I have a bunch of devDependencies needed in order to run test suite and have production dependencies locked down with npm shrinkwrap. The problem is that when I run npm install, only production dependencies are installed, in order to install devDependencies, I have to remove npm-shrinkwrap.json and run it again.
Now if shrinkwrap contains devDependencies as well, they get installed in production, where they are not required. Surely there should be some command line arguments to force only normal dependencies to be installed?
September, 2016:
As others have mentioned as well, there were some huge efforts to enhance the shrinkwrap feature starting with npm v3.10.8.
Thanks to this, it'll be possible to keep your devDependencies locked while installing only the production dependencies:
npm shrinkwrap --dev
npm install --only=prod
2013 answer:
As stated in the NPM docs:
Since npm shrinkwrap is intended to lock down your dependencies for
production use, devDependencies will not be included unless you
explicitly set the --dev flag when you run npm shrinkwrap. If
installed devDependencies are excluded, then npm will print a warning.
If you want them to be installed with your module by default, please
consider adding them to dependencies instead.
Basically, or you lock down all deps, or only the production deps.
Not even running npm install --dev or npm install --force can transcend the shrinkwrap functionality.
It looks like this feature was recently added in v3.3 of the npm client per the changelog
You'll now be able to run npm install --only=prod to achieve the effect you wish.
EDIT 2016/09/13
I've tested out npm v3.10.8, and this functionality now works as expected. We've shrinkwrapped our devDependencies and can install only prod dependencies when we deploy.
I think it's worth mentioning that this feature should start working as expected very soon. According to this github issue, tons of people were running into the same problem, and according to this pull request, it will be in the next release (scheduled for 2016-09-08).
With the pull request merged in, all you would have to do is:
npm i --only=prod
As to npm 5 (I've tried on 5.5.1 and 5.6.0), --production (--only=prod) flag is problematic.
When package-lock.json exists in the folder,
npm shrinkwrap --production
simply changes the file name to npm-shrinkwrap.json.
How I managed to solve this issue is to run:
npm prune --production
and then run:
npm shrinkwrap --production
This is fixed in npm 3.10.8; npm install --production shouldn't install dev deps in a shrinkwrap created by npm shrinkwrap --dev: https://github.com/npm/npm/releases/tag/v3.10.8
Related
Every time I try to install packages using npm install, I'm getting npm ERR! Tracker "idealTree:inflate:" already exists error.
I've tried removing node_modules and clearing cache, but no luck for me.
I had the same issue when trying to update a v1 lockfile to v2 with npmv7, as it seems to be the case in your codebase, and the only way to make it work was to delete the lockfile, clear the cache and do a npm i again with the --prefer-dedupe flag.
With the package-lock rebuilt, npm i with no flag worked again, as did npm ci.
Before that, I tried npm i --legacy-peer-deps as it seemed to mimic npm v6 not installing peer dependencies and it failed too, however I think it's interesting to know this flag exists, check out the npm 7 announcement page for more clues : https://github.blog/2021-02-02-npm-7-is-now-generally-available/#peer-dependencies
TLDR
rm package-lock.json
npm cache clear --force
npm i --prefer-dedupe
npm update && npm i works for me.
Source: https://github.com/npm/arborist/issues/330#issuecomment-947803995
What worked for me was:
Remove package-lock.json and node_modules on the project root.
npm cache clear --force
npm install --legacy-peer-deps
Note: I need to install the dependencies with the flag because of the nature of the project, but it should work just by normally reinstalling the deps with npm install.
This error occurs in node v14, I upgrade to node v16.17.0 fix it
This might help others:
In my case I had a very small web app. Just a 'app.js' and a 'readme.md'. No 'package.json'. When deploying (using Azure Deployment Center) it returned with error 'Tracker "idealTree:inflate:" already exists'.
When I committed a 'package.json' file the deployment succeeded.
Is there a good way with npm (I'm on npm#5) to do a version bump for a nested dependency in a shrinkwrapped/lockfiled project?
Doing an npm install package#latest --save will update the shrinkwrap file as expected, but it also adds the dependency to package.json, which is not what I want. Doing an npm install --no-save package#latest will properly skip updating package.json, but it also won't update the shrinkwrap file.
Is there a simple way to update the sub-dependency and shrinkwrap file without touching package.json?
The workaround I most often use is a two-step process:
npm i --no-save subdependency#latest && npm shrinkwrap --dev
This is not ideal, but it works. Hopefully someone else has a one-step solution.
Update:
Nowadays, I do this:
npm i --save subdependency#latest && npm uninstall --save subdependency
...which is also annoying.
