使 `npm install --save` 添加一个严格的版本到 package.json

Question

When you run npm install --save somepackage , it usually adds something like this into package.json:

"dependencies": {
    "somepackage": "^2.1.0"
}

Because the version is prepended with a caret(^), this means that if you later run npm install , it might install version 2.3.0 instead. This can be undesirable for fairly obvious reasons. npm shrinkwrap is useful, but doesn't really solve the problem.

So, I have several questions:

1. When installing a package, is it possible to specify that you want it to be set to a specific version in package.json (no caret before the version number)?
2. When publishing a package to npm, is there any way to prevent the default of including the caret before the version when other developers install your package?

Answer 1

To specify by default a exact version, you can change your npm config with save-exact :

npm config set save-exact true

You can also specify the prepend version with a tilde with save-prefix .

And, no you can't force user to update to a minor or a patch version, NPM uses semver and it's the recommend way of publishing packages.

Answer 2

You can change the default behaviour by using the --save-exact option.

// npm
npm install --save --save-exact react

// yarn
yarn add --exact react

I created a blog post about this if anyone is looking for this in the future.

https://www.dalejefferson.com/blog/how-to-save-exact-npm-package-versions/

Answer 3

Run:

npm install --save --save-exact my-module@my-specific-version

_{Adding an answer to make this advice easier to see.}