0

We use the following lib as dependencies in our project https://github.com/rlidwka/sinopia

In this lib the package.json they use express https://github.com/rlidwka/sinopia/blob/master/package.yaml

dependencies:
  express: '>=5.0.0-0 <6.0.0-0'

which is very problematic and we cannot use it since version 5 (5.0.0-alpha.1) is not official outside
https://github.com/expressjs/express the npm released version is 4.14 my question is the following

  1. What is the sense to declare dependencies in this way which is not released yet?
  2. Is there a way somehow to restricted the version to 4.14 or other 5 version (not alfa version ) without doing fork to this repo ?
John Jerrby
  • 1,683
  • 7
  • 31
  • 68

1 Answers1

1

How do I override nested NPM dependency versions? suggests using a partial npm-shrinkwrap.json to achieve what you want.

According to Allow partial npm-shrinkwrap.json to only force some dependencies, this is supported in npm@3.

Community
  • 1
  • 1
Yoni Rabinovitch
  • 5,171
  • 1
  • 23
  • 34
  • but this is external dep, for example I use in my project os like express which is using some other os like ath-to-regexp which use version alfa how can I solve it from my module? – John Jerrby Jan 16 '17 at 09:18
  • ok 1+ the problem is when you put this srinkwarp dep it download only the package you put inside this file and I want do restricted just one lib and the other should be download as before , how can I do that can you please provide example ? – John Jerrby Jan 16 '17 at 12:31
  • I mean if the parent lib use to child libs (child1&child2) and you put in the npm-shrinkwrap.json only child1 restricted version, you dont get child 2 when you install the packages why and if there is workaround for this ? – John Jerrby Jan 16 '17 at 12:40
  • This is the exact issue discussed in https://github.com/npm/npm/issues/7108. Read that whole thread carefully to understand the ins and outs of this. It's a little tricky. – Yoni Rabinovitch Jan 16 '17 at 13:40
  • I read it and didn't got it...can you please give the reference?how it's can be managed...thanks! – John Jerrby Jan 16 '17 at 16:54
  • If you aren't able to get it working with npm shrinkwrap, you can consider trying to use yarn (https://yarnpkg.com/) instead of npm. See http://stackoverflow.com/questions/40226639/how-do-i-override-nested-dependencies-with-yarn. See https://www.sitepoint.com/yarn-vs-npm for a godd overview of the differences between npm and yarn. – Yoni Rabinovitch Jan 17 '17 at 07:36