NPM - save x save-Exact x shrinkwrap

Question

NPM - save x save-Exact x shrinkwrap

Asked 6 years, 3 months ago

Viewed 78 times

0

I am in doubt between the commands below, when to use them and what is the difference between them? What is the importance of --save-Exact, exactly? When and how to use each?

npm i my-pack --save

npm i my-pack --save-Exact

npm shrinkwrap

1 answer

Browser other questions tagged node.js npm

You are not signed in. Login or sign up in order to post.

by Daniel Koch • **159** points · Answer 1 · 2018-08-06T05:19:17+00:00

npm i my-pack --save

This is the default command for installing packages by npm.

How did you use --save, he will also save that in your package.json for future installation:

  "dependencies": {
    "meu-pack": "^1.0.0"
  }

Notice that he put one ^ before the version.

Semantic Versioning

The npm packages use semantic versioning. In it, the software is versioned as follows:

MAJOR.MENOR.CORRECTION

That circumflex ^, or Caret, says your software accepts meu-pack with a version greater than or equal to 1.0.0 and less than 2.0.0.

In other words, any newer version of meu-pack, in the interval of >=1.0.0 and <2.0.0, after published, it will be installed when someone runs npm install in your project.

According to Semantic Versioning, updates in the MINOR segments should not modify the software API. Thus, even if meu-pack receive fixes or new features, your program would continue to work normally, because nothing changes in the functions you already call.

Unfortunately, not always this contract is respected.

npm i my-pack --save-Exact

Assuming a new version of meu-pack be launched, the 1.0.1, and that breaks this such compatibility with the functions already used by your software, the first thing to do is to freeze the version in the package.json in the previous version.

npm i [email protected] --save-exact

This command will save the exact version of meu-pack:

  "dependencies": {
    "meu-pack": "1.0.0"
  }

So it doesn’t matter if a new version has been released. The version 1.0.0 will always be installed when someone rotates npm install in the project directory.

npm lockfiles: package-lock.json and npm-shrinkwrap.json

Freeze the version of meu-pack may sometimes not be sufficient to produce the same node_modules/ in other facilities.

For example: The package meu-pack may have an addiction minha-lib declared with the operator ^, which accepts new versions in a new installation.

How to then ensure that package versions (and dependencies) will be exactly the same on the production server?

Before you decide to select the directory node_modules/ in your repository, meet the package Locks.

Every time you turn npm install --save to install any package, the npm will generate or update the file package-lock.json, listing the exact version of all packages used by the project, including also the dependencies.

npm shrinkwrap

Shrinkwrap is the name of this mechanism before the npm@5, and it is still used when you intend to publish a package in the npm record.

npm imposes the file package-lock.json never be published.

Although both have the same format, the npm-shrinkwrap.json is present, it is used in place of the package-lock.json.

You generate npm-shrinkwrap.json spinning npm shrinkwrap, which merely renames its package-lock.json for npm-shrinkwrap.json.