Updating an indirect dependency in shrinkwrapped project

Question

Is there a good way with npm (I'm on npm@5) to do a version bump for a nested dependency in a shrinkwrapped/lockfiled project?

Doing an npm install package@latest --save will update the shrinkwrap file as expected, but it also adds the dependency to package.json, which is not what I want. Doing an npm install --no-save package@latest will properly skip updating package.json, but it also won't update the shrinkwrap file.

Is there a simple way to update the sub-dependency and shrinkwrap file without touching package.json?

Jacob · Answer 1 · 2018-08-06T22:42:07.357

3

The workaround I most often use is a two-step process:

npm i --no-save subdependency@latest && npm shrinkwrap --dev

This is not ideal, but it works. Hopefully someone else has a one-step solution.

Update:

Nowadays, I do this:

npm i --save subdependency@latest && npm uninstall --save subdependency

...which is also annoying.

edited Aug 06 '18 at 22:42

answered Nov 22 '17 at 22:44

Jacob

77,566
24
149
228

Updating an indirect dependency in shrinkwrapped project

1 Answers1