If you choose to take the exact version approach, then be diligent about upgrading core packages over time. You should also see a node modules folder appear in the root of. What will occur is that the node-sass and clean-css npm packages will be installed to the devDependencies of the project.
#NPM SAVE DEV SAVE INSTALL#
To do so run the following command npm install node-sass clean-css-cli -save-dev. Unfortunately, using -save-exact is also a sure-fire way to miss any patches or backwards-compatible features in your dependencies. Next well need to add two packages into the devDependencies of our project. Take a look at the npm shrinkwrap command for more information on this. If you want to go whole-hog on package version control, then you will need to lock down the dependencies of your packages recursively. save-exact is a near perfect solution for protecting your code against open source development errors. npm builtin config file - /path/to/npm/npmrc.per-project config file - /path/to/my/project/.npmrc.This system is broken up into four files. NPM comes with a built-in, inheritance based configuration system. A better solution than the cli flag or environment variable is to save this to the npm config.
![npm save dev save npm save dev save](https://helperbyte.com/files/questions/cfaaf41f-d989-01ca-190c-2ee55f277565.png)
Installing an exact version of an NPM module looks like this.īoth of these solutions solve the problem, but in a way that either force us to do more work or by affecting our entire system. For us, the benefits weren’t enough, and we opted to remove all automatic updating of our dependencies through NPM’s ^ and ~ prefixes. Protect Your Code From Humans With ‘save-exact’Īutomatically updating semantic versioning has its benefits with security and bug fixes being the primary reasons. Why did they do that?īecause they’re human. Of course, that would break the consumer’s code base if published. Looking at their change in hindsight, it was a clear error. We trusted the developer to do the right thing and they made a mistake. The change caused a runtime error that prevented users from performing core actions on our application. With the power of semantic versioning, our production build introduced a new dependency patch that contained a hidden, breaking change. Our production build at C2FO, like most node projects, involves an npm install command during the process.
![npm save dev save npm save dev save](https://image.slidesharecdn.com/front-endtaskautomationusinggruntyeomanandnpm1-140508170509-phpapp01/85/front-end-task-automation-using-grunt-yeoman-and-npm1-18-320.jpg)
Nothing stops a developer from making a breaking change during a bug fix. Unfortunately, trusting open source developers can be a problem.
#NPM SAVE DEV SAVE UPDATE#
The catch with NPM and semantic versioning is that we have to trust the developers who update the code to do the right thing. It provides flexibility for the package developer to make features and bug fixes without negatively affecting the consumers with a major (breaking) change. NPM also provides a ~ substitute if we only want patch modifications. The ^ means that any time we run npm install again, npm will only update or dependency if there is a minor or patch change in the semantic versioning.