NPM. Installing dependencies older than a specific date - npm

I want to install dependencies that older than a specific date. For this goal I write before=2021-06-15 to the local .npmrc file. And run npm install <dep>. But NPM installs the latest version anyway.
Why the written config param is not working?
This config param is described here: https://docs.npmjs.com/cli/v6/using-npm/config?v=true#before
I tried to:
run npm install <dep> --before="2021-06-15",
use different date formats
with the same results.

Related

How to update npm package's dependency?

I am trying to update dependency of package I am installing trough npm.
When I install appium package, I get version 1.22.0 which is correct. But this package also have dependencies that getting regular updates on github and are propagated on npmjs.
But when I install main package, dependency is not latest.
For example, I need to update appium-espresso-driver dependency of appium to 1.50.1, but everytime I install appium, dependency is only 1.45.3, even when appium have ^1.0.0 in package.json
How to update this? Do I need to wait for appium package to be bumped?
If you want to update all the packages to the latest version and you are using npm, you can see this documentation npm-update, but the short answer is:
npm update
This helps to update every package of the project, you can do it in the root folder, and update everything in the package.json.
If you want to update everything to a latest version, you can use npm-check-updates, this will check the latest version of the packages that you have installed on package.json, I will show you the easy steps to install this but you can go through the documentation of the module in here:
npm install -g npm-check-updates
This will install you the package, then after that you need to run in in the root folder:
ncu -u
So after that command it will update all the packages in the package.json but not install them, so after running ncu -u you need to run again:
npm install
To install the new versions of the package.

Different commands give different npm versions when check for installed npm version

As per this SO Solution I tired to install the specific version of react-native-calendars like follows,
npm install react-native-calendars#1.212.0
Once the installation is done I am able to see it in package.json like this
"react-native-calendars": "^1.212.0"
This indicates required venison is installed.
When I ran npm view react-native-calendars version result is 1.1252.0 -- which is latest version of react-native-calendars.
when I ran npm list react-native-calendars result is -- react-native-reanimated#1.13.2
what is npm command to be used to check for installed npm package version?
npm view shows the package on the remote NPM repository.
npm list shows the package version installed.
package.json shows the package version range to be used.
The -- ... in npm list is showing it's dependencies in a tree. To see just the package, use npm list package --depth=0.
I can see you are using npm list, which is the correct command to check node modules version. But the strange thing is that its returning a different version other than mentioned in package json. So I think you need to do 3 things.
1: Uninstall the package completely.
2: Clean gradlew cache and install the module again mentioning specific version number and check again.
3: Start npm with --reset-cache.

Install package from npm after linking to another local package with updated version

I'm sure others have this workflow, so I must be missing something here.
How does one go about developing a new version of a package, linking it to test in another app, and then installing another (unrelated) package?
What I've done:
Run git clone git#package-to-update && cd package-to-update.
Edit package, update package-to-update/package.json version to 2.0.0.
Update my-app/package.json to use package-to-update#2.0.0.
cd package-to-update && npm link && cd my-appp && npm link package-to-update.
Test out my-app, see that package-to-update#2.0.0 resolves the issue, have a small party.
Push to package-to-update's upstream, create a merge request, and wait for maintainers to merge in my changes.
Use my local, linked version in the meantime as it's required for the feature I'm working on.
Notice I need another package other-unrelated-package in my-app.
Run cd my-app && npm install other-unrelated-package.
NPM fails because it's trying to pull package-to-update#2.0.0, which is not yet published.
Cry.
Is the only option here to run the following process every time you want to npm install?
Downgrade package-to-update in my-app/package.json.
Run npm install other-package.
Run npm link package-to-update.
Upgrade package-to-update in my-app/package.json".
I generally only use npm link for development. If I want to use a local version and not have to deal with re-linking, I install it by path rather than by version.
npm install /file/path/to/your/module
Then you'll end up with a file: URL like this in your package.json:
"slug": "file:../../slug"
Subsequent npm install won't search the registry in that case. (Since it will avoid the registry on future npm install runs, it also means you need to remember to change it back to the registry when the version with your patch is released!)
I haven't tested, but this method may require that you only care about it as an immediate dependency and not a dependency of another dependency. Based on your workflow above, that seems to be the case, but mentioning it here for other folks.

How to override package.json "latest" dist-tag with version from package-lock.json?

I want to use latest distribution tag in my package.json for internal packages. This allows me to always get their latest versions when I npm install in local environment, without updating all external 3rd parties.
The issue comes when I'm hotfixing deployed verion:
For hotfix purpose I generate and save package-lock.json for each deployed version of the application.
But when I npm install during hotfix preparation, there is a conflict between versions of internal package in package.json and package-lock.json: package-lock.json points to version that was used in deployed application, but package.json point to latest distribution tag, which itself points to later version.
Since version specified in package-lock.json doesn't suit to version range specified in package.json (which is very specific - only the latest version will suit), npm install ignores package-lock.json and installs the latest version.
I searched through documentation and internet and didn't find any existing solution for the issue:
I didn't find any npm install flag that would treat package-lock.json versions with higher priority than distribution tag in package.json
I dind't find any tool that would reconstruct package.json from package-lock.json, or at least replace aliases (distribution tags) in package.json with specific versions from package-lock.json.
Is there any solution for my issue (besides writing a tool that will implement last approach)?
Sandbox:
https://github.com/maxlk/npm-lock-version-should-override-latest (clone and run npm install or its alternative)
I found a solution - to use npm ci instead of npm install.
It doesn't exit with error, despite the claim in the documentation: https://docs.npmjs.com/cli/ci
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.

npm install only if package missing or out-of-date compared to package.json

I want to be able to compare my locally installed packages against my project package.json file without making a call against the npm online repo. If there is a package that is out of date based on the package.json file, then and only then will it go to the npm online repo and install the package.
The reason for this is that I want to be able to update the package.json file to require a newer version of a package, commit this change to the project repo and when other developers on the team get latest their npm package is updated. I do not want to slow down the process if everything is up-to-date or cause the build to fail if access to the npm repo or the internet is down.
I am wondering if this is an already solved use-case or do I need to parse the package.json file and compare it to a "npm ls" output myself?
you will need to setup a local repository (by duplicating the NPM couchdb localy)
( see https://stackoverflow.com/a/7577265/406458)
then you could use npm-check-updates.
npm-check-updates will give you a list of packages that can be updated in your package.json file see
https://www.npmjs.org/package/npm-check-updates
$ npm-check-updates
"connect" can be updated from 2.8.x to 2.11.x (Installed: 2.8.8,
Latest: 2.11.0) "commander" can be updated from 1.3.x to 2.0.x
(Installed: 1.3.2, Latest: 2.0.0)
Run 'npm-check-updates -u' to upgrade your package.json automatically
Check global npm packages for updates:
$ npm-check-updates -u