This article deletion from Node.js 8 at The Right Way Part the I Chapter 3
npm semantic version control (SemVer) can be used to find the best compatible version of the package.
To install the testing framework mochaas an example
$ npm install --save-dev --save-exact [email protected]
-- save-exact(Or -e) flag tells npm we want to specify a particular package version is 3.4.2 in this case.
In the Node.js community, the semantic versioning convention is a powerful practice, when setting the version number of the package, be sure to follow this practice. The version number of the connecting points of three parts: the major version, minor version and patch.
In order to comply with the agreed version of the semantics, when you change your code, you must increment the version number of the correct part:
- If your code changes do not introduce or remove any function (such as bug fixes), then simply add the patch version.
- If your code introduces new features, but does not remove or change existing functionality, then increase the minor version and reset the patch version number.
- If your code in any way undermine the existing functionality, then increase the major version and reset the minor version and patch version.
If you want to call npm that best matches the version, can be omitted -- save-exactflag. Can even run npm installcompletely omit the version number, in this case, npm will pull down the latest released version.
If omitted by installing the module when npm -- save-exactflag, a version number to attach caret( ^) to the package.json. For example, " ^3.4.2" instead of " 3.4.2." The caret means that the use of greater than or equal npm you specify the latest minor version.
For example, if your version is set to dependency ^1.5.7, and the module author 1.6.0has released a new minor version, then install the module to any people will install 1.6.0version dependencies. Even higher dependency released 2.0version, npm will not choose version 2.0, because the main version is considered to be backward incompatible.
As long as everyone agreed to abide by the semantic version, then everything is rosy, because the minor version can only add new features without breaking existing functionality. In fact, the total number of packages does not comply with this agreement. If you want to have some leeway, but still slightly stricter, you can use the tilde ( ~) prefix character instead. Building on the prior example illustrates, if your dependency set ~1.5.7, and the author released 1.5.8, then your users will get 1.5.8, but it will not be automatically upgraded to 1.6.0. Use ~as a prefix to use than ^to be secure, because people are less likely to introduce ground-breaking changes in the patch release.
While semantic version has been widely adopted community, but the authors sometimes reach the main version 1destructive changes to the version and patch version times before. For example, a project might from the 0.0.1start version, then 0.0.2, 0.0.3mutations and other changes in each version. The same situation may exist from 0.1.0to 0.2.0the 0.3.0project, and so on. To address this problem, when faced with ( ^), and ( ~when) the version number prefixes, npm ignores the leading zero.
My advice is: always use when installing the package -- save-exact. The disadvantage is that you must explicitly update the version number of the package you choose to rely on an updated version. But at least you can make your own way to deal with this problem, not because you can not control the upstream dependence caused by accidental damage.
Here I have a version number of tips on. Even if you carefully manage your direct dependencies -- save-exact, those dependencies in their dependencies might not be so strict. That is why it package-lock.jsonis so important. It may be cured version of the whole dependency tree, including the checksum.
If you really want every installation has the same file, then you should submit package-lock.jsonto the version control system. When you are ready to perform the update, use the npm outdatedcommand to get a report that shows you rely on modules which modules have an updated version. Then, when you install the latest version of the module, package-lock.jsonit will generate the latest version of the dependency tree.
By submitting package-lock.json. Can in the development of the project, create a audit trail that allows you to run exactly the same from any point past the code stack. When trying to trace the code or dependencies of the bug, it is a very valuable resource.