2

I maintain a NPM package and so far I have always created a new version of the package every time I made a change to the package files. For this i followed the following guide from the NPM Docs:

https://docs.npmjs.com/updating-your-published-package-version-number

Now my question is if it is possible to update the package files without raising the version number of the package? And if so, which command should I use to do that. The described npm publish command only works if I first incremented the version number.

Reason for my consideration is the statement from the docs "When you make significant changes to a published package". Because I don't want to increase the version number with every small update.

KreutzerCode
  • 334
  • 1
  • 2
  • 12
  • 1
    What if you introduced a breaking change into an already existing version, and no-one could back out of it, without resorting to a version you created two years ago, and apps failed across the planet? Versioning only works if you create a new version to have that safety. Thems the rules. – Andy Oct 23 '21 at 14:42
  • 1
    Always update your version number. That's how people using your package will be able to get the modified version, based on what is in their package.json. `MAJOR.MINOR.PATCH`; Now, that doesn't mean that every time you make a change you need to publish the change. You could always wait until you have multiple changes staged in source control and make a release so you only need to change the version once. – J. Titus Oct 23 '21 at 14:44
  • @J.Titus was absolutely right to mention [semantic versioning](https://docs.npmjs.com/about-semantic-versioning) or major/minor/patch which I failed to do. – Andy Oct 23 '21 at 14:46
  • 1
    I know that it's useful and totally makes sense to increase the version for every code change. But I'm wondering if it's technically possible for a package maintainer to change the code without changing the version, e.g. with a malicious intent. I hope it's not possible, right? – Boommeister Aug 09 '22 at 19:37
  • 1
    I have the same question. all the comments above just blab about (what they think) you _should_ do; the question is about what you _can_ do. I had the exact same response to the verbiage in the npm docs. – BD107 Dec 25 '22 at 05:33

0 Answers0