Menu
Currently the npm package mongoose is on version 3.8.12. Running npm install mongoose --save correctly installs version 3.8.12 and saves the dependency to package.json as follows:
"dependencies": {
"mongoose": "^3.8.12"
}
If you look in node_modules/mongoose/package.json you can see that the installed version is indeed 3.8.12. However, if I now run npm update then npm will go ahead and install an unstable version of mongoose (3.9.0). I assume this is because of the caret in the dependency entry which tells npm to go ahead and upgrade minor versions (i.e. 3.8 to 3.9). That's fine, except I don't want any prerelease versions. If I modify the dependency and remove the caret then npm update works as expected, except of course that I now have to manually upgrade the dependency version even for minor and patch updates.
You can see from running npm info mongoose that they have a "latest" tag and an "unstable" tag.
So clearly npm install uses latest unless otherwise specified, while npm update is ignoring the tag altogether and grabbing the latest minor version it's aware of.
Is there a way to modify the dependency so npm update will pull in the latest minor version but ignore any prerelease versions?
Same issue occurs if I try to use 3.x.x as the dependency. I was hoping that would still allow me to upgrade through minor versions without prerelease versions but that's not the case :/
Tilde (~3.8.12) technically works but it's a bandaid. The only reason it "works" is because the breaking changes being introduced are in 3.9.0-unstable and tilde doesn't allow npm to upgrade across minor versions. If these "unstable" changes were introduced in 3.8.13-unstable then this same issue would occur even when using the tilde.
I also tried manually specifying the "latest" tag: ^3.8.12-latest. That didn't change anything; npm update ignores the tag entirely, even if it's explicitly in the dependency listing itself :/
355
The npm install installs all modules that are listed on package. json file and their dependencies. npm update updates all packages in the node_modules directory and their dependencies.
Method 1: Using npm update command to update the node package manager. Method 2: Using npm@latest command to update the node package manager. Method 3: Using PPA repository (only for Linux). Method 4: Using cache cleaning & stable installing (only for Linux).
semver does not specify a way to tell apart stable and unstable versions.
As you said the caret would allow for npm update to install any 3.x.x version, while the tilde would allow any 3.8.x version even if the next version is called 3.8.13-broken.
Sadly, the same happens with any semver operator, so there's no escape.
As you see, you are better off using the specific version 3.8.12.
196
I would have thought the simplest approach here would be to use the tilde ~
"dependencies": {
"mongoose": "~3.8.12"
}
The difference from the "caret" ^ being that the "tilde" will match on 3.8.x where the "caret" matches anything equal or above the specified version.
35
Just to update for anyone who stumbled across this like I did, I did a minor semver bump and published it tagged as beta, but in the 10-15 minutes after publishing, npm installs defaulted to this beta as latest, despite it being clearly tagged.
I think there's some lag time on updating the semver table, if you give it 10-15, your future npm install <packagename> attempts should give you the correct version.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
