Reputation: 125
How to use override in package.json to update child dependencies
I am seeing a vulnarability in async and want to update it to 3.2.2
This is the dependency tree if i do npm list async
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
So looking at the npmdocs I tried to add override in package.json as follows.
{
"name": "some application",
"scripts": {...},
"dependencies": {...},
"overrides": {
"webpack-dev-server": {
"portfinder": {
"async": "3.2.2"
}
}
},
"devDependencies": {...}
}
But when I do npm install it didn't update async version to 3.2.2 and still shows older version in pacakge-lock.json.
I removed webpack-dev-server package from devDependencies but after running npm install I get empty on npm list async
└── (empty)
Any idea what am i doing wrong?
Upvotes: 1
Views: 9550
Answers (2)
Reputation: 988
You need to use NPM version 8.3.0 OR above for "override" to work. you may check the below github issue for more info,
https://github.com/npm/cli/issues/4232
Upvotes: 2
Reputation: 5
You've got it backwards ... you specify which dependency you want to override the version of (e.g. async), then provide the version or list of parents and their versions, so it's like this:
"overrides": {
"async": "3.2.2"
},
OR if being specific:
"overrides": {
"async": {
"portfinder": "3.2.2"
}
},
Upvotes: -2
Related Questions
- How can I update each dependency in package.json to the latest version?
- How do I override nested NPM dependency versions?
- Overriding NPM dependency of a dependency in package.json not working if the dependency was already installed
- How to update dependencies of dependencies using npm
- Override NPM package with another package entirely
- How to override a nested npm sub-dependency with a different package altogether (not just different package version number)?
- npm - how to override a dependent package's dependencies?
- How to update npm package's dependency?
- How to override npm package's package.json
- How do I override a dependency's dependency?