I'm trying to npm i --save and save the package installed as "*" (keeping to the latest).
Tried:
npm i --save something#latest
npm i --save something#*
And I'm out of ideas..
If you really want to have something#* or something#latest in package.json then instead of running npm install to put it there, you should just put it there yourself and then just run: npm install with no other arguments.
Keep in mind that it may install incompatible versions in the future. What npm puts by default is using semver ranges to make sure that you install only compatible versions in the future. If you test your code with e.g. version 1.2.3 then it should still work with 1.2.4 and probably with 1.3.0 but it most likely may not work with 2.0.0 - because in semver the ony reason for a major bump are incompatible changes - see: http://semver.org/
Semantic Versioning 2.0.0
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
Related
Say you get a warning in some libraries in a repo about security concerns from github. You want to quickly bump the version just to make the github warnings going away. You are not worried about re-installing, rebuilding and testing.
Is there a way to do this with npm?
npm update mypackage does not do anything.
Now it works different, if you notice package versions in package lock.json have a prefix, sometimes its ~ sometimes ^, they have big importance when it comes to package updating, as fixing package mismatches is the worst hell.
Suppose you have package in package.json called packX with version ~1.1.1 or ^1.1.1
When you run npm update for packX npm will first of all check the version prefix for it.
If there is ~ in this case it will be understood as install packX version >=1.1.1 and <1.2.0 so the highest version it can install can only be in range of 1.1.N, it will not go up to 1.2.N.
If there is ^ then it will be understood as >=1.1.1 <2.0.0 so the highest version that can be installed will be in range of 1.N.N but connot go up to 2.N.N
Hope My explication is clear enough, anyways you can check the docs for details
npm update will only update minor versions.
Eg: It will update version 1.2.3 to 1.5.2
But it will not update version 1.2.3 to 2.0.1 because there can be breaking changes.
To check new major releases of the packages, you run npm outdated
To update to a new major versions for all the packages, you can use npm-check-updates
npm install -g npm-check-updates
Then run ncu -u
This will upgrade all the versions in the package.json file, to dependencies and devDependencies, so npm can install the new major version. Now you can update packages to new major releases by npm update
Reference
I am using nodist version 0.8.8 which is the latest one. By using this I installed latest node version 10.7.0 and latest NPM version 6.1.0. I assured it by reading the following document.
https://nodejs.org/en/download/releases/
Nw I surfed in Google to find whether NPM 6.2.0 is available? If it is I want to know the corresponding node version for it.
Node.js and NPM versions aren't directly connected, otherwise they would have matching versions.
Semantic versioning assumes that minor versions don't introduce breaking changes:
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.
This means that if NPM 6.1.0 works with Node 10.7.0, NPM 6.2.0 works with it, too.
Node version requirements are usually listed in package.json engines section, which can be checked locally or in GitHub repository.
npm package.json doesn't contain this section, so actual Node version that is suitable for it has to be deduced.
npm code base currently uses ES6 but no higher. Latest Node 6 release covers 99% of ES6 spec, it's expected that NPM 6.2.0 is fully workable with Node 6.14 or higher. Generally, it's certain that latest even major version (Node 10, as of now) doesn't have problems with latest NPM release.
You can use nvm which is node version manager
With nvm you have the option to install the latest npm compatible with your currently installed node
use this link to install nvm:
https://github.com/creationix/nvm
Node and npm are independent tools. You can very well install different versions of either.
Use
npm i -g npm#latest
to get the latest npm installed with your node.
use node -v and npm -v to get respective version informations.
Here is an example command for installing npm v2 instead of latest (which is v3):
npm install -g npm#latest-2
How does this syntax work?
Usually I use either latest or explicit version, but haven't seen such syntax before.
I've tried something similar with other packages, for example:
npm install express#latest-4
but it fails with error No compatible version found: express#latest-4
These are called tags, and they're intended to allow developers to label particular versions of their packages in a more human readable way.
By default, all versions are tagged as latest, but say you have a beta version that you want some users to test - rather than making them specify a particular version to install, you can tag your betas with npm publish --tag beta. This will then allow them to run npm install mypkg#beta to get the latest beta version.
You can also tag a version after you've already published by using npm dist-tag add <pkg>#<version> [<tag>].
See https://docs.npmjs.com/getting-started/using-tags for more info.
How do I install the latest available version of an npm package? '#latest' sure doesn't fetch the latest - I assume it means the latest stable or something.
I've been using a hack for a while because I cannot seem to find any info on this:
npm i extract-text-webpack-plugin#X
The 'X' causes it to fail and dump all possible versions where I then copy and paste the correct one instead of the 'X'. Kinda ridiculous.
