npm: how to find the latest compatible version of a dependency for a node module at a specific version?

Question

Is there a way to determine the latest version of a specific module which is compatible with another module at a specific version?

For example, running npm install @angular/http pulls @angular/http@7.2.16 which dependes on rxjs@^6.0.0, but a lower version of rxjs is already present in the project — rxjs@5.5.11, and bumping this version will require updating a whole lot of other modules, which I want to avoid.

Is there a command that can show that the latest version of @angular/http which is compatible with rxjs@5.5.11 is x.y.z?

There are tools like npmvet which are good at displaying mismatched versions in the current project but can't find any tools which would show which versions can be used to resolve compatibility conflicts.

Answer 1

I've found a hacky solution.

1. Create a dummy npm project with npm init

2. install all conflicting packages at once using single npm install command

   eg: `npm install package1 package2 package3`
   

most likely you'll find a non conflicting combination of packages.

But they might be conflicting with other existing packages

Answer 2

I've never found a good way to do this but this tool makes it a little easier: runpkg. It just allows you to browse different versions of a package from the npm registry. I like to just look at the package.json of different versions until I find one with compatible dependencies.

Answer 3

it doesn't look like a tool exists, but using npmvet and npm view in this one line command was helpful in breaking this task down for me:

npmvet -r json | jq '.[] | .name + "@" + .packageVersion' | sed -e 's/"//g' | awk '{print "echo "$0"; npm view "$0" dependencies"}'|sh | tee ../deps.txt

this has output like so:

prismjs@1.23.0 !
prop-types@15.7.2
{
  'loose-envify': '^1.4.0',
  'object-assign': '^4.1.1',
  'react-is': '^16.8.1'
}
pug@3.0.1 !
pug-code-gen@2.0.3 !
raphael@2.2.8
{ 'eve-raphael': '0.5.0' }
rc-time-picker@3.4.0
{
  'babel-runtime': '6.x',
  classnames: '2.x',
  moment: '2.x',
  'prop-types': '^15.5.8',
  'rc-trigger': '^2.2.0'
}
react-collapsible@2.6.2

if you're like me and have got a pre-existing package.json with many dozens of packages/libs that have been allowed/required to diverge over time, you can use this output to help unpick the best matching versions until npmvet hopefully comes up green.

for example I started with this from npmvet:

searching through my deps.txt, I found:

prettier-eslint@11.0.0
{
  '@typescript-eslint/parser': '^3.0.0',
  'common-tags': '^1.4.0',
  dlv: '^1.1.0',
  eslint: '^6.8.0',
  'indent-string': '^4.0.0',
  'lodash.merge': '^4.6.0',
  'loglevel-colored-level-prefix': '^1.0.0',
  prettier: '^2.0.0',
  'pretty-format': '^23.0.1',
  'require-relative': '^0.8.7',
  typescript: '^3.9.3',
  'vue-eslint-parser': '~7.1.0'
}

I'm on typescript@3.7.5, but prettier-eslint@11.0.0 wants typescript@3.9.3.

I then ran npm i typescript@3.9.3 to satisfy the dependency, and npmvet is now matching for that package: