How do specify latest point release in package.json - node.js

Within a package.json file, how do I specify that I want the latest point release version of a module, event if I still have one of the same minor version?
For example, say I have a dependency on the module var, version 1.1. I have 1.1.0 installed in node_modules already, but the module revs to 1.1.1. How do I have it so that when I run npm install again, 1.1.1 replaces 1.1.0
would it be
"bar": "1.1.X"
"bar": "~1.1.*"
"bar": "^1.1.*"
or something else all together?

Use "bar": "latest" in the package.json and when you want to update use npm update.

Use #latest for the version
npm install -S bar#latest

Related

How to update package.json to latest version of each package?

Before you flag it as duplicate, I have searched for the similar questions and none of them helped me.
Currently this is what I have tried:
Delete package-lock.json file.
Delete node_modules.
Run npm update
Run npm install
This would always allow me to install the latest (minor) version of the packages in node_modules, and update the package-lock.json file. However, the package.json file does not update.
For example, my moment is package.json is stated as "moment": "^2.27.0". After running above steps, package-lock.json will update to
"moment": {
"version": "2.29.1",
...}
But package.json will still be "moment": "^2.27.0".
What is the correct way to do this? Running npm install moment manually updates the package.json to become "moment": "^2.29.1" but its quite absurd if I have to run npm install for every single dependency?
Edit
Thanks to the selected answer, I realised that I do not actually need to update my package.json, as it shows compatible version, not exact version.
package.json will not updated by npm install. That contains about dependencies and compatible version list.
"moment": "^2.27.0" meaning allowed moment version: 2.27.0 <= version < 3.0.0, not allowed moment version = 2.27.0. So when you run npm install, npm will install the latest version of major version 2(In your case, 2.29.1), But package.json will not updated by that command. Because It not contains installed version, It contains compatible version.
However, npm install moment command do install the latest version of moment, So package.json updated the latest version, because "^2.27.0" is lower than "^2.29.1".
Anyway, If you want to update your package.json, You can use npm-check-updates (a.k.a. ncu). See this answer. If you not want running ncu, You can use "latest"(Example: "moment": "latest") to install the latest version anytime.
npm outdated lists all packages that can be updated with the current, wanted and latest version numbers.
current is the currently installed version
wanted is the last minor version update
latest is the latest major version update
To update all packages to latest just do:
npm outdated | awk 'NR>1 {print $1"#"$4}' | xargs npm install
which simply calls npm install with the latest version of each outdated package.
It is highly recommended to check the resulting changes to your packages.json file just to make sure all changes are as expected.

why not specify a specified version then we don't need the package-lock.json

I'm new to NPM, sorry if my questions sounds stupid. Below is my question:
Q1-
When I install a package and specify a specified version, for example:
npm install xxx#3.5.1
but why in the package.json file, it becomes:
{
"devDependencies": {
"xxx": "^3.5.1"
}
}
I know that the extra caret (the ^ character) will accept versions like 3.5.2, 3.6.0 but not 4.0.0. But I did explicitly specify that I want version 3.5.1, so why NPM still add ^ in front of the version?
Q2-
If NPM install package with version which I what users specify, then we don't need the package-lock.json file, do we? Since all versions in the package.json file are unique and unambiguous?
1.
You can add --save-exact
npm install lodash --save --save-exact - installs the latest version and saves the exact version in the dependencies in the package.json.
2.
^ and ~ is the way npm offer to you to get the latest source of dependencies. It's risky sometimes though.
Read this for more detailed explanation. https://bytearcher.com/articles/semver-explained-why-theres-a-caret-in-my-package-json/

