DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’» is a community of 968,547 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Cover image for How to save exact npm package versions
Dale L. Jefferson
Dale L. Jefferson

Posted on • Updated on • Originally published at dalejefferson.com

How to save exact npm package versions

I've recently started using exact versions in my package.json. This allows me to have more control over my versions and with tools like Renovate this is easier than ever.

What is an exact version?

"react": "^16.0.0" // carat: allow 16.1.0
"react": "~16.0.0" // tilde: allow 16.0.1
"react": "16.0.0" // exact: only 16.0.0

Why

Renovate has great documentation on why you would do this dependency-pinning

How

There are two ways to force npm or yarn to save exact versions in your package.json.

1. Everytime you install a package

// npm
npm install --save --save-exact react

// yarn
yarn add --exact react

2. Set a default in your config

npm config set save-exact=true

This adds save-exact=true to your .npmrc

Top comments (1)

Collapse
 
aminnairi profile image
Amin

In my opinion, this really should be the default behaviour of all package managers. Having packages that update when running npm install is great for keeping packages from security breaches but semantic versions are not enforced and some maintainer do push breaking changes on minor or patch version and it becomes a nightmare to debug each one of the updated package when this happen. Installing exact versions does allow a more fine control over which packages should be updated or not. This is why it should become the default behaviour in my opinion.

🌚 Friends don't let friends browse without dark mode.

Sorry, it's true.