Addiction Management Best Practices
I am a relative newbie to the node community. I recently got on board so that I could put together an assembly for a complex web application that had been in development for several years. The two key tools in my build are Grunt and Browserify, but the application uses jQuery, Backbone, d3 and a few other libraries and plugins.
The problem I am facing is this: By default, when I install and save a package with npm, it installs the package with a semver expression that commits all future releases of the package whenever you run npm update
. As this article explains well, what may seem good at first ("give me this package and all future updates"), but it exposes your own application for any backward compatible updates that the maintainer package supports ... The article also provides some recommended guidelines, but it was written almost 4 years ago; I hope there are other, newer ideas.
What solutions are you using to solve this problem? I cannot continue to waste time updating my software every time I rely on the library. I want to update when I'm ready and ready, not when I run npm update
.
source to share
Use npm shrinkwrap to keep the dependency tree containing the exact versions, so when you do npm install
, it will use those exact versions.
The command npm outdated
will tell you which packages are out of date.
Instead npm update
, which updates all your packages, update specific packages withnpm install <pkg>@<version> --save
source to share