By default, npm installs the latest available version of modules according to each dependencies' semantic version. This can be problematic if a module author doesn't adhere to semver and introduces breaking changes in a module update, for example.
To lock down each dependencies' version (and the versions of their dependencies, etc) to the specific version installed locally in the node_modules folder, use
npm shrinkwrap
This will then create a npm-shrinkwrap.json alongside your package.json which lists the specific versions of dependencies
With all that being said, I highly recommend you keep learning!
Thank you for reading this article. Please feel free to connect with me on LinkedIn and Twitter.
Top comments (4)
Hi Rajesh, how is this different/better than specifying the version when you install? e.g.
npm install packagename@1.0.0You can use this as an alternative by defining
packagename@versionbut the way I explained you need not have to run npm install for every package manually.if something is broken, you can fix it through npmjs.com/package/patch-package
That's a good one :)