1

I'm confused by the intended behaviour of specifying "latest" as the version for a dependency in package.json and I'm hoping someone can explain it and/ or point me at where the behaviour is documented.

If I specify "@myPackageName": "latest in my package.json and run npm install, should it:

a) be equivalent to manually setting the version number in package.json to the latest available every time I run npm install,

b) be equivalent to specifying ">=0.0.0" - i.e. install the version that was the most recent at the time it is first installed, and after that follow the version specified in package-lock.json, or

c) Something else?

I had thought it would be (a), but experience so far looks like (b). Full details of what I've seen so far below:

  • We have a npm package hosted in a private registry that we use in our project, and the latest version is, say, 1.0.2
  • Our project currently has version 1.0.1 installed, and 1.0.1 is included in our package-lock.json
  • Our dependencies in our package.json includes "@ourPackageName": "latest"
  • npm view @ourPackageName@latest version shows version 1.0.2
  • Running npm install @ourPackageName@latest installs version 1.0.2 and updates the package-lock.json to reflect that
  • But running npm install on its own does **not **install 1.0.2 or update package-lock.json
Rich
  • 15,048
  • 2
  • 66
  • 119
trwoodward
  • 11
  • 2
  • This behaviour isn't specified in the docs for npm install or package-lock.json, AFAICT: https://docs.npmjs.com/cli/v9/commands/npm-install?v=true https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json?v=true . It's therefore not clear what the intended behaviour is. I wonder if anyone can clarify? – Rich Aug 11 '23 at 10:36
  • Yes - that's as far as I've gotten as well, I've updated the question for clarity. – trwoodward Aug 11 '23 at 10:54

1 Answers1

-3

When you specify "@ourPackageName": "latest" in your package.json for a dependency, it should indeed fetch the latest version available and use that version for your project. However, there are some nuances to consider:

npm install @ourPackageName@latest: This command explicitly tells npm to install the latest version of the package. It will fetch the latest version and update the package-lock.json accordingly.

npm install: When you run this command without specifying a version, npm will install the versions listed in your package-lock.json. It will use the versions that were locked at the time the package-lock.json file was created or last updated. So, if you previously had version 1.0.1 locked in the package-lock.json, running "npm install" won't automatically update it to 1.0.2 unless you run "npm install @ourPackageName@latest" specifically.

In essence, "npm install @ourPackageName@latest" fetches the latest version and updates the package-lock.json, while "npm install" respects the locked versions in the package-lock.json.

If you want to make sure your project always uses the latest version of the package, you might want to consider running "npm install @ourPackageName@latest" explicitly or updating your package.json to specify the desired version, e.g., "@ourPackageName": "^1.0.2", which allows installing any compatible version greater than or equal to 1.0.2.

Srinivas Murthy. N.A
  • 74
  • 2
  • 15
  • Thanks - I've updated the question for clarity. My confusion is around what happens when 1.0.1 is no longer the latest version. If I manually go back to package.json and set it to 1.0.2, then running npm install will update package-lock.json to also reference 1.0.2. I had thought that referencing the "latest" tag would have the same effect, but it doesn't seem to, and I can't find any documentation to clarify whether that is the expected behaviour. – trwoodward Aug 11 '23 at 10:53
  • 1
    This answer looks like ChatGPT – DavidW Aug 11 '23 at 22:53