Make `npm install --save` add a strict version to package.json

twiz picture twiz · Jun 5, 2015 · Viewed 17.2k times · Source

When you run npm install --save somepackage, it usually adds something like this into package.json:

"dependencies": {
    "somepackage": "^2.1.0"
}

Because the version is prepended with a caret(^), this means that if you later run npm install, it might install version 2.3.0 instead. This can be undesirable for fairly obvious reasons. npm shrinkwrap is useful, but doesn't really solve the problem.

So, I have several questions:

  1. When installing a package, is it possible to specify that you want it to be set to a specific version in package.json (no caret before the version number)?
  2. When publishing a package to npm, is there any way to prevent the default of including the caret before the version when other developers install your package?

Answer

Pierre Inglebert picture Pierre Inglebert · Jun 5, 2015

To specify by default a exact version, you can change your npm config with save-exact:

npm config set save-exact true

You can also specify the prepend version with a tilde with save-prefix.

And, no you can't force user to update to a minor or a patch version, NPM uses semver and it's the recommend way of publishing packages.