Menu
I am trying to lock node and npm version in my javascript project to ensure other developers have those specific versions when building bundles to commit. I just added this to my package.json:
"engineStrict" : true,
"engines": {
"node" : "10.10.0",
"npm" : "6.5.0"
},
Will this enforce those versions definitively? I am unfamiliar with locking down versions since I am used to be the sole developer on frontend projects or inheriting projects that have had this set up.
Alternatively, is there a benefit of also adding an .nvmrc file that specifies the same version or is that redundant if I'm using engines?
559
asked Apr 24 '20 08:04
You can lock your application with a specific node. js version. This will help you to isolate the dependencies of of your node.
In the package.json there's an optional node that you can set called engines . From the documentation we can read about what this is for: You can specify the version of node that your stuff works on.
Adding engine-strict=true to your . npmrc file only enforces you to use the right engine when you install packages. It does not enforce anything for your end user.
The package. json file is the heart of any Node project. It records important metadata about a project which is required before publishing to NPM, and also defines functional attributes of a project that npm uses to install dependencies, run scripts, and identify the entry point to our package.
It should still be possible use .nvmrc, but this could co-exist for developer who prefer to set the engine version in package.json and have it picked up on local, CI, and production. Sorry, something went wrong. Awesome, that behavior makes sense to me, thanks for clarifying.
In the package.json there’s an optional node that you can set called engines. From the documentation we can read about what this is for: Love the informal tone of that documentation. Ok, so here we can list of not only Node, but also alternative runtime like io.js but also npm. This can be given as just a version number or with a range
In other words, there is a robust JSON.sh parser written in shell (180 lines of code), it was already discussed that even having great JSON parser there is no way NVM will start reading the node version from ./package.json. Sorry, something went wrong. But, well, the proposed parser doesn't fulfill criteria of nvm.
If you plan to publish your package, the most important things in your package.json are the name and version fields as they will be required. The name and version together form an identifier that is assumed to be completely unique.
engineStrict is deprecated since npm v3, but you can set engine-strict=true in your .npmrc file. If you have engines set in package.json, an error will be thrown when someone installs on an unsupported Node.js version.
To make it easier for other developers to use a supported Node.js version, you can add a .nvmrc file. Now other developers can run nvm use to automatically use a supported version.
191
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
