npm incorrectly changes range definition in package.json for dependencies while npm update


(Tomáš Růt) #1

What I Wanted to Do

I want to manually update all dependencies with command npm update. All dependencies are defined with X-range, exactly “package-name”: “*” (asterisk). In this case I expect updated versions in package-lock.json only or updated package.json with correct equivalent of “*” (asterisk).

What Happened Instead

Updated package-lock.json => Correct
Updated package.json with not corresponding range definition. “*” is changed to ^x.y.z and it does not mean the same => Incorrect

Reproduction Steps

  1. Have a package “package-name” of version x.y.z
  2. In another package define dependency "package-name": "*"
  3. Call npm i
  4. Create new version of “package-name”, e.g. x.y.z+1
  5. Call npm update

Details

It also doesn’t work correctly with “>=0.0.0”.
“latest” is not solution because it updates package-lock.json every time I call npm i

Platform Info

$ npm --versions
{ 'xxxxxx': '0.0.0',
  npm: '6.2.0',
  ares: '1.14.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.32.0',
  node: '10.8.0',
  openssl: '1.1.0h',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.22.0',
  v8: '6.7.288.49-node.19',
  zlib: '1.2.11' }
$ node -p process.platform
win32

(system) #2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.