package.json dependency caret symbol

suppose in the package.json file I have my dependencies as-as -
"dependencies": {
"moment": "^2.22.2"
}
Here, are we saying that for the package "moment" we can use any of version 2.x.x functionality( i.e. we can use the new functions provided by 2.23.2 in our app, though we installed 2.22.2 on our computer) or are we saying that anyone else who uses our code of app can use any 2.x.x version of "moment" package ?
If you set:
"moment": "^2.22.2"
the user will download almost the v2.22.2. In this case you will download the v2.24.0
If you set:
"moment": "2.22.2"
the user will download exactly that version
If you set:
"moment": "~2.22.1"
the user will download almost the v2.22.1. In this case you will download the v2.22.2
You can use the functions in v2.9.9 if and only if the module respect the semver standard.
That is true the 99.999% of times.
can we use any of version 2.x.x functionality( i.e. we can use the new functions provided by 2.9.9 in our app, though we installed 2.22.2 on our computer)
Just to avoid confusion. You will not install version 2.22.2 on your computer. By saying ^2.22.2, npm will look what is the highest version of 2.x.x and install that version. You will never install version 2.22.2. You will install version 2.24, and when moment updates its packages to 2.25.0, you will install that version. So you will always have the latest verison 2.x.x installed, so you will get the functions of 2.9.9.
are we saying that anyone else who uses our code of app can use any 2.x.x version of "moment" package ?
Yes, you can verify this by checking out package-lock.json which is created by NPM and describes the exact dependency tree. https://docs.npmjs.com/files/package-lock.json
If your package.json is version 1.0.0 and you have 2.22.2 dependency on moment, and do npm install, you will see in package-lock.
{
"name": "mypackage",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"moment": {
"version": "2.24.0",
"resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz",
}
}
}
So everybody that installs your version 1.0.0 of your package will get moment version 2.24
why do I need to install "moment.js" again (i.e. update it) once its
installed on my computer –
You don't have to to. But the common rule is to leave node_modules out of repositories and only have package.json. So that when you publish your website to for example AWS, Azure or DigitalOcean, they will do npm install and therefore install everything, every time you publish your website.
To clarify how the flow of packages usually is
You create a package/module with specific verison
I decide to use your package
So I will do npm install (to use your package)
NPM will go through the dependency tree and install versions accordingly.
My website works and I am happy
In the meanwhile you are changing your code, and updating your package.
Few months pass and I decide to change my website. So now when I do npm install (because I updated my code), I will get your updates as well.

Specific Angular Cli Version is not installed

I need to install Angular CLI in the version 1.6.8. When I am executing this command:
npm install -g #angular/cli#1.6.8
it is getting installed well. But when I am check the version using ng -v, it displays the latest version, in my case 1.7.4.
For my code compatibility, I need version 1.6.8. And even in my dependencies in package.json, I have specified the cli as version 1.6.8 :
"#angular/cli": "^1.6.8"
Does anybody know the issue? How can I install version 1.6.8?
if you are inside a directory that has node_modules ng -v would report that version, not the global one. For updating your global CLI, move to a directory that doesn't have node_modules installed and then execute
npm uninstall -g #angular-cli
npm cache clean
npm install -g #angular/cli#1.6.8
You can change the version of the angular-cli in the package.json if you want to stick to the particular version remove the ^ symbol but this would be local
"#angular/cli": "1.6.8"
^ it means update the minor and patch version to the latest and keep the major version same.
This command will install the CLI globally on your machine.
npm install -g #angular/cli#1.6.8
So, if you have an application that already has CLI version 1.7.4 included in it, you will see that version when you run ng -v. If you would like to downgrade to an earlier version, change the version in the package.json to the exact version you would like to use, and run npm install.
In your package.json you have this:
"#angular/cli": "^1.6.8"
What you need to change it to is this:
"#angular/cli": "1.6.8"
Remove the caret from the version number.
The caret tells npm that is can install versions of a library higher than what is listed, but only if the version is a minor or patch change. So, going from version 1.6.8 to 1.7.4 is OK, but it won't jump to version 6.0.0 when that comes out.
See here for more details.

How to replace * in package.json file

I have a package.json file that lists all the dependencies I have with *'s, but I want the latest packages. I tried:
npm install --save
But that didn't replace the *'s in the file. I tried with empty strings as well, that didn't work.
Older versions of npm will update package.json when you run npm update --save, but this appears to be broken in recent versions.
Alternatively, npm-check-updates can update your package.json.
npm understands some special keywords in its package.json one of them being latest
so you can edit your file manually with something like this :
'dependencies': {
'jquery': 'latest'
}
this would always give you the latest available version of jquery no matter what.
I'd suggest you replace everything with * and run npm update --save.
This will write down the versions of the dependencies.
So
"dependencies": {
"mongo": "*"
}
will become something like
"dependencies": {
"mongo": "3.0.0"
}
EDIT: one user made a good point, * can get you in some incompatibility problems so you might want to downgrade or need to fix stuff after.

Resources