By default, npm
installs the latest available version of modules according to each dependencies' semantic version. This can be problematic if a module author doesn't adhere to semver and introduces breaking changes in a module update, for example.
To lock down each dependencies' version (and the versions of their dependencies, etc) to the specific version installed locally in the node_modules
folder, use
npm shrinkwrap
This will then create a npm-shrinkwrap.json
alongside your package.json
which lists the specific versions of dependencies
With all that being said, I highly recommend you keep learning!
Thank you for reading this article. Please feel free to connect with me on LinkedIn and Twitter.
Top comments (4)
Hi Rajesh, how is this different/better than specifying the version when you install? e.g.
npm install packagename@1.0.0
You can use this as an alternative by defining
packagename@version
but the way I explained you need not have to run npm install for every package manually.if something is broken, you can fix it through npmjs.com/package/patch-package
That's a good one :)