[英]upgrade a dependency of a global package in npm
npm
version: 3.10.10
npm
版本: 3.10.10
node
version: 6.14.2
node
版本: 6.14.2
I need to upgrade some dependencies of npm
to address some security warnings. 我需要升级npm
某些依赖项以解决一些安全警告。 An example: sshpk
is a dependency of npm
via http-signature
and request
: 例如: sshpk
是通过http-signature
和request
对npm
的依赖:
bash-4.3# npm ls sshpk -g
/usr/local/lib
`-- npm@3.10.10
`-- request@2.75.0
`-- http-signature@1.1.1
`-- sshpk@1.10.1
I need sshpk
to get upgraded to >=1.14.1
, which is possible given the version lock in http-signature@1.1.1
's package.json: 我需要sshpk
才能升级到>=1.14.1
,考虑到http-signature@1.1.1
的package.json中的版本锁定,可以这样http-signature@1.1.1
:
"dependencies": {
"assert-plus": "^0.2.0",
"jsprim": "^1.2.2",
"sshpk": "^1.7.0"
},
I've tried running npm upgrade -g npm@3
and npm --depth 9999 upgrade -g npm@3
without any success. 我尝试运行npm upgrade -g npm@3
和npm --depth 9999 upgrade -g npm@3
没有任何成功。 It seems that npm
doesn't continue in any update
action since it notices we're already on the latest npm 3.xx
release of 3.10.10
. 看来npm
不会继续执行任何update
操作,因为它注意到我们已经在3.10.10
的最新npm 3.xx
版本中了。 I need to be able to keep npm
's dependencies up-to-date as far as security patches go. 就安全修补程序而言,我需要能够使npm
的依赖项保持最新。 Is this possible through npm update
directly? 是否可以通过npm update
直接npm update
? I'm thinking of something similar to yarn upgrade <package>@<version>
where it will traverse a package's sub-dependencies and upgrade those, even if the parent package isn't in need of a version change. 我正在考虑类似于yarn upgrade <package>@<version>
事情,即使子程序包不需要版本更改,它也可以遍历程序包的子依赖项并对其进行升级。
A reliable way to reinstall the package is to remove it or node_modules
and install again. 重新安装软件包的可靠方法是删除它或node_modules
然后重新安装。
Since NPM cannot be installed without NPM, this requires Node to be reinstalled . 由于没有NPM无法安装NPM,因此需要重新安装Node 。
An alternative is to install a spare NPM wrapper (eg npm3
) and use it to reinstall main npm
package 一种替代方法是安装备用NPM包装器(例如npm3
),然后使用它重新安装主要的npm
软件包。
npm i -g npm3
rm -rf npm/
npm3 i -g npm@3
--force
option can be used to reinstall the package, but it doesn't guarantee that package dependencies will be reinstalled. --force
选项可用于重新安装软件包,但不能保证将重新安装软件包依赖项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.