By default, npm installs the latest available version of modules according to each dependencies' semantic version. This can be problematic if a module author doesn't adhere to semver and introduces breaking changes in a module update, for example.
To lock down each dependencies' version (and the versions of their dependencies, etc) to the specific version installed locally in the node_modules folder, use
npm shrinkwrap
This will then create a npm-shrinkwrap.json alongside your package.json which lists the specific versions of dependencies
With all that being said, I highly recommend you keep learning!
Thank you for reading this article. Please feel free to connect with me on LinkedIn and Twitter.
Discussion (4)
Hi Rajesh, how is this different/better than specifying the version when you install? e.g.
npm install packagename@1.0.0You can use this as an alternative by defining
packagename@versionbut the way I explained you need not have to run npm install for every package manually.if something is broken, you can fix it through npmjs.com/package/patch-package
That's a good one :)