FAQ
Hi all,

Some node.js modules depend on strict versions of another modules like that:
"dependencies":{"mongodb":"0.9.9-3"} // mongode

or that:
"engines": { "node": "~0.6" } // express did it some time ago

Now suppose I want to always use newer versions of any modules and don't care much about what maintainers thinks about it. What should I do?

Is there any option for npm to lose respect for upper bounds of version range, but still respect lower bounds? Or any configuration like "whenever you see module@X, always install module@Y"?

--
// alex

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

Search Discussions

  • Greelgorke at Oct 23, 2012 at 7:06 am
    only option is to install all dependencies, then remove all
    sub-dependencies and reinstall then manually also.

    but why do you that that anyway?

    Am Dienstag, 23. Oktober 2012 01:22:47 UTC+2 schrieb Alex Kocharin:
    Hi all,

    Some node.js modules depend on strict versions of another modules like
    that:
    "dependencies":{"mongodb":"0.9.9-3"} // mongode

    or that:
    "engines": { "node": "~0.6" } // express did it some time ago

    Now suppose I want to always use newer versions of any modules and don't
    care much about what maintainers thinks about it. What should I do?

    Is there any option for npm to lose respect for upper bounds of version
    range, but still respect lower bounds? Or any configuration like "whenever
    you see module@X, always install module@Y"?

    --
    // alex
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Alex Kocharin at Oct 24, 2012 at 1:11 am
    =A0It's because I strongly believe that, if you have enough= time for testing, it's far better
    to always use latest versions of every s= oftware.=A0If you have a good knowledge of the
    softwa= re you use, and good integration tests, and a testing team, it's nothing wr= ong with
    usage of, say, node 0.9.x on production, right?=A0I assume that ne= wer versions of a software
    is generally better, if you have a time to test = everything and track all API changes.--
    // alex= =A0=A023.10.2012, 11:06, "greelgorke" <greelgorke@= gmail.com>:only option is
    to install all= dependencies, then remove all sub-dependencies and reinstall then
    manually= also.but why do you that that anyway? =A0

    Am Dienstag, 23.= Oktober 2012 01:22:47 UTC+2 schrieb Alex Kocharin:Hi al= l,

    Some node.js modules depend on strict versions of another m= odules like that:
    "dependencies":{"mongodb":"0.9.9-3"} // mongode
  • Jacob Groundwater at Oct 24, 2012 at 2:52 am
    I think it comes down to a tradeoff. A lot of packages are not written as
    well or as thorough as they could be. A lot of packages I look at on NPM
    are pre 0.1 even.

    Thus it comes down to whether you would rather have all packages using
    their latest version, or whether you want a tacit "guarantee" of
    functionality.

    The Linux kernel team for example recommends always running the latest
    release, but most distributions lock the kernel version down for several
    months if not longer.

    I think just using the latest compatible (i.e. no API changes) package for
    all packages is a good idea, but when things go wrong I would like to know
    the *exact* versions used by the developer in order to avoid a lot of
    wasted time troubleshooting.
    On Tue, Oct 23, 2012 at 6:11 PM, Alex Kocharin wrote:


    It's because I strongly believe that, if you have enough time for testing,
    it's far better to always use latest versions of every software.

    If you have a good knowledge of the software you use, and good integration
    tests, and a testing team, it's nothing wrong with usage of, say, node
    0.9.x on production, right? I assume that newer versions of a software is
    generally better, if you have a time to test everything and track all API
    changes.
    --
    // alex


    23.10.2012, 11:06, "greelgorke" <greelgorke@gmail.com>:

    only option is to install all dependencies, then remove all
    sub-dependencies and reinstall then manually also.
    but why do you that that anyway?

    Am Dienstag, 23. Oktober 2012 01:22:47 UTC+2 schrieb Alex Kocharin:

    Hi all,

    Some node.js modules depend on strict versions of another modules like
    that:
    "dependencies":{"mongodb":"0.9.9-3"} // mongode

    or that:
    "engines": { "node": "~0.6" } // express did it some time ago

    Now suppose I want to always use newer versions of any modules and don't
    care much about what maintainers thinks about it. What should I do?

    Is there any option for npm to lose respect for upper bounds of version
    range, but still respect lower bounds? Or any configuration like "whenever
    you see module@X, always install module@Y"?

    --
    // alex


    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Greelgorke at Oct 24, 2012 at 8:00 am
    There is mostly enough time for testing, but not enough time to find out
    why test break. and if i can ensure, that the breaks are not caused by some
    unstable urgent release of a subsubsubdependency, i'd rather use lates
    stable version. life is too short to search for bugs in every peace of
    software you depend on. thats why we all use software, others done, and
    hope they did it right.

    Am Mittwoch, 24. Oktober 2012 03:11:28 UTC+2 schrieb Alex Kocharin:

    It's because I strongly believe that, if you have enough time for testing,
    it's far better to always use latest versions of every software.

    If you have a good knowledge of the software you use, and good integration
    tests, and a testing team, it's nothing wrong with usage of, say, node
    0.9.x on production, right? I assume that newer versions of a software is
    generally better, if you have a time to test everything and track all API
    changes.
    --
    // alex


    23.10.2012, 11:06, "greelgorke" <greel...@gmail.com <javascript:>>:

    only option is to install all dependencies, then remove all
    sub-dependencies and reinstall then manually also.
    but why do you that that anyway?

