I want to look at upgrading NPM on a project I'm working on from 5.8.0 to the latest version.
Is this something that is safe to do without breaking any packages i have installed? And if there's a chance it might, what is the best method for testing those packages to make sure everything is running correctly still?
Updating NPM is unlikely to break anything. However your packages may require a certain version of Node.js to function properly.
There also isn't really a "best method" to check if everything runs correctly. Ill refer you to this answer which has a few options you can try.
Related
I have a Gatsby starter (taylorbryant/gatsby-starter-tailwind) that uses gatsby-plugin-postcss which is not compatible with the version of gatsby installed in my machine like a few other plugins used in the starter. You can see the warning I get when trying to build for production.
warn Plugin gatsby-plugin-postcss is not compatible with your gatsby version 3.14.2 - It requires gatsby#^2.0.0
How can I downgrade Gatsby to a specific version, maybe just locally?
This isn't too difficult.
Open your package.json file and change the actual version you want to use.
Then run npm update to make sure you update all the packages to the right version.
Please correct me if I'm wrong but I believe that is the way to change the Gatsby version.
Please do keep in mind that this is most probably cause a bunch of other discrepancies with other packages that actually require a higher version in order to work.
You can find more information about how different versions work here: https://www.gatsbyjs.com/docs/reference/release-notes/migrating-from-v2-to-v3/
Best of luck!
I've recently installed some npm package (recommended Kubernetes client) for my react app.
After writing code that uses the package and deploying the code for testing I got some weird errors about missing functions or packages. Then I've read the documentation and realized that the package was Node-only.
Is there any way to check that the npm package works in browser before writing code that uses the package?
Python packages specify compatible python versions. Do npm packages have something like this whether they indicate support for particular Node versions and the browsers?
Some packages/libraries contain .browserlistrc file which I've found to be a starting point to find out the browsers and platforms the devs intend to support or have their code compile for. While it may not always be true and the package might just be able to support a browser that isn't mentioned, it's a good starting point. It surely helps to find out if IE (the bane of front-end dev) is supported or not.
Then again many packages don't necessarily include a .browserlistrc. You can then check the package.json for a "browserslist" field.
If neither are found, you can always clone the repo and add your own .browserlistrc in the root with queries that will let you know if the package supports your intended browser or platform - little more work but yeah it can help. Not full proof but a decent enough way to find out.
Though the best answer is really to just ask the maintainers.
I have an app created with Vue-Cli and it uses node-sass. Recently, I ran npm audit and is informing me there is a new advisory for node-sass with the following info:
All versions of node-sass are vulnerable to Denial of Service (DoS).
No fix is currently available. Consider using an alternative package
until a fix is made available.
Thus, I can't deploy my app to the company's enterprise cloud (DevOps pipeline).
Does anyone know how I can fix or replace node-sass with dart-sass and whether there are any specific updates or changes I need to do with my app?
Kinda shooting in the dark here...not much out there at the moment. Thanks.
This worked for me, follow the link below
https://www.priestch.com/replace-node-sass-with-dart-sass-in-vue-cli3-based-project/
Thanks
We're using NodeJS for some projects and are faced with an issue that must have a simple solution (seeing as nobody else seems to have the problem).
In the packages.json there are a bunch of dependencies mentioned with a minimum version, each of which may have overlapping dependencies of their own. The default way a dependency is added is using the ^ operator which seems to mean 'compatible with' or 'same major version, but minor versions may differ'.
The way I understand npm to work is on npm install to take the highest minor version available that matches. Unfortunately 'compatible with' is not quite as enforced as you'd hope.
The situation this puts us in is that for instance on a developer machine version 1.1.0 is installed, but between development and publishing a new version 1.2.0, that has a bug, is introduced. On our build machine a fresh build is made which ends up using 1.2.0 and we've introduced a bug that wasn't there in development.
We tried changing the ^ operator to = for instance, but this gives us trouble when dependencies have subdependencies that aren't compatible with the requested version.
All in all I'm a bit confused, but this thing keeps biting us anytime something changes since the development machines don't do anything on npm install if the package is already there, but the build machine always gets fresh copies.
I know from NuGet that it always takes the lowest version that matches all combined requirements. Since this is always the same for a given set of dependencies, I much prefer this approach. Is there a way to make npm work like this too?
To answer my own question:
npm has introduced a new command npm ci which does something similar to npm install but enforces that the specific versions are used that were also used when a package was initially added by using the package-lock file.
See https://docs.npmjs.com/cli/ci for more information
I use npm scripts a lot for my javascript/node projects (npm start, npm test, and npm run build and others), and I was wondering if there is something similar for elm-packages, or if we should use npm scripts instead, and if I have to do it, why do we need a package.json and a elm-package.json?
The quick answer is that (as of May 2017) there's not support for this in elm-package.json.
As for the future: Evan Czaplicki has said on elm-dev mailing list that the file format and functionality will get revamped a little bit (probably with the 0.19 release), but most probably mainly with regards to application vs. library distinction. Based on that, I don't think elm-package.json will get this functionality anytime soon.
I think most devs have some node stuff running to handle their dev environment (e.g. webpack stuff) so you will always have package.json available for such scripts anyway.
There is a question about whether elm should embed its dependencies within package.json but, while most dev instances would have package.json, anyone just trying out with elm-reactor would not. So I think the present situation is here to stay, and enables you to do what you want.