DEV Community

Rajesh Kumar Yadav
Rajesh Kumar Yadav Subscriber

Posted on • Edited on

Node.js : Locking modules to specific versions

By default, npm installs the latest available version of modules according to each dependencies' semantic version. This can be problematic if a module author doesn't adhere to semver and introduces breaking changes in a module update, for example.

To lock down each dependencies' version (and the versions of their dependencies, etc) to the specific version installed locally in the node_modules folder, use

npm shrinkwrap
Enter fullscreen mode Exit fullscreen mode

This will then create a npm-shrinkwrap.json alongside your package.json which lists the specific versions of dependencies

Buy Me A Coffee

With all that being said, I highly recommend you keep learning!

Thank you for reading this article. Please feel free to connect with me on LinkedIn and Twitter.

Top comments (4)

Collapse
 
jamesthomson profile image
James Thomson

Hi Rajesh, how is this different/better than specifying the version when you install? e.g. npm install packagename@1.0.0

Collapse
 
rajeshkumaryadavdotcom profile image
Rajesh Kumar Yadav

You can use this as an alternative by defining packagename@version but the way I explained you need not have to run npm install for every package manually.

Collapse
 
kak_kotyavo profile image
KAK KOTYAVO!

if something is broken, you can fix it through npmjs.com/package/patch-package

Collapse
 
rajeshkumaryadavdotcom profile image
Rajesh Kumar Yadav

That's a good one :)