I'm maintaining a npm package for which I received a GitHub dependabot security alert for one of it's dependencies. I accepted the gh bot proposal which ended up in a gh pull request
with an updated package-lock.json
. I checked out the pr branch locally and run my tests against it. It is all ok and I want to merge it into master. But how do I publish the new package, do I have to create a new version or is it best practice to crate a new npm version? Because nothing else changed (only one dependency) can I just update the package without creating a new version? Thanks for your thoughts.
I read the npm documentation, but couldn't find any solution.
Well, I think you can try this in your terminal and will update the npm version. I think this would be helpful.
https://docs.npmjs.com/cli/v6/commands/npm-version
commands: this will update to the latest version.
npm install npm@latest -g
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.