Why is “npm install” not failing when I've indicated a higher version of NodeJS?

Question

I would like to enforce exact versions of NodeJS and NPM in my NodeJS project. This is my package.json:

{
  "name": "nodesandbox",
  "version": "0.0.1",
  "dependencies": {
    "less": "*"
  },
  "engines": {
    "node": "0.10.25"
  }
}

When I run nvm ls I get this output:

    v0.2.6
    v0.7.12
    v0.9.6
  v0.10.12
  v0.10.15
  v0.10.21
current:    v0.10.24

When I run npm install it works fine, but I would like it to fail. I have followed instructions from this link [1], which is why I think setting the node version in the engines object should work but sadly it is not working.

[1] http://blog.nodejitsu.com/package-dependencies-done-right/#node-dependency-in-apps

Answer 1

It looks like the engine dependencies are only checked when the package is taken from another location:

[timwolla@/tmp/test2]npm install ../test
npm WARN engine nodesandbox@0.0.1: wanted: {"node":"0.10.30"} (current: {"node":"v0.10.26","npm":"1.4.3"})

If engineStrict is set to true:

[timwolla@/tmp/test2]npm install ../test
npm ERR! notsup Unsupported
npm ERR! notsup Not compatible with your version of node/npm: nodesandbox@0.0.1
npm ERR! notsup Required: {"node":"0.10.30"}
npm ERR! notsup Actual:   {"npm":"1.4.3","node":"v0.10.26"}

---

If you read the manual carefully it may become clear why (I'm not 100% sure about this actually):

Compare

npm install (in package directory, no arguments):

Install the dependencies in the local node_modules folder.

with

npm install <folder> :

Install a package that is sitting in a folder on the filesystem.

The first states to install the dependencies , while the second installs the package .