I'm maintaining a npm package for which I received a GitHub dependabot security alert for one of it's dependencies. I accepted the gh bot proposal which ended up in a gh pull request with an updated package-lock.json. I checked out the pr branch locally and run my tests against it. It is all ok and I want to merge it into master. But how do I publish the new package, do I have to create a new version or is it best practice to crate a new npm version? Because nothing else changed (only one dependency) can I just update the package without creating a new version? Thanks for your thoughts.
I read the npm documentation, but couldn't find any solution.
Well, I think you can try this in your terminal and will update the npm version. I think this would be helpful.
https://docs.npmjs.com/cli/v6/commands/npm-version
commands: this will update to the latest version.
npm install npm#latest -g
Related
How can I point to the master of a particular project repository using a node package.json? For instance, I am using karma-jasmine package in my project and is referred as "karma-jasmine": "1.1.0" in package.json. Now, the latest version of karma-jasmine is 1.1.1. But there is a bug which has been patched on their repository which is in the project's master branch. But it is not yet part of any release.
Could I by any means point to the master of the project repository so that I could have the access to the fixed code rather than waiting until they release a newer version? Is it possible at all?
Thank you.
To answer your question you can load from github directly by doing
npm install karma-runner/karma-jasmine
or
npm install karma-runner/karma-jasmine#branch
To your issue though, https://www.npmjs.com/package/karma-jasmine lists 1.1.1 as the current which matches the GitHub repo version for master and that is the latest commit.
So you most likely you can just do
npm install --save-dev karma-jasmine#latest
NPM modules are only available on the registry once they've been published there by their authors. If the project in question has merged the fix to master, but not yet published an updated release to the registry, there's no way for you to get it short of cloning their repo and building it yourself.
The problem is that if I use a command like so:
npm install -g github:user/repo#branch_x
It will not install the latest package represented by that branch_x. I currently am guessing that it just uses the master branch. But I would like to install based off of a branch other than master.
I just opened this issue with NPM
https://github.com/npm/npm/issues/17623
Has anyone seen the same issue? Anyone know a workaround?
Just migrated to Node 4.1.2 from 0.10. One of the packages being installed via npm install errors due to node-gyp having a problem with one of its dependencies, it's quite a few versions out of date. The issue has been brought up on the repo but hasn't seen activity since May. Is there a way to tell NPM to install this package but with the outdated dependency using a newer version?
EDIT:
I've copied over an installed version from node_modules in an older project. npm install -g npm-check-updates then ncu in the node_modules/bs-html-injector/ directory. It lists updates, ncu -u will update the package.json, npm install after. I run my gulp task and html is injecting fine, all seems fine :) Would still like to know how to do this if I didn't have a local copy installed by NPM. It looks like it's just a 1:1 copy from the github repo?
With npm, you can install packages from GitHub directly:
npm install user/repo#branch
You can fork the package on GitHub, make and propose the changes you need and use your fork as a dependency in your project until PR is merged.
you can use --force to force install it
I´m facing a funny problem. I wrote a small module with some function to work with the xbee-api in nodejs. I created a git repository and published the module at npm website. I can see on github and npm the newest version (0.0.4) but neither npm install nor npm update install the new version.
Is there some time buffer before installing a new version? I also tried with --force but still 0.0.2 is the latest version which will be installed.
EDIT:
I found out that changing in package.json from ^0.0.2 to * the newest version will be installed.
But from my understanding, ^0.0.2 should install also all minor releases below 1.0.0. Is this correct?
Publish my first npm package earlier today. Set it to v0.0.0. I've fixed a bug and done:
npm version patch -m "Bumped to version %s"
It has now been set to v0.0.1
I pushed to github (with tags) but it's not updated the npm package version on npmjs.org.
Do I need to do something else? Will it update itself?
You will have to manually publish the new version I'm afraid:
$ npm publish
npm-version doesn't seems to push into the repository: https://npmjs.org/doc/cli/npm-version.html
If you want to automate both process though, you can look at a specific Grunt task: https://github.com/geddski/grunt-release
$ grunt release
Edit:
Oh in fact, there is a standalone release plugin that works with npm (No need for Grunt if you don't want to then): https://npmjs.org/package/npm-release