Is there any possibility to install node packages (no matter by npm or yarn) and their dependencies released before some date? It looks that it's technically possible, because all versions have the corresponding date release, but I don't see any specific way to do it.
Sometimes, it's impossible to get the set of packages that correspond to the release date requirement. In this case it's okay to get the earliest version that we can to get.
That's exactly what before directive does in npm.
https://docs.npmjs.com/cli/v8/using-npm/config#before
Just create file .npmrc in the root folder of your project, and put the directive there
before=2022-06-01
check if it's working using npm config list command.
After it npm install will use only versions released before this date.
Really strange request, anyway...
In order to do that you need to write a program to write a package.json (or at least its dependencies filed).
Let's say you have a package (let's call it my-package) which has three dependencies: package-1, package-2 and package-3.
First of all you need a function (let's call it getPackageVersionByDate) to get the latest version of a package released before a given date. With the command
npm view rotating-file-stream time --json
you can get all the required data to write its body (I leave to you this easy boring task).
Iterating over the dependencies of your package you can get the versions you need and using them you can modify the dependencies filed of your package.json file.
That's not all!
In your request you are asking also for dependencies earlier of a given date; let's talk for a while about this problem. If a package has a dependency with a fixed version, we can be reasonably sure the dependency was deployed earlier than the package requiring it. But not all the packages use fixed version for their dependencies. Looking at npm documentation we can see that packages can use several syntaxes to specify version ranges for their dependencies and it could happen than resolving them the result is a version released later than your specific date.
So you need another function (let's call it getPacakgeDependencies) to get all the dependencies for a package with the relative version number or version range. With the command
npm view rotating-file-stream@3.0.0 dist.tarball --json
you can get the URL to download a specific version of a package, you can unzip and untar it and inside its package.json file you can get all the required data to write its body (I leave to you this easy boring task too).
For dependencies with a fixed version, no problem; for those which have a version range, you need to enhance the getPackageVersionByDate function to be able to do its job filtering the versions which respect the given range.
A couple of examples to try to better explain the problem.
Example 1: let's say your threshold date is 2021-01-23 AND package-1 has following dependencies in its package.json file:
"dependencies": {
"rotating-file-stream": "2.x"
}
then calling
getPackageVersionByDate("rotating-file-stream", "2021-01-23", "2.x");
the returned value must be 2.1.3.
Example 2: let's say your threshold date is 2021-01-23 AND package-1 has following dependencies in its package.json file:
"dependencies": {
"rotating-file-stream": "<2.0.0"
}
then calling
getPackageVersionByDate("rotating-file-stream", "2021-01-23", "<2.0.0");
the returned value must be 1.4.6.
I leave to you the very long and easy task to enhance getPackageVersionByDate.
Now you have everything you need to write your final package.json file with four dependencies (package-1, package-2, package-3 and rotating-file-stream) and for all of them the fixed version number which respect all the requirements:
Last, combining getPackageVersionByDate and getPacakgeDependencies in a recursive way you can get the full list of dependencies with their fixed version.
