One, foreword

For beginners of Node, what version of the dependency package will be installed by the NPM install command? In the spirit of truth, I have googled and found that the answers on the Internet are relatively limited. Now (2020-03-16) the NPM version has come to 6.13.4. Here is an update of NPM’s latest version control mechanism based on the results of our own practice

Second,Semantic version

First, the version format: the major version number. X.X.X. The increment rule is as follows:

  • Major version number: When you make incompatible API changes,
  • Minor version number: When you make a backward-compatible feature addition,
  • Revision number: When you make a backward compatible problem fix.
  • The prior version number and version build metadata can be added to the major version number. Second version number. Revision number “is followed as an extension.
  • Version control symbol ^ Control major version is the same, minor version or revision >= Current version minor version or revision
  • Version control character ~ Control the major version is the same as the minor version. Revision >= Revision number of the current version

Example: ^3.3.4 indicates >=3.3.4 <4.0.0

~1.15.2 indicates >=1.15.2 <1.16.0

Package and package-lock files

  1. If the versions of the modules in package.json and package-lock.json are different, the installation complies with the package.json version requirements. ^1.2.x=1.3.x, ~1.2.3=1.2.6), and update the specified version dependency module in package-lock.json
  2. If the module versions in package.json and package-lock.json are the same (consistent module versions: ^1.2.x=1.3.x, ~1.2.3=1.2.6), then the specified version in package-lock.json depends on the module
  3. If the version number is specified in package.json (that is, the specific version is written without the prefix ^ or ~), then the module version in package.json is installed and the specified version dependent module in package-lock.json is updated

other

The rules for NPM install vary from node version to node version, such as NPM 5.0.x. No matter how package.json changes, NPM install will use package-lock.json to download. So the purpose of this article is to show you that even Google has timeliness issues. The above code is only valid under NPM (6.13.4).