I've tried 3rd party packages like 'latest-version' but they all fail to get the very latest version.
There doesn't seem to be an official to do this. For example at the time of writing the latest version of extract-text-webpack-plugin is 2.0.0-beta.4. However doing:
npm i extract-text-webpack-plugin#latest
Will install '1.0.1'
I can see the latest version by doing
npm info pkg versions --json (without --json it will cut off when there are many versions)
For lack of an actual tool I guess its going to be some grep work.
Version 1.0.1 is the 'latest' version of that package - published to the npm registry at least (tagged as latest)
From the docs for cli/dist-tag. Emphasis mine.
Tags can be used to provide an alias instead of version numbers.
For example, a project might choose to have multiple streams of development and use a different tag for each stream, e.g., stable, beta, dev, canary.
By default, the latest tag is used by npm to identify the current version of a package, and npm install (without any # or # specifier) installs the latest tag. Typically, projects only use the latest tag for stable release versions, and use other tags for unstable versions such as prereleases.
By default, other than latest, no tag has any special significance to npm itself.
If you want the beta releases, then install from GitHub, or use the tags explicitly.
$ npm install webpack/extract-text-webpack-plugin
This is made pretty clear by reading the manual.
Even more clear:
latest is an implicit tag, attached to any published version of a package that was not published with an explicit tag (--tag).
Installing xyz#latest simply looks up the release tagged as latest in the registry. In the case of this package, that's release 1.0.1. That's it. There's nothing special going on here. #latest does not pull the most recent version published to npm
The versions listed as betas were tagged differently. Obviously none of them were tagged as latest, so trying to use #latest to get one is pointless.
From the registry:
'dist-tags': { latest: '1.0.1', beta: '2.0.0-beta.4' }
Again, use the GitHub releases for the bleeding edge, or use the versions/tags explicitly.
$ npm install extract-text-webpack-plugin#beta
Here you go, made especially for you:
recent-version
recent-version-cli
Condense this into a shell script, and you're good to go:
$ npm install extract-text-webpack-plugin#$(recent-version extract-text-webpack-plugin)
Use npm update as long as you have the package installed:
npm update <package>
Currently the npm package mongoose is on version 3.8.12. Running npm install mongoose --save correctly installs version 3.8.12 and saves the dependency to package.json as follows:
"dependencies": {
"mongoose": "^3.8.12"
}
If you look in node_modules/mongoose/package.json you can see that the installed version is indeed 3.8.12. However, if I now run npm update then npm will go ahead and install an unstable version of mongoose (3.9.0). I assume this is because of the caret in the dependency entry which tells npm to go ahead and upgrade minor versions (i.e. 3.8 to 3.9). That's fine, except I don't want any prerelease versions. If I modify the dependency and remove the caret then npm update works as expected, except of course that I now have to manually upgrade the dependency version even for minor and patch updates.
You can see from running npm info mongoose that they have a "latest" tag and an "unstable" tag.
So clearly npm install uses latest unless otherwise specified, while npm update is ignoring the tag altogether and grabbing the latest minor version it's aware of.
Is there a way to modify the dependency so npm update will pull in the latest minor version but ignore any prerelease versions?
UPDATE
Same issue occurs if I try to use 3.x.x as the dependency. I was hoping that would still allow me to upgrade through minor versions without prerelease versions but that's not the case :/
Tilde (~3.8.12) technically works but it's a bandaid. The only reason it "works" is because the breaking changes being introduced are in 3.9.0-unstable and tilde doesn't allow npm to upgrade across minor versions. If these "unstable" changes were introduced in 3.8.13-unstable then this same issue would occur even when using the tilde.
UPDATE 2
I also tried manually specifying the "latest" tag: ^3.8.12-latest. That didn't change anything; npm update ignores the tag entirely, even if it's explicitly in the dependency listing itself :/
semver does not specify a way to tell apart stable and unstable versions.
As you said the caret would allow for npm update to install any 3.x.x version, while the tilde would allow any 3.8.x version even if the next version is called 3.8.13-broken.
Sadly, the same happens with any semver operator, so there's no escape.
As you see, you are better off using the specific version 3.8.12.
I would have thought the simplest approach here would be to use the tilde ~
"dependencies": {
"mongoose": "~3.8.12"
}
The difference from the "caret" ^ being that the "tilde" will match on 3.8.x where the "caret" matches anything equal or above the specified version.
Just to update for anyone who stumbled across this like I did, I did a minor semver bump and published it tagged as beta, but in the 10-15 minutes after publishing, npm installs defaulted to this beta as latest, despite it being clearly tagged.
I think there's some lag time on updating the semver table, if you give it 10-15, your future npm install <packagename> attempts should give you the correct version.