Home  >  Article  >  Web Front-end  >  Introduction to the version number of the library in package.json in Node.js

Introduction to the version number of the library in package.json in Node.js

不言
不言forward
2019-04-02 10:15:561835browse

This article brings you an introduction to the version number of the package.json library in Node.js. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

~The difference between ^

I have always encountered some problems recently. It works fine locally, but problems occur online, and I can't reproduce them locally. Later, after deleting the node_modules directory and reinstalling it, the problem was reproduced locally. I could look at git history and found that no one had modified the version number in package.json, so I took a closer look at the library in package.json. Version number; the difference between

~ and ^

    "babel-loader": "^7.1.1",
    "body-parser": "~1.15.2"

npm install --save xxx, will give priority to ^ instead of ~

Take version number x.y.z as an example
x: Major version number, when you make incompatible API modifications
y: Minor version number, when you make backward compatible functional issues
z: Revision number, when you fix the backward compatibility problem

~x.y.z, it will be updated to the latest version of y, for example body-parser: ~1.15.2, this library will match the latest version of 1.15.z. If 1.16.0 appears, it will not be automatically upgraded
^x.y.z, but will be updated to the latest version of x. For example babel-loader: ^7.1.1, this library will match the latest version of 7.y.z. If 8.1.1 appears, it will not be automatically upgraded.

Please refer to npm official Explanation given
^1.2.3 := >=1.2.3 <2.0.0
^0.2.3 := >=0.2.3 <0.3.0
^0.0. 3 := >=0.0.3 <0.0.4

In most cases, dependent packages that follow this version number rule are fine, but npm is an open source world, and not all of them are strict. Following this rule, the above problems will occur;

Why package lock is needed

There are several possible reasons as follows. In some cases, package.json There is no guarantee that the dependency versions installed after executing npm install on everyone's own computer are the same
1. If the version of the dependent package recorded in package.json is a version range, once npm i is executed, this package will Update to the latest version
2. Even if you depend on a fixed version of the package (such as A 1.1.1), the package A you depend on may depend on other package B, and A may also use semser when declaring dependencies. Naming, such as ^1.2.3, if package B releases a new version, it will also cause package B to be installed to a newer version
3. The versions of the npm program used by different people are different

If you depend on the version of the package Inconsistency will lead to inconsistent behavior between the development environment and the production environment; or lead to differences in product environments between different team members

How to resolve package version inconsistencies

1 .npm uses the package-lock.json file to solve this problem

Executing npm install will automatically generate the package.json file. As long as you perform ordinary installation, updates, etc. npm commands that may modify package.json, it will automatically Synchronously modify the package-lock.json file

npm install xxx
npm rm xxx
npm update xxx

2.npm also supports npm-shrinkwrap.json, which has exactly the same function as package-lock.json

Executionnpm shrinkwrap To generate npm-shrinkwrap.json
This command will create a new or overwrite the existing npm-shrinkwrap.json file based on the package-lock.json file. Files created and updated by this command will take precedence over any other existing or future package-lock.json files.

3. Use yarn

The main advantages of using yarn are as follows

  • Fast: Each package it downloads will be cached without repeated downloading; it can operate in parallel Reliable with maximum resource utilization: Using a lockfile file with a detailed and concise format and a deterministic algorithm to install dependencies, it can ensure that the installation process running on one system will also run in the same way on other systems. on the system.
  • Safety: Verify the integrity of the installation package before it is executed
  • yarn is faster than npm. The lock file of yarn is yarn.lock, which can solve the problem of inconsistent package versions.
【Related recommendations:
JavaScript video tutorial

The above is the detailed content of Introduction to the version number of the library in package.json in Node.js. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:segmentfault.com. If there is any infringement, please contact admin@php.cn delete