30

This is a hard question and I'll try to explain.

How to add new packages without install dependencies or new packages (defined in package/-lock.json)?

For example: Currently, we have our package.json and package-lock.json to maintain the versioning.

However, If we try to add a new package, other packages (related to package.json or package-lock.json) are being updated/added.

The intention is just add new packages, add these packages info inside package.json and package-lock.json, without affect the current packages installed.

Dan
  • 1,518
  • 5
  • 20
  • 48
  • Are you worried about module versions changing? If so, you can specify a version for each module in package.json and it won't update them beyond that version. – dodo Feb 21 '18 at 17:11
  • all packages installed and described on package.json are already specified. – Dan Feb 21 '18 at 17:12
  • If you have all the packages installed with their versions specified, then they shouldn't change upon `npm install` – dodo Feb 21 '18 at 17:23
  • @dodo that's what I had in mind as well. – Dan Feb 21 '18 at 17:34

2 Answers2

19

Go to package.json and make some changes if you don't want any of your packages to update automatically. For example change "react-native": "^0.56.1" to "react-native": "0.56.1"

simply delete caret "^" or tilde "~" signs you see before version declarations.

  • Caret "^" sign makes npm able to update minor version updates (for above example 56 to 57 or higher) and
  • Tilde "~" sign makes npm able to update patch version updates (right-most element in [major, minor, path] tuple)

If you declare your package versions without any sign, they won't be updated.

Natan Williams
  • 1,447
  • 1
  • 8
  • 13
Amir Gorji
  • 2,809
  • 1
  • 21
  • 26
  • Unfortunately babel's package.json files don't follow this, so even if you try to lock in the package you use, all of its dependencies have wide open semver patterns that try to grab the latest. NYC is a pretty common tool that uses babel, so even if you aren't using it explicitly, you may still be stuck in their world of pain. – Jason Sep 21 '22 at 20:29
  • I didn't know it. Thanks for teaching me that. I'll try to reproduce it and find a solution for that and once I found it, I'll update this answer. – Amir Gorji Sep 22 '22 at 07:02
1

Use npm ci instead of npm install!

From the docs:

It will never write to package.json or any of the package-locks: installs are essentially frozen.

There are also other caveats and differences, I recommend to read the docs for more details. For example, it will remove existing node_module directories.

Andreas Profous
  • 1,384
  • 13
  • 10
  • 1
    npm ci doesn't install new packages – trusktr Apr 09 '22 at 06:27
  • 2
    @trusktr `npm ci` does, in fact, installs packages as per the [documentation](https://docs.npmjs.com/cli/v7/commands/npm-ci): "This command is similar to npm install, except it's meant to be used in automated environments such as test platforms, continuous integration, and deployment". – Chirag Anand Jul 07 '22 at 07:56