Is it a good practice to use in package.json '*' instead of a certain version of library of '~', '^'?
Question
I passed one learning course on Node.js and Angular. And the teacher there used in package.json
A lot of asterisks instead of specific versions of libs.
"dependencies": {
"bcrypt": "*",
"bcryptjs": "^2.4.3",
"body-parser": "*",
"cors": "*",
"express": "*",
"jsonwebtoken": "*",
"mongoose": "*",
"morgan": "^1.10.0",
"passport": "*",
"passport-jwt": "*"
},
"devDependencies": {
"nodemon": "^2.0.7"
}
Is it a good or a bad practice to use them?
1 answers
solution1
1 2021-11-16 05:24:41
Wildcard is a bad idea. It says load the latest version no matter what. Sounds like a good idea so you do not have to keep updating. It is great until they introduce breaking changes into the api.
If they update from v1.5 to v2.0 and they changed their api, your code that relies on 1.5 syntax will no longer work in v2.0 if it is not backwards compatible. Do this with multiple packages and you have a huge mess on your hands.
Some people will allow the minor version to be wildcard, but most people lock it down and manually upgrade so it can be fully tested.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.