Closed lukiano closed 4 years ago
I've no experience of installing using yarn
, but we don't ship a lock file to my knowledge - package.json
lists the dependencies that need resolving together with rules on which versions will satisfy the requirements. 2.x
means a range of versions where the major
part of the semver
is 2
, so the range >=2.0.0, <3.0.0
which encompasses 2.14.0
. ^2.14.0
means a range of versions where the major
is 2
and the minor
is 14
(>=2.14.0, <2.15.0
) and so is more restrictive than 2.x
. (more info: https://docs.npmjs.com/misc/semver)
I've checked by installing appmetrics@5.1.1 using npm install
and my package-lock.json
is showing the installed nan
version as 2.14.0
so I think it's interpreting 2.x
correctly.
https://yarnpkg.com/lang/en/docs/migrating-from-npm/ shows that the equivalent yarn
command for npm update
is yarn upgrade
, so that command is necessary to update appmetrics from 4.x to 5.x in a way so that the dependencies also get updated.
From that same page:
^1.2.3 := >=1.2.3 <2.0.0
Hence ^2.14.0 means >=2.14.0 <3.0.0
I was updating this library from 4.x to 5.x to add support for Node 12, but my building kept failing. Finally the reason was that
yarn
wasn't updating the version ofnan
as the package.json file still said2.x
. I had to runyarn upgrade
to actually make it get the latest version ofnan
(with Node 12 support), which defeats the purpose of having a lock file at all.