The below question refers to a project I'm not publishing to npm.
In NPM 3, if I had a package in devDependencies and ran shrinkwrap (without --development) then npm-shrinkwrap.json would not include the packages in devDependencies.
But with NPM 5, packages in dependencies and devDependencies are added to package-lock.json, with those from devDependencies having "dev": true.
So, if I'm just using npm install x to add packages and npm install to install everything on, say, a build server, is a package listed in dependencies treated any differently from a package listed in devDependencies?
It will make sense on production. When you'll need to install all packages, except dev.
npm i --production
From npmjs.org:
With the --production flag (or when the NODE_ENV environment variable is set to production), npm will not install modules listed in devDependencies.
If I update the package.json file in an NPM workflow app, what command do existing users run to update their local node_modules dependencies?
To start using it, they run:
$ npm install
So what do they run if there is a change to the package.json file? Or do they just delete the folder and re-run the npm install command?
To re-validate the package.json and install adjusted versions or new packages:
$ npm install
The one thing this won't do is remove packages that aren't in package.json. To do that, run:
$ npm prune
If you've only changed package versions and not added new packages:
$ npm update
If you you've updated a specific package version:
$ npm update {packagename}
You should either do
npm install && npm prune
or
npm upgrade && npm prune
npm install will be faster than npm upgrade because it only updates packages in node_modules if package.json demands a newer version. npm uprade, on the other hand, will download updates to dependencies if they are available, which may include bug fixes. For ≥npm-5, you should use npm install because npm upgrade will have the side-effect of modifying any package-lock.json file which should not be modified unless if you are the package’s maintainer.
npm prune is necessary because the updates to package.json may have removed dependencies. If you do not run npm prune, packages installed by a prior version of package.json will remain in the node_modules directory that would not be there if you freshly downloaded/cloned the project and ran npm install. Due to how some packages conditionally call require() or even scan the node_modules directory, leaving packages which were removed from package.json can result in unexpected behavior.
npm update seems to just update the packages in dependencies, but what about devDependencies.
Right now you can install devDependencies by running npm install ., but this doesn't work for npm update .
Any ideas?
To update package.json in addition to the local modules, run
npm update --save-dev
Alternatively, the same command to save time
npm update -D
You can view the full detail of update, or any command for that matter through
npm help <cmd>
Install npm-check-updates (https://www.npmjs.org/package/npm-check-updates), then jump into your project folder and run:
npm-check-updates
And to update and save changes to your package.json file:
npm-check-updates -u
These steps worked for me :
npm install -g npm-check-updates
ncu -u
npm update
npm install
npm outdated - for an overview what's outdated
npm install -g npm-check-updates - as pointed correctly by Michael
ncu -u - it'll automatically update all dependencies (also dependencies, i.e., it's of course different than devDependencies) versions in package.json, without reinstalling it yet. It'll just change the "numbers" in package.json
npm update - actual dependencies installation
(Optional, depending by scenario) you might need to use the flag --force, or (new in NPM v7) --legacy-peer-deps to complete the process. You can read about difference between those 2 on What does npm install --legacy-peer-deps do exactly? When is it recommended / What's a potential use case?
(Optional) you can validate it using ncu -u and for correctly updated dependencies you should see the text All dependencies match the latest package versions :)
This problem does no longer excise with the current version of NPM (1.3.11).
Update works fine with: npm update
If you are using outdated npm version it might be the problem. So before any other commands execute:
sudo npm install npm -g
or (if above doesn't work):
sudo npm update npm -g
Then relaunch the console (in order for changes to take effect).
Now you can check your new npm --version and if it is up to date execute:
npm update
or (if you prefer):
npm update --save-dev
I ran into the same problem as OP had, and found no solution, so I decided to write a Grunt plugin that will auto-update my devDependencies..
It's on Github, I'd love to get some input and collaborations in order to make it the best tool that NPM hasn't provided.
Basically it will auto-update your outdated development dependencies with a simple Grunt Task.
https://github.com/pgilad/grunt-dev-update
What worked for me is installing individual dev dependencies like this
npm install react-test-renderer#15.6.1 --save --only=dev
i found the answer onhttps://nodejs.dev/learn/update-all-the-nodejs-dependencies-to-their-latest-version and this is working for me for all the major release as well
npm install -g npm-check-updates
ncu -u
npm update
to check the outdated package use
npm outdated
One (slow) way to do force the update, is to remove the node_modules directory, and then do npm install again.
This was a known bug of the npm update command, which has been fixed on the development branch of npm, see here:
https://github.com/isaacs/npm/pull/3863
It should land on the latest stable version of npm pretty soon.