DEV Community

Cover image for How to save exact npm package versions
Dale L. Jefferson
Dale L. Jefferson

Posted on • Updated on • Originally published at

How to save exact npm package versions

I've recently started using exact versions in my package.json. This allows me to have more control over my versions and with tools like Renovate this is easier than ever.

What is an exact version?

"react": "^16.0.0" // carat: allow 16.1.0
"react": "~16.0.0" // tilde: allow 16.0.1
"react": "16.0.0" // exact: only 16.0.0


Renovate has great documentation on why you would do this dependency-pinning


There are two ways to force npm or yarn to save exact versions in your package.json.

1. Everytime you install a package

// npm
npm install --save --save-exact react

// yarn
yarn add --exact react

2. Set a default in your config

npm config set save-exact=true

This adds save-exact=true to your .npmrc

Top comments (1)

aminnairi profile image

In my opinion, this really should be the default behaviour of all package managers. Having packages that update when running npm install is great for keeping packages from security breaches but semantic versions are not enforced and some maintainer do push breaking changes on minor or patch version and it becomes a nightmare to debug each one of the updated package when this happen. Installing exact versions does allow a more fine control over which packages should be updated or not. This is why it should become the default behaviour in my opinion.