NPM - How to install a new package without update or add packages described on package.json

Question

This is a hard question and I'll try to explain.

How to add new packages without install dependencies or new packages (defined in package/-lock.json)?

For example: Currently, we have our package.json and package-lock.json to maintain the versioning.

However, If we try to add a new package, other packages (related to package.json or package-lock.json) are being updated/added.

The intention is just add new packages, add these packages info inside package.json and package-lock.json, without affect the current packages installed.

Answer 1

Go to package.json and make some changes if you don't want any of your packages to update automatically. For example change "react-native": "^0.56.1" to "react-native": "0.56.1"

simply delete caret "^" or tilde "~" signs you see before version declarations.

• Caret "^" sign makes npm able to update minor version updates (for above example 56 to 57 or higher) and
• Tilde "~" sign makes npm able to update patch version updates (right-most element in [major, minor, path] tuple)

If you declare your package versions without any sign, they won't be updated.

Answer 2

Use npm ci instead of npm install!

From the docs:

It will never write to package.json or any of the package-locks: installs are essentially frozen.

There are also other caveats and differences, I recommend to read the docs for more details. For example, it will remove existing node_module directories.