I could not find any documentation which says that npm will not try to install a deprecated package version.
example:
2.0.0-beta.2 2.0.0-beta.5 2.0.0-rc.9
So if I install ^2.0.0-beta.2, it will resolve to 2.0.0-rc.9
And if I deprecate 2.0.0-rc.9
2.0.0-beta.2 2.0.0-beta.5 2.0.0-rc.9
(deprecated)
Now if I install ^2.0.0-beta.2, it will resolve to 2.0.0-beta.5
But I could not find any documentation which proves this behavior. Can someone please help to validate this?
I tested and confirmed that it does indeed ignore deprecated versions if there is another version it can use. (I temporarily deprecated metal-name version 1.3.1 and then ran npm install metal-name#1. It installed version 1.3.0 instead of 1.3.1. When I removed the deprecation for version 1.3.1, it went back to installing 1.3.1 when I ran npm install metal-name#1.
I can not find this behavior mentioned in the npm CLI documentation. However, I can find it mentioned in the commit log for the npm CLI client.
npm uses npm-pick-manifest to determine what to install. The README for that module says:
Prefers non-deprecated versions to deprecated versions.
NPM will do whatever you told it to do, based on your package.json rule for each dependency. If you use ^ as version prefix then yeah: you literally told NPM to use "whatever is the most up to date minor release".
See both the documentation for dependency management and the semver range documentation for what syntax is accepted and what they all mean.
Related
I have 1 node library called sample, and anyone who would like to use my library must install it using npm i sample --save.
Let say the current version of sample is 3.0.0 and I would like to mark the version < 2.0.0 to be out-of-date.
E.g., client A installs library#1.0.0 should get out-of-date warning when running npm outdated.
How can I configure my sample?
There is a subcommand in npm called deprecate.
You can use the subcommand like this npm deprecate <pkg>[#version] <message>
To get more detailed explanation of the command and example , from the terminal run npm help deprecate
You can use npm deprecate. Basically you can run the following command:
npm deprecate library#"<2.0.0" "All versions older than v2.0.0 are deprecated."
Docs: https://docs.npmjs.com/cli/deprecate
I'm trying to npm i --save and save the package installed as "*" (keeping to the latest).
Tried:
npm i --save something#latest
npm i --save something#*
And I'm out of ideas..
If you really want to have something#* or something#latest in package.json then instead of running npm install to put it there, you should just put it there yourself and then just run: npm install with no other arguments.
Keep in mind that it may install incompatible versions in the future. What npm puts by default is using semver ranges to make sure that you install only compatible versions in the future. If you test your code with e.g. version 1.2.3 then it should still work with 1.2.4 and probably with 1.3.0 but it most likely may not work with 2.0.0 - because in semver the ony reason for a major bump are incompatible changes - see: http://semver.org/
Semantic Versioning 2.0.0
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
Here is an example command for installing npm v2 instead of latest (which is v3):
npm install -g npm#latest-2
How does this syntax work?
Usually I use either latest or explicit version, but haven't seen such syntax before.
I've tried something similar with other packages, for example:
npm install express#latest-4
but it fails with error No compatible version found: express#latest-4
These are called tags, and they're intended to allow developers to label particular versions of their packages in a more human readable way.
By default, all versions are tagged as latest, but say you have a beta version that you want some users to test - rather than making them specify a particular version to install, you can tag your betas with npm publish --tag beta. This will then allow them to run npm install mypkg#beta to get the latest beta version.
You can also tag a version after you've already published by using npm dist-tag add <pkg>#<version> [<tag>].
See https://docs.npmjs.com/getting-started/using-tags for more info.
When I download "Intermediate - Advanced users" version of polymer starter kit from github here and on the 4th step of these instructions here I always getting these WARNs:
$ sudo npm install
npm WARN deprecated gulp-minify-css#1.2.4: Please use gulp-clean-css
npm WARN deprecated graceful-fs#3.0.8: graceful-fs version 3 and before will fail on newer node releases. Please update to graceful-fs#^4.0.0 as soon as possible.
npm WARN engine launchpad#0.5.1: wanted: {"node":"^0.12"} (current: {"node":"4.4.2","npm":"2.15.0"})
npm WARN deprecated lodash#1.0.2: lodash#<3.0.0 is no longer maintained. Upgrade to lodash#^4.0.0.
npm WARN optional dep failed, continuing fsevents#1.0.11
npm WARN deprecated graceful-fs#1.2.3: graceful-fs version 3 and before will fail on newer node releases. Please update to graceful-fs#^4.0.0 as soon as possible.
npm WARN deprecated jade#0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
No matter what OS I'm using: tried both Ubuntu and Windows (git bash).
I have npm, bower, gulp installed globally but there's always those WARNs.
