Is there a good way with npm (I'm on npm#5) to do a version bump for a nested dependency in a shrinkwrapped/lockfiled project?
Doing an npm install package#latest --save will update the shrinkwrap file as expected, but it also adds the dependency to package.json, which is not what I want. Doing an npm install --no-save package#latest will properly skip updating package.json, but it also won't update the shrinkwrap file.
Is there a simple way to update the sub-dependency and shrinkwrap file without touching package.json?
The workaround I most often use is a two-step process:
npm i --no-save subdependency#latest && npm shrinkwrap --dev
This is not ideal, but it works. Hopefully someone else has a one-step solution.
Update:
Nowadays, I do this:
npm i --save subdependency#latest && npm uninstall --save subdependency
...which is also annoying.
Related
What is the proper way to update an intermediary dependency with npm in the presence of the package-lock.json file?
For example:
$ npm outdated --depth=1 eslint
Package Current Wanted Latest Location
eslint 4.9.0 4.10.0 4.10.0 MyApplication1 > grunt-eslint
The package-lock.json is doing its job by keeping eslint (an intermediary dependency, in this case for grunt-eslint) at 4.9.0. How do I update to eslint#4.10?
I have tried the following commands but npm doesn't do anything:
npm update grunt-eslint --dev --depth 1
npm update eslint --dev
It works if I add eslint as a top-level dependency but I don't think that is the correct way to do this.
This is clearly a hacky workaround but it serves the purpose:
npm install eslint --save-dev && npm uninstall eslint --save-dev
I'll be happy to accept another answer if there is a better method of doing this.
Following this question, NPM dependencies can be installed using:
$ npm install --ignore-scripts
Is there a way to mark that a dependency should be installed without running scripts in package.json?
This is because, when I run npm install --ignore-scripts, the dependency is added to package.json. As a result, other users will install the package while running scripts, however I want this certain package to never run scripts.
I could be wrong but I believe its: npm install -ignore-script package-name#version
PS E:\test> npm install <packagename> --save -dev
Says --dev option is depreacated use --only=dev
npm WARN install Usage of the --dev option is deprecated. Use --only=dev instead.
When I change my call to npm as shown below
PS E:\test> npm install <packagename> --only=dev
I get the following error
-- (empty)
npm ERR! code
How can I debug this and know more about it ??
This is really an interesting situation. Indeed you made a typo. Instead of writing --save-dev you wrote --save -dev. There is already a --dev argument which can be used in order to install only the development dependencies that are defined in your package.json. Probably the parser thinks that you wanted to type --dev instead of -dev so it gives you the deprecation warning. The --dev is deprecated and is replaced by the --only=dev argument. This only works for the entire package.json and not for a specific package. So the npm install <packagename> --only=dev is kind of invalid.
If you need to install a new module and save it devDependencies section in package.json you should use the command:
npm i <packagename> -D
# or:
npm i <packagename> --save-dev # without space
If your devDependencies section is not empty, and you want to install only modules from that section you should use the command:
npm i --only=dev
The --only={prod[uction]|dev[elopment]} argument will cause either only devDependencies or only non-devDependencies to be installed regardless of the NODE_ENV.
You have a space in the option. The correct option is --save-dev, not --save -dev
You will need mention your node and npm versions as when I try this:
npm install bower --save-dev
This works fine.
I have a bunch of devDependencies needed in order to run test suite and have production dependencies locked down with npm shrinkwrap. The problem is that when I run npm install, only production dependencies are installed, in order to install devDependencies, I have to remove npm-shrinkwrap.json and run it again.
Now if shrinkwrap contains devDependencies as well, they get installed in production, where they are not required. Surely there should be some command line arguments to force only normal dependencies to be installed?
September, 2016:
As others have mentioned as well, there were some huge efforts to enhance the shrinkwrap feature starting with npm v3.10.8.
Thanks to this, it'll be possible to keep your devDependencies locked while installing only the production dependencies:
npm shrinkwrap --dev
npm install --only=prod
2013 answer:
As stated in the NPM docs:
Since npm shrinkwrap is intended to lock down your dependencies for
production use, devDependencies will not be included unless you
explicitly set the --dev flag when you run npm shrinkwrap. If
installed devDependencies are excluded, then npm will print a warning.
