I'm confused by the intended behaviour of specifying "latest" as the version for a dependency in package.json and I'm hoping someone can explain it and/ or point me at where the behaviour is documented.
If I specify "@myPackageName": "latest in my package.json and run npm install, should it:
a) be equivalent to manually setting the version number in package.json to the latest available every time I run npm install,
b) be equivalent to specifying ">=0.0.0" - i.e. install the version that was the most recent at the time it is first installed, and after that follow the version specified in package-lock.json, or
c) Something else?
I had thought it would be (a), but experience so far looks like (b). Full details of what I've seen so far below:
- We have a npm package hosted in a private registry that we use in our project, and the latest version is, say, 1.0.2
- Our project currently has version 1.0.1 installed, and 1.0.1 is included in our package-lock.json
- Our dependencies in our package.json includes
"@ourPackageName": "latest" npm view @ourPackageName@latest versionshows version 1.0.2- Running
npm install @ourPackageName@latestinstalls version 1.0.2 and updates the package-lock.json to reflect that - But running
npm installon its own does **not **install 1.0.2 or update package-lock.json
When you specify "@ourPackageName": "latest" in your package.json for a dependency, it should indeed fetch the latest version available and use that version for your project. However, there are some nuances to consider:
npm install @ourPackageName@latest: This command explicitly tells npm to install the latest version of the package. It will fetch the latest version and update the package-lock.json accordingly.
npm install: When you run this command without specifying a version, npm will install the versions listed in your package-lock.json. It will use the versions that were locked at the time the package-lock.json file was created or last updated. So, if you previously had version 1.0.1 locked in the package-lock.json, running "npm install" won't automatically update it to 1.0.2 unless you run "npm install @ourPackageName@latest" specifically.
In essence, "npm install @ourPackageName@latest" fetches the latest version and updates the package-lock.json, while "npm install" respects the locked versions in the package-lock.json.
If you want to make sure your project always uses the latest version of the package, you might want to consider running "npm install @ourPackageName@latest" explicitly or updating your package.json to specify the desired version, e.g., "@ourPackageName": "^1.0.2", which allows installing any compatible version greater than or equal to 1.0.2.