Make `npm install --save` add a strict version to package.json

Question

When you run npm install --save somepackage, it usually adds something like this into package.json:

"dependencies": {     "somepackage": "^2.1.0" } 

Because the version is prepended with a caret(^), this means that if you later run npm install, it might install version 2.3.0 instead. This can be undesirable for fairly obvious reasons. npm shrinkwrap is useful, but doesn't really solve the problem.

So, I have several questions:

1. When installing a package, is it possible to specify that you want it to be set to a specific version in package.json (no caret before the version number)?
2. When publishing a package to npm, is there any way to prevent the default of including the caret before the version when other developers install your package?

Answer 1

To specify by default a exact version, you can change your npm config with save-exact:

npm config set save-exact true 

You can also specify the prepend version with a tilde with save-prefix.

And, no you can't force user to update to a minor or a patch version, NPM uses semver and it's the recommend way of publishing packages.

Answer 2

You can change the default behaviour by using the --save-exact option.

// npm npm install --save --save-exact react  // yarn yarn add --exact react 

I created a blog post about this if anyone is looking for this in the future.

https://www.dalejefferson.com/blog/how-to-save-exact-npm-package-versions/