If you want them to be installed with your module by default, please
consider adding them to dependencies instead.
Basically, or you lock down all deps, or only the production deps.
Not even running npm install --dev or npm install --force can transcend the shrinkwrap functionality.
It looks like this feature was recently added in v3.3 of the npm client per the changelog
You'll now be able to run npm install --only=prod to achieve the effect you wish.
EDIT 2016/09/13
I've tested out npm v3.10.8, and this functionality now works as expected. We've shrinkwrapped our devDependencies and can install only prod dependencies when we deploy.
I think it's worth mentioning that this feature should start working as expected very soon. According to this github issue, tons of people were running into the same problem, and according to this pull request, it will be in the next release (scheduled for 2016-09-08).
With the pull request merged in, all you would have to do is:
npm i --only=prod
As to npm 5 (I've tried on 5.5.1 and 5.6.0), --production (--only=prod) flag is problematic.
When package-lock.json exists in the folder,
npm shrinkwrap --production
simply changes the file name to npm-shrinkwrap.json.
How I managed to solve this issue is to run:
npm prune --production
and then run:
npm shrinkwrap --production
This is fixed in npm 3.10.8; npm install --production shouldn't install dev deps in a shrinkwrap created by npm shrinkwrap --dev: https://github.com/npm/npm/releases/tag/v3.10.8
npm update seems to just update the packages in dependencies, but what about devDependencies.
Right now you can install devDependencies by running npm install ., but this doesn't work for npm update .
Any ideas?
To update package.json in addition to the local modules, run
npm update --save-dev
Alternatively, the same command to save time
npm update -D
You can view the full detail of update, or any command for that matter through
npm help <cmd>
Install npm-check-updates (https://www.npmjs.org/package/npm-check-updates), then jump into your project folder and run:
npm-check-updates
And to update and save changes to your package.json file:
npm-check-updates -u
These steps worked for me :
npm install -g npm-check-updates
ncu -u
npm update
npm install
npm outdated - for an overview what's outdated
npm install -g npm-check-updates - as pointed correctly by Michael
ncu -u - it'll automatically update all dependencies (also dependencies, i.e., it's of course different than devDependencies) versions in package.json, without reinstalling it yet. It'll just change the "numbers" in package.json
npm update - actual dependencies installation
(Optional, depending by scenario) you might need to use the flag --force, or (new in NPM v7) --legacy-peer-deps to complete the process. You can read about difference between those 2 on What does npm install --legacy-peer-deps do exactly? When is it recommended / What's a potential use case?
(Optional) you can validate it using ncu -u and for correctly updated dependencies you should see the text All dependencies match the latest package versions :)
This problem does no longer excise with the current version of NPM (1.3.11).
Update works fine with: npm update
If you are using outdated npm version it might be the problem. So before any other commands execute:
sudo npm install npm -g
or (if above doesn't work):
sudo npm update npm -g
Then relaunch the console (in order for changes to take effect).
Now you can check your new npm --version and if it is up to date execute:
npm update
or (if you prefer):
npm update --save-dev
I ran into the same problem as OP had, and found no solution, so I decided to write a Grunt plugin that will auto-update my devDependencies..
It's on Github, I'd love to get some input and collaborations in order to make it the best tool that NPM hasn't provided.
Basically it will auto-update your outdated development dependencies with a simple Grunt Task.
https://github.com/pgilad/grunt-dev-update
What worked for me is installing individual dev dependencies like this
npm install react-test-renderer#15.6.1 --save --only=dev
i found the answer onhttps://nodejs.dev/learn/update-all-the-nodejs-dependencies-to-their-latest-version and this is working for me for all the major release as well
npm install -g npm-check-updates
ncu -u
npm update
to check the outdated package use
npm outdated
One (slow) way to do force the update, is to remove the node_modules directory, and then do npm install again.
This was a known bug of the npm update command, which has been fixed on the development branch of npm, see here:
https://github.com/isaacs/npm/pull/3863
It should land on the latest stable version of npm pretty soon.