When you run npm install --save somepackage
, it usually adds something like this into package.json:
"dependencies": {
"somepackage": "^2.1.0"
}
Because the version is prepended with a caret(^), this means that if you later run npm install
, it might install version 2.3.0 instead. This can be undesirable for fairly obvious reasons. npm shrinkwrap
is useful, but doesn't really solve the problem.
So, I have several questions:
To specify by default a exact version, you can change your npm config with save-exact
:
npm config set save-exact true
You can also specify the prepend version with a tilde with save-prefix
.
And, no you can't force user to update to a minor or a patch version, NPM uses semver and it's the recommend way of publishing packages.