npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm incorrectly changes range definition in package.json for dependencies while npm update

What I Wanted to Do

I want to manually update all dependencies with command npm update. All dependencies are defined with X-range, exactly “package-name”: “*” (asterisk). In this case I expect updated versions in package-lock.json only or updated package.json with correct equivalent of “*” (asterisk).

What Happened Instead

Updated package-lock.json => Correct
Updated package.json with not corresponding range definition. “*” is changed to ^x.y.z and it does not mean the same => Incorrect

Reproduction Steps

  1. Have a package “package-name” of version x.y.z
  2. In another package define dependency "package-name": "*"
  3. Call npm i
  4. Create new version of “package-name”, e.g. x.y.z+1
  5. Call npm update


It also doesn’t work correctly with “>=0.0.0”.
“latest” is not solution because it updates package-lock.json every time I call npm i

Platform Info

$ npm --versions
{ 'xxxxxx': '0.0.0',
  npm: '6.2.0',
  ares: '1.14.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.32.0',
  node: '10.8.0',
  openssl: '1.1.0h',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.22.0',
  v8: '',
  zlib: '1.2.11' }
$ node -p process.platform