CODEWITHSUNDEEP
node.jspackage.json
AMAN GUPTA
AMAN GUPTA

Reputation: 141

package.json dependency caret symbol

suppose in the package.json file I have my dependencies as-as -

"dependencies": {
     "moment": "^2.22.2"
 }

Here, are we saying that for the package "moment" we can use any of version 2.x.x functionality( i.e. we can use the new functions provided by 2.23.2 in our app, though we installed 2.22.2 on our computer) or are we saying that anyone else who uses our code of app can use any 2.x.x version of "moment" package ?

Upvotes: 2

Views: 5119

Answers (2)

Bergur
Bergur

Reputation: 4067

can we use any of version 2.x.x functionality( i.e. we can use the new functions provided by 2.9.9 in our app, though we installed 2.22.2 on our computer)

Just to avoid confusion. You will not install version 2.22.2 on your computer. By saying ^2.22.2, npm will look what is the highest version of 2.x.x and install that version. You will never install version 2.22.2. You will install version 2.24, and when moment updates its packages to 2.25.0, you will install that version. So you will always have the latest verison 2.x.x installed, so you will get the functions of 2.9.9.

are we saying that anyone else who uses our code of app can use any 2.x.x version of "moment" package ?

Yes, you can verify this by checking out package-lock.json which is created by NPM and describes the exact dependency tree. https://docs.npmjs.com/files/package-lock.json

If your package.json is version 1.0.0 and you have 2.22.2 dependency on moment, and do npm install, you will see in package-lock.

{
  "name": "mypackage",
  "version": "1.0.0",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
    "moment": {
      "version": "2.24.0",
      "resolved": "https://registry.npmjs.org/moment/-/moment-2.24.0.tgz",

    }
  }
}

So everybody that installs your version 1.0.0 of your package will get moment version 2.24

why do I need to install "moment.js" again (i.e. update it) once its installed on my computer –

You don't have to to. But the common rule is to leave node_modules out of repositories and only have package.json. So that when you publish your website to for example AWS, Azure or DigitalOcean, they will do npm install and therefore install everything, every time you publish your website.

To clarify how the flow of packages usually is

  1. You create a package/module with specific verison
  2. I decide to use your package
  3. So I will do npm install (to use your package)
  4. NPM will go through the dependency tree and install versions accordingly.
  5. My website works and I am happy
  6. In the meanwhile you are changing your code, and updating your package.
  7. Few months pass and I decide to change my website. So now when I do npm install (because I updated my code), I will get your updates as well.

Upvotes: 2

Manuel Spigolon
Manuel Spigolon

Reputation: 12900

If you set:

"moment": "^2.22.2"

the user will download almost the v2.22.2. In this case you will download the v2.24.0

If you set:

"moment": "2.22.2"

the user will download exactly that version

If you set:

"moment": "~2.22.1"

the user will download almost the v2.22.1. In this case you will download the v2.22.2

You can use the functions in v2.9.9 if and only if the module respect the semver standard. That is true the 99.999% of times.

Upvotes: 2

Related Questions