16

I am trying to lock node and npm version in my javascript project to ensure other developers have those specific versions when building bundles to commit. I just added this to my package.json: 

  "engineStrict" : true,
  "engines": {
    "node" : "10.10.0",
    "npm" : "6.5.0"
  },

Will this enforce those versions definitively? I am unfamiliar with locking down versions since I am used to be the sole developer on frontend projects or inheriting projects that have had this set up.
Alternatively, is there a benefit of also adding an .nvmrc file that specifies the same version or is that redundant if I'm using engines?

burtonLowel
  • 734
  • 7
  • 17
  • 1
    Does this answer your question? [How can I specify the required Node.js version in package.json?](https://stackoverflow.com/questions/29349684/how-can-i-specify-the-required-node-js-version-in-package-json) – RobC Apr 24 '20 at 08:56
  • Related: https://stackoverflow.com/q/60124530/320399 – blong Feb 16 '21 at 17:04

1 Answers1

25

Enforcing Node.js version

engineStrict is deprecated since npm v3, but you can set engine-strict=true in your .npmrc file. If you have engines set in package.json, an error will be thrown when someone installs on an unsupported Node.js version.

.nvmrc for developer convenience

To make it easier for other developers to use a supported Node.js version, you can add a .nvmrc file. Now other developers can run nvm use to automatically use a supported version.

Elias Meire
  • 1,238
  • 1
  • 11
  • 14
  • Thanks @elias . I assume that if I go the .nvmrc route rather than using engines, I can't specify npm versions though, right? – burtonLowel Apr 24 '20 at 08:26
  • You don't need to choose :). They complement each other: package.json + .npmrc enforces the version, .nvmrc makes it easier for others to use the right version. – Elias Meire Apr 24 '20 at 08:31
  • just so I am clear....if I'm writing a module I expect others to install, I would set the "engines" field in my package.json. If I'm an app that uses the dep AND the dep set their engines field, then I ONLY need to have set the engines-strict config in .npmrc. IE setting the engines field in a package.json that's not used as a dep someplace else, doesn't appear to have any value. If I set "engines" to Node 12 in my app, I can run all my package scripts in node 8.....and nothing complains – Jason Aug 28 '20 at 16:06