GautamTirumala
commented
1 year ago The correct thing according to me is ^2.4.3 only because, if you specify ^2.4.3 as a dependency in your project, it means you are allowing any version that starts with "2" (the major version) and is equal to or greater than 2.4.3. So, it could be 2.4.3, 2.4.4, 2.5.0, 2.6.0, and so on, as long as the major version remains 2.
Issue Reason: Your application might crash or behave differently with the new update
Reason Your application currently uses '^' with the dependencies in the package.json file. If someone run this app after a while the updated package will get installed with the
npm install, so there are high chance that your application some component might not work smoothly with those update. So it's best practice to use the stable packages and make them the defaultSolution: You can remove this '^' symbol from your dependencies.
Example Incorrect > "bcryptjs": "^2.4.3", Correct > "bcryptjs": "2.4.3",