I think that maybe it's a dependencies problem or it's because of some code in some of polymer starter kit files, but I'm not a pro developer, so I can't find what is causing the problem
It's all seems to work though when I deploy the project, but I'm new to web dev and not sure if I have to just close my eyes on these WARNs
Nothing to worry about with those warnings. Those come from the npm packages that are set as dependencies in the package.json file. When you run npm install it will install all packages set in the package.json. Every single package has their own package.json that also has some dependenices. Each package install their own needed version of that package and sometimes they use older versions of those packages. Only way to get rid of those warnings would be to get the package creators to update their packages.
Only package that you can update yourself is the gulp-minify-css. You can uninstall that package npm remove gulp-minify-css --save-dev and install the newer non-deprecated version gulp-clean-css. npm install gulp-clean-css --save-dev. If you do that you need to update the gulpfile.js for the project to use the new package.
Find the styleTask for the starter-kit in the gulpfile.js:
var styleTask = function(stylesPath, srcs) {
return gulp.src(srcs.map(function(src) {
return path.join('app', stylesPath, src);
}))
.pipe($.changed(stylesPath, {extension: '.css'}))
.pipe($.autoprefixer(AUTOPREFIXER_BROWSERS))
.pipe(gulp.dest('.tmp/' + stylesPath))
.pipe($.minifyCss())
.pipe(gulp.dest(dist(stylesPath)))
.pipe($.size({title: stylesPath}));
};
and change the .pipe($.minifyCss()) row to be .pipe($.cleanCss({compatibility: 'ie10'}))
Now you have managed to update the starter-kit to use newer non-deprecated package.
Many packages in the npm package manager have some deprecated packages or cause other warnings while installing but most of the time there is no need to worry.
No need to worry about those warnings in this case. They shouldn't cause the problems that you allude to. I verified the PSK guide you mentioned (the page completely appears and functions without error in Chrome Version 49.0.2623.112 on OSX El Capitan).
npm displays deprecation warnings when a dependency being installed has been deprecated by the dependency's package owner/maintainer usually in favor of another package/version that has significant improvements. Packages can be deprecated/undeprecated at will and long after your app has been deployed.
For example, in January, you release an app that depends on gulp-minify-css#1.2.4. The owner of gulp-minify-css no longer has time to maintain the package, so he decides in March to deprecate it in favor of the actively maintained gulp-clean-css. Now, users who npm install your app (which also installs gulp-minify-css) see this deprecation warning, but your app still functions normally. The deprecation does not invalidate your app or cause errors.
While normally one might try to upgrade the dependencies to remove the warnings, that is not recommended for PSK due to package incompatibilities as recently discovered in a pull request:
So I just took this for a spin and I ran into some issues :( although
the current gulp plugins are deprecated they are working for the
community! This PR represents a "high risk" change, that we have found
to be breaking in several odd ways. For that reason I am going to
close this PR for now. That said let's revisit this PR in a few months
and see if things have stabilized more.
I am installing a module globally
$ npm install -g X
and NPM says
"npm WARN deprecated lodash#1.0.2: lodash#<3.0.0 is no longer
maintained. Upgrade to lodash#^4.0.0"
how can I find out which module has an dependency on this old version of lodash?
The warning message from NPM doesn't seem to give me any clue which module references this old version (I believe that the module X does not have a direct dependency on this old version of lodash.).
I got an answer for the similar question: https://stackoverflow.com/a/36335866/1115187
Briefly:
npm outdated --depth=3
This command will analyze installed NPM-packages and their versions. The report will contain:
package name
latest version
current version
dependency path (down to depth level)
Hope, this information could help you to gather info about outdated packages.
Next step - get in touch with maintainers of the appropriate package, and ask them to update the package (maybe, you would like to send a pull request).
UPD: npm-check
There is a great npm package: npm-check, that allows checking outdated dependencies. Probably
My favorite feature: Interactive Update — run npm-check -u in the project folder. An interactive menu shows all required information about dependencies in the current folder and allows to update all dependencies in 3 seconds.
npm la <package-name>
also works, and will give you the most details about the dependency graph of a dependency.
npm ls <package-name>, does something similar but gives you less details
Use npm list. It will print out all of the packages your module depends on as well as your dependencies dependencies and so forth. Maybe redirect output to a file or grep it so you can search it more easily.
use this
sudo npm install --unsafe-perm -g expo-cli
You could search through all the package.json files under node_modules and see which ones are dependent on lodash 1.0.2.
For deprecated files you should use the "npm i [package]" syntax, in this case you should use: npm i X and it will fetch all necessary packages, including deprecated ones, but which are required for your installation.
Npm documentation link: https://docs.npmjs.com/using-deprecated-packages