Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is npm install package@latest stable or does it also include alpha/beta version?

Tags:

npm

I just want some confirmation as I've always been using @latest for a while with my packages and want to know if I'm really installing a stable version or can possibly install a alpha/beta version of the package.

I'm pretty sure this is meant for stable versions as they tell you to install@latest for npm (unless it's special syntax like npm start).

The more I think about it, the more paranoid I get, any confirmation would be greatly appreciated. :)

like image 858
Jonathan002 Avatar asked Dec 06 '17 14:12

Jonathan002


People also ask

Does npm install install latest version?

The npm install installs all modules that are listed on package. json file and their dependencies. npm update updates all packages in the node_modules directory and their dependencies.

Does npm install multiple versions of same package?

With npm or yarn, you can install a package under a custom alias. This enables you to install multiple versions of a package in the same project. Read the documentation on aliasing with npm here and yarn here.

Does npm install install all packages?

Install the dependencies to the local node_modules folder. In global mode (ie, with -g or --global appended to the command), it installs the current package context (ie, the current working directory) as a global package. By default, npm install will install all modules listed as dependencies in package.json .


1 Answers

Using npm install <pkg>@latest is equivalent to using npm install <pkg> by itself or listing * as the dependency version in package.json. npm documents this here:

npm install will use the latest tag by default.

So in practical terms, latest is semantically equivalent to stable.

However, if a prerelease version of a package is published to npm without specifying a prerelease tag such as --beta or --rc, that version becomes the latest by default:

By default, npm publish will tag your package with the latest tag.

As a result, it's possible to mess up and publish a prerelease version that will be installed by default. This happened to Bootstrap in late 2015.

This article from early 2016 by Mike Bostock explains how even specifying alpha or beta as part of the version number won't prevent npm from making that version the latest.

So unfortunately if you want to be certain that you get only stable versions, you need to monitor this manually or trust the package developers to always specify a prerelease tag for non-stable versions.

You can also view the tags assigned for a package like this:

$ npm view express dist-tags
{ latest: '4.16.2', rc: '4.0.0-rc4' }
like image 122
cantera Avatar answered Nov 16 '22 15:11

cantera