3

I want to only allow certain version of node and npm before the user can run his npm install on my module.

In the NPM documentation, there is an engine attribute, dedicated to this task:

  "engines": {
    "node": ">=4.0.0",
    "npm": ">=3.0.0"
  }

These parameters will only allow node and npm versions up to 4 and 3.

However, the documentation says that the engine-strict attribute should be enabled in order to check the versions. On engine-strict, it is said that:

This feature was deprecated with npm 3.0.0

So, is there a way, with npm3, to define minimal Node and NPM versions for a module?

Romain Linsolas
  • 79,475
  • 49
  • 202
  • 273
  • Related: https://stackoverflow.com/q/60124530/320399 and https://stackoverflow.com/q/61403815/320399 – blong Feb 16 '21 at 17:04

2 Answers2

2

Yarn checks the engine out of the box at the time of installation. But with npm, you may have to write a custom validator at this moment for checking node versions before firing a script.

export function verifyNodeVersion(version) {
  const nodeVersion = process.versions.node;
  if (!nodeVersion.startsWith(`${version}.`)) {
    throw new Error(
      `Incorrect version of Node found: ${nodeVersion}, Expected: v${version}.x`
    );
  }
  console.log('Current Node version:', nodeVersion);
  return true;
}

And call the function in the entry points.

Abhinaba
  • 376
  • 1
  • 8
0

So, is there a way, with npm3, to define minimal Node and NPM versions for a module?

engines does that. It's just that it does it by A) Outputting an advisory message warning the user if their system isn't up-to-scratch, and B) Failing if the user has set the engine-strict config flag.

All the documentation is saying is that engineStrict is no longer supported to push the user around. :-) If they want to ignore the advisory messages and not use the engine-strict config flag, then caveat user.

T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875