How do I update an npm package to the latest commit?

Question

Vulnerabilities in the event-stream package as outlined here have meant that I receive the following error when trying to build my application.

error An unexpected error occurred: "https://registry.yarnpkg.com/event-stream/-/event-stream-3.3.6.tgz: Request failed \"404 Not Found\"".

After some digging, I realised that the mongo-cursor-pagination package I use had a dependency on mongodb-extended-json, which in turn depends on the malicious event-stream package.

After some more searching, it became apparent that the maintainers have updated the problematic dependency as shown by this commit.

However, the latest release v7.1.0 is from 28 June 2018 and doesn't include these changes.

Essentially, I would like my code to include the latest commit to mongo-cursor-pagination but I'm unsure how to go about achieving this.

score 1 · Answer 1 · answered Jan 15 '19 at 06:16

According documentation, you can set link to git repo with commit sh like this:

git+https://github.com/mixmaxhq/mongo-cursor-pagination.git#40c3f8d

https://docs.npmjs.com/cli/install

npm install private github repositories by dependency in package.json

score 1 · Answer 2 · answered Jan 15 '19 at 06:23

1

You can download it directly from github like this:

npm install https://github.com/mixmaxhq/mongo-cursor-pagination/tarball/master --save

if you ever need to do it again: https://github.com/{USER}/{REPO}/tarball/{BRANCH}

answered Jan 15 '19 at 06:23

Mike

587
3
6

score 0 · Answer 3 · answered Jun 18 '20 at 13:25

0

Specifying the branch name in the Git URL instead of the commit hash should cause NPM to take the latest from that branch. For example, to get the latest from master:

git+https://github.com/mixmaxhq/mongo-cursor-pagination.git#master

answered Jun 18 '20 at 13:25

neilthom

475
1
4
9

How do I update an npm package to the latest commit?

3 Answers3