates then ncu in the node_modules/bs-html-injector/ directory. It lists updates, ncu -u will update the package.json, npm install after. I run my gulp task and html is injecting fine, all seems fine :) Would still like to know how to do this if I didn't have a local copy installed by NPM. It looks like it's just a 1:1 copy from the github repo?
With npm, you can install packages from GitHub directly:
npm install user/repo#branch
You can fork the package on GitHub, make and propose the changes you need and use your fork as a dependency in your project until PR is merged.
you can use --force to force install it