package.json中如何使用override更新子依赖
[英]How to use override in package.json to update child dependencies
问题描述
I am seeing a vulnarability in async and want to update it to 3.2.2 This is the dependency tree if i do npm list async
我看到异步中的漏洞并想将其更新到3.2.2如果我执行npm list async ,这就是依赖树
└─┬ webpack-dev-server@4.8.1
└─┬ portfinder@1.0.28
└── async@2.6.4
So looking at the npmdocs I tried to add override in package.json as follows.因此,查看npmdocs我尝试在 package.json 中添加覆盖,如下所示。
{
"name": "some application",
"scripts": {...},
"dependencies": {...},
"overrides": {
"webpack-dev-server": {
"portfinder": {
"async": "3.2.2"
}
}
},
"devDependencies": {...}
}
But when I do npm install it didn't update async version to 3.2.2 and still shows older version in pacakge-lock.json.但是当我执行npm install时,它没有将异步版本更新到 3.2.2,并且仍然在 pacakge-lock.json 中显示旧版本。 I removed webpack-dev-server package from devDependencies but after running npm install I get empty on npm list async我从 devDependencies 中删除了 webpack-dev-server package 但在运行 npm 安装后我在npm list async上变空了
└── (empty)
Any idea what am i doing wrong?知道我做错了什么吗?
2 个解决方案
解决方案1
1 2022-09-28 13:14:16
You need to use NPM version 8.3.0 OR above for "override" to work.您需要使用 NPM 版本 8.3.0 或更高版本才能“覆盖”工作。 you may check the below github issue for more info,您可以查看以下 github 问题以获取更多信息,
https://github.com/npm/cli/issues/4232 https://github.com/npm/cli/issues/4232
解决方案2
0 2022-07-13 09:01:23
You've got it backwards ... you specify which dependency you want to override the version of (eg async ), then provide the version or list of parents and their versions, so it's like this:你已经把它倒过来了......你指定要覆盖哪个依赖项的版本(例如async ),然后提供父母及其版本的版本或列表,所以它是这样的:
"overrides": {
"async": "3.2.2"
},
OR if being specific:或者如果是具体的:
"overrides": {
"async": {
"portfinder": "3.2.2"
}
},
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.