NPM - save x save-exact x shrinkwrap

Question

NPM - save x save-exact x shrinkwrap

Navigation

#1 by (1 votes)

0

I am doubtful between the commands below, when to use and what is the difference between them? How important is -save-exact exactly? When and how to use each?

npm i my-pack --save

npm i my-pack --save-exact

npm shrinkwrap

node.js npm

asked by anonymous 05.08.2018 / 17:28

1 answer

Restart the count if you exceed the options Remove all elements from the list without the Clean () method, how?

score 1 · Accepted Answer

npm i my-pack --save

This is the default command for installing packages by npm .

Since you used --save , it will also save this to your package.json for future installation:

  "dependencies": {
    "meu-pack": "^1.0.0"
  }

Notice that it has placed ^ before version.

Semantic Versioning

The npm packages use semantic versioning . In it, the software is versioned as follows:

MAIOR.MENOR.CORREÇÃO

This circumflex ^ , or caret , says that your software supports meu-pack with version greater than or equal to 1.0.0 and less than 2.0.0 .

In other words, any later version of meu-pack , in the range of >=1.0.0 and <2.0.0 , will be installed when someone runs npm install in your project.

According to the Semantic Versioning, updates to the MINOR.CORRECTION segments should not modify the software API. So, even though meu-pack gets fixes or new features, your program would still work normally, as nothing changes in the functions you already call.

Unfortunately, this contract is not always respected.

npm i my-pack --save-exact

Assuming a new version of meu-pack is released, 1.0.1 , and breaks that compatibility with the functions already used by your software, the first thing to do is to freeze the version in package.json in version above.

npm i [email protected] --save-exact

This command will save the exact version of meu-pack :

  "dependencies": {
    "meu-pack": "1.0.0"
  }

So, it does not matter if a new version has been released. The 1.0.0 version will always be installed when someone runs npm install in the project directory.

npm lockfiles: package-lock.json and npm-shrinkwrap.json

Freezing the version of meu-pack may sometimes not be enough to produce the same node_modules/ in other installations.

For example: The meu-pack package can have a minha-lib dependency declared with the ^ operator, which accepts new versions in a new installation.

How, then, to ensure that the versions of packages (and dependencies) will be exactly the same on the production server?

Before you decide to version the node_modules/ directory in your repository, check out the package locks .

Whenever you run npm install --save to install any package, npm will generate or update the package-lock.json file, listing the exact version of all packages used by the project, including dependencies.

npm shrinkwrap

Shrinkwrap is the name of this mechanism before npm@5 , and it is still used when you intend to publish a package in the npm registry.

Npm enforces that the package-lock.json file is never published.

Although both have the same format, when npm-shrinkwrap.json is present, it is used instead of package-lock.json .

You generate npm-shrinkwrap.json by running npm shrinkwrap , which only renames your package-lock.json to npm-shrinkwrap.json .