12

I am looking to update the following NPM (v5) dependency in my application from version 1.0.0 to 1.0.1 without any change to my package.json file.

"dependencies": {
  "package": "~1.0.0"
},

My current package-lock.json file references the dependency as version 1.0.0, so as expected, running npm install installs version 1.0.0 of the package.

The issue lies when running either npm install package@1.0.1 or npm update package where both commands seem to change how the package version reference in package.json

Is there a single command I can run to achieve a minor version update to only the package-lock.json file?

Thanks in advance!

Ryan Errington
  • 263
  • 3
  • 7
  • why would you want to do this without updating `package.json` ? – mihai Nov 02 '18 at 16:34
  • @mihai We use the tilda character to pick up the latest patch version of our package. I see no reason why we need to change how we reference the package version between development and release branches. – Ryan Errington Nov 04 '18 at 18:03
  • I think these answers 1-[package versions in package lock.json have a prefix, sometimes its ~ sometimes ^](https://stackoverflow.com/a/70860869/16298287) 2-[updating the version in the package-lock.json file manually](https://stackoverflow.com/a/58142690/16298287) can help – Amany Zohair Nov 06 '22 at 13:24

2 Answers2

7

Run npm update <package>.

This will update it to the latest version that satisfies the requirements specified in your package.json and reflect the update in the package-lock.json.

Yurij
  • 1,530
  • 16
  • 30
-3

package-lock.json is generated by npm and it's difficult to modify without npm since it contains package hashes.

If you're only referencing modules using the patch version (~1.0.0) I think it's safe to do the following:

  • Backup package.json and delete it
  • Run npm update package. This will use package-lock.json as a reference and will also update package-lock.json
  • Restore package.json
  • Running npm update package now will not update package.json since package-lock.json is the newer version

If you're looking for a one line command:

mv package.json package.json.tmp && npm update package && mv package.json.tmp package.json

Again, this is safe to do only when dealing with patch versions (~1.0.0). If you specify minor (^1.0.0) or major (1.0.0) versions you may want to update package.json directly.

mihai
  • 37,072
  • 9
  • 60
  • 86