If I write "latest" as the version of a package in the package.json, every call to npm i will download the latest version of the given package.
If I write something like npm i -E somepackage#latest it will not write "latest" into package.json, but the exact version that is the actual latest version.
Is there a way to force npm to write "latest" into the package.json? We are going away from the latest tag in package.json (please no good/bad practices answers).
I am just curious wether npm supports to do this or not...
Related
I can't seem to find information about how npm works with branches within a repository.
Suppose an npm package is currently versioned at: 1.0.5
A major change requires a version change from 1.0.5 => 2.0.0
Some users continue using 1.x.x to avoid breaking changes.
If a bug is discovered in 1.0.5 it needs to be fixed for the 1.x.x users requiring version change from 1.0.5 => 1.0.6
In effect, this is branching. I'd make a git branch for 1.x.x users and continue using git's master branch for 2.x.x
But how does this fit in with npm? Should I publish an older npm version 1.0.6? In that case doesn't 1.0.6 become the latest while actually 2.0.0 should be the default when doing npm install.
I can't find branch related information for npm. I'm sure the above is a common situation but I just can't find any info. Please can someone point me in the right direction.
You are on the right track - you want to publish package#1.0.6 without updating the latest tag. You can do this by supplying a --tag <tagname> argument to npm publish --
cd project
git checkout old-branch
grep version package.json
"version": "1.0.5",
[make changes]
git commit
npm version patch
grep version package.json
"version": "1.0.6",
npm publish --tag old-version
As long as you supply a --tag <tagname> argument to npm publish, the latest tag will not be updated, and people using npm install <package> or npm install <package>#latest will still get the 2.x version.
Note that the tagname has to share a namespace with version numbers, so it's best to choose a tagname that doesn't look like a semver version; avoid '1.0.6' or 'v1.0.6'.
Source: https://docs.npmjs.com/cli/publish
and: https://docs.npmjs.com/getting-started/using-tags
I want to use latest distribution tag in my package.json for internal packages. This allows me to always get their latest versions when I npm install in local environment, without updating all external 3rd parties.
The issue comes when I'm hotfixing deployed verion:
For hotfix purpose I generate and save package-lock.json for each deployed version of the application.
But when I npm install during hotfix preparation, there is a conflict between versions of internal package in package.json and package-lock.json: package-lock.json points to version that was used in deployed application, but package.json point to latest distribution tag, which itself points to later version.
Since version specified in package-lock.json doesn't suit to version range specified in package.json (which is very specific - only the latest version will suit), npm install ignores package-lock.json and installs the latest version.
I searched through documentation and internet and didn't find any existing solution for the issue:
I didn't find any npm install flag that would treat package-lock.json versions with higher priority than distribution tag in package.json
I dind't find any tool that would reconstruct package.json from package-lock.json, or at least replace aliases (distribution tags) in package.json with specific versions from package-lock.json.
Is there any solution for my issue (besides writing a tool that will implement last approach)?
Sandbox:
https://github.com/maxlk/npm-lock-version-should-override-latest (clone and run npm install or its alternative)
I found a solution - to use npm ci instead of npm install.
It doesn't exit with error, despite the claim in the documentation: https://docs.npmjs.com/cli/ci
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
If I type the following into my computer
$ echo '{}' > package.json
$ npm install pug --save
and then look at my package.json, I'll see that npm added a dependency for me.
#File: package.json
{
"dependencies": {
"pug": "^2.0.0-rc.1"
}
}
Sweet! However -- how does npm decide to grab version 2.0.0-rc.1? And how does npm decide to use the ^ SemVer version modifier?
As a user of npm can I configure or tell it to use a different SemVer modifier and/or download a different version? (both a specific version and/or something like "latest stable")
As an npm package maintainer, can I specify that npm's default behavior should be something other than "grab the latest version and slap a ^ on there"?
npm takes the latest tag publicly available and ^ is the default, you can use save-prefix to change it locally.
To a get specific version use #version after package name i.e. npm install pug#0.1.0.
Something like composer's minimum-stability doesn't exist in npm world.
As a maintainer, you can't do anything, except keeping SemVer and writeing good code :)
But at all package.json is just a JSON, you can simply modify them, without using any CLI commands and define whatever you need.
What exactly does next mean in package.json dependencies?
"dependencies": {
"react": "^15.4.2",
"react-dom": "^15.4.2",
"react-router-dom": "next"
}
The next tag is used by some projects to identify the upcoming version.By default, other than latest, no tag has any special significance to npm itself.
NPM Documentation
Specifically, and according to the documentation I found this helpful:
By default, the latest tag is used by npm to identify the current
version of a package, and npm install (without any # or
# specifier) installs the latest tag. Typically, projects only
use the "latest" tag for stable release versions, and use other tags for
unstable versions such as prereleases.
The next tag is used by some projects to identify the upcoming
version.
By default, other than latest, no tag has any special significance to
npm itself.
So, for instance, I had some issues related to npm itself generating npm ERR! Error: EACCES: permission denied errors on package installations, that I first corrected by reverting to an earlier version of npm (from 5.4.0):
npm install -g npm#5.3.0
But npm is also one of those packages that does use the "next" tag in their distribution, so to take advantage of that in the newest but not officially "stable version", you could also run:
npm install -g npm#next
Which installed 5.5.1
Running: npm show npm versions --jsonshows the following version history to give an idea what exactly was installed:
[ ...
"5.3.0",
"5.4.0",
"5.4.1",
"5.4.2",
"5.5.0",
"5.5.1"
]
This answer is an attempt to state the purpose of #next more simply. The language in the docs and in other answers appears overly complex.
Using next as the version number will allow a pre-release version if the project has one available. It will otherwise allow the latest stable version.
I created a NPM module and I published it at version 0.0.1
I made some changes and pushed those to github, and I would like it so that when one uses npm install myModule the new version is used.
How do I tell NPM that there is a version 0.0.2?
Change the version in your package.json or use npm version <new-version>.
After changing the version number in your package.json, you can run npm publish to publish the new version to NPM.
npm install will install the latest version in the NPM repository.
Increase the version number and then run npm publish yourModule again - as described in the npm docs.
npm install yourModule will then install the latest version from the NPM registry.
I found the last answer a little misleading, sorry.
For me, updating the version in the package.json still resulted in the "You cannot publish over..." error.
The steps to resolve were (based on ops version number):
npm version 0.0.2
npm publish
If it is an patch release (small changes) use following:
npm version patch
It will increment the last part of version number.
If it is a minor release (new features) use following:
npm version minor
It will increment the middle part of version number.
If it is a major release (major features or major issue fixes) use following:
npm version major
It will increment the first part of version number.
From the npmjs documentation:
To change the version number in package.json, on the command line,
in the package root directory, run the following command, replacing
<update_type> with one of the semantic versioning release types
(patch, major, or minor):
npm version <update_type>
Run npm publish.
Go to your package page (https://npmjs.com/package/) to check that the package version has been updated.