    Am Dienstag, 23. Oktober 2012 01:22:47 UTC+2 schrieb Alex Kocharin:

    Hi all,

    Some node.js modules depend on strict versions of another modules like
    that:
    "dependencies":{"mongodb":"0.9.9-3"} // mongode

    or that:
    "engines": { "node": "~0.6" } // express did it some time ago

    Now suppose I want to always use newer versions of any modules and don't
    care much about what maintainers thinks about it. What should I do?

    Is there any option for npm to lose respect for upper bounds of version
    range, but still respect lower bounds? Or any configuration like "whenever
    you see module@X, always install module@Y"?

    --
    // alex


    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nod...@googlegroups.com <javascript:>
    To unsubscribe from this group, send email to
    nodejs+un...@googlegroups.com <javascript:>
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Isaac Schlueter at Oct 24, 2012 at 6:18 pm
    https://npmjs.org/doc/shrinkwrap.html
    On Wed, Oct 24, 2012 at 9:00 AM, greelgorke wrote:

    There is mostly enough time for testing, but not enough time to find out
    why test break. and if i can ensure, that the breaks are not caused by some
    unstable urgent release of a subsubsubdependency, i'd rather use lates
    stable version. life is too short to search for bugs in every peace of
    software you depend on. thats why we all use software, others done, and
    hope they did it right.

    Am Mittwoch, 24. Oktober 2012 03:11:28 UTC+2 schrieb Alex Kocharin:

    It's because I strongly believe that, if you have enough time for
    testing, it's far better to always use latest versions of every software.

    If you have a good knowledge of the software you use, and good
    integration tests, and a testing team, it's nothing wrong with usage of,
    say, node 0.9.x on production, right? I assume that newer versions of a
    software is generally better, if you have a time to test everything and
    track all API changes.
    --
    // alex


    23.10.2012, 11:06, "greelgorke" <greel...@gmail.com>:

    only option is to install all dependencies, then remove all
    sub-dependencies and reinstall then manually also.
    but why do you that that anyway?

    Am Dienstag, 23. Oktober 2012 01:22:47 UTC+2 schrieb Alex Kocharin:

    Hi all,

    Some node.js modules depend on strict versions of another modules like
    that:
    "dependencies":{"mongodb":"0.**9.9-3"} // mongode

    or that:
    "engines": { "node": "~0.6" } // express did it some time ago

    Now suppose I want to always use newer versions of any modules and don't
    care much about what maintainers thinks about it. What should I do?

    Is there any option for npm to lose respect for upper bounds of version
    range, but still respect lower bounds? Or any configuration like "whenever
    you see module@X, always install module@Y"?

    --
    // alex


    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/**node/wiki/Mailing-List-**
    Posting-Guidelines<https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines>
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nod...@googlegroups.com

    To unsubscribe from this group, send email to
    nodejs+un...@**googlegroups.com

    For more options, visit this group at
    http://groups.google.com/**group/nodejs?hl=en?hl=en<http://groups.google.com/group/nodejs?hl=en?hl=en>

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Chad Engler at Oct 23, 2012 at 12:52 pm
    "package": ">=1.0.1"

    Will grab the latest above that version. Is that what you are looking
    for?

    -Chad

    -----Original Message-----
    From: nodejs@googlegroups.com On Behalf
    Of Alex Kocharin
    Sent: Monday, October 22, 2012 7:22 PM
    To: nodejs@googlegroups.com
    Subject: [nodejs] npm: version locking in modules

    Hi all,

    Some node.js modules depend on strict versions of another modules like
    that:
    "dependencies":{"mongodb":"0.9.9-3"} // mongode

    or that:
    "engines": { "node": "~0.6" } // express did it some time ago

    Now suppose I want to always use newer versions of any modules and don't
    care much about what maintainers thinks about it. What should I do?

    Is there any option for npm to lose respect for upper bounds of version
    range, but still respect lower bounds? Or any configuration like
    "whenever you see module@X, always install module@Y"?

    --
    // alex

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com To
    unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Ryan Schmidt at Oct 23, 2012 at 7:44 pm
    Where would one write that if one wanted that to override what a package maintainer wrote in their package.json?

    On Oct 23, 2012, at 07:51, Chad Engler wrote:

    "package": ">=1.0.1"

    Will grab the latest above that version. Is that what you are looking
    for?
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Chad Engler at Oct 23, 2012 at 9:30 pm
    You would write it in their package.json :)

    -Chad

    -----Original Message-----
    From: nodejs@googlegroups.com On Behalf
    Of Ryan Schmidt
    Sent: Tuesday, October 23, 2012 3:44 PM
    To: nodejs@googlegroups.com
    Subject: Re: [nodejs] npm: version locking in modules

    Where would one write that if one wanted that to override what a package
    maintainer wrote in their package.json?

    On Oct 23, 2012, at 07:51, Chad Engler wrote:

    "package": ">=1.0.1"

    Will grab the latest above that version. Is that what you are looking
    for?
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com To
    unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupnodejs @
categoriesnodejs
postedOct 22, '12 at 11:22p
activeOct 24, '12 at 6:18p
posts9
users6
websitenodejs.org
irc#node.js

People

Translate

site design / logo © 2022 Grokbase