[BUG] npm update does not save new versions in package.json

npm / cli

the package manager for JavaScript

https://docs.npmjs.com/cli/

Other

8.33k stars 3.06k forks source link

[BUG] npm update does not save new versions in package.json #2704

Closed saltire closed 2 years ago

saltire commented 3 years ago

Current Behavior:

When running npm update, packages are updated normally, package-lock.json is updated, but package.json is not. (npm install [package]@[version] does update package.json as expected.)

Expected Behavior:

The package.json file should be updated with the newly installed versions, as specified in the npm-update docs.

Steps To Reproduce:

npm update
Check package.json

Environment:

OS: Mac OS Big Sur Node: 14.15.5 NPM: 7.5.4

matthewmayer commented 2 years ago

and save=true is the default.

Is it? The comments above suggest save=false is the default in 8.3.2?

ljharb commented 2 years ago

@matthewmayer it's the default for update, but i believe --save on the command line only will overwrite that for update. save=true is already the default for everything else.

sla100 commented 2 years ago

I've never heard of global-style

This is a best mode for the project. The first level of node_modules contains only first-level dependencies.

ljharb commented 2 years ago

That will break a lot of setups (the same ones yarn pnp and pnpm break). Packages expect the hoisting npm does.

matthewmayer commented 2 years ago

npm update --save in npm@8.3.2 works differently to npm update in npm@6 when specifying an exact version

For example if you run npm install --save-exact cron@1.8.0

Then your package.json will look like this:

"cron": "1.8.0"

if you then run on npm@6 npm update

nothing is changed

but if you then run on npm@8.3.2

npm update --save

package.json is updated to

"cron": "^1.8.0"

and then if you run npm update --save again package.json is updated to

"cron": "^1.8.2"

davidspiess commented 2 years ago

I ran into the same issue as well. This could potentially break some production apps, since pinning a dependency to a specific version is rather common and can slip through code reviews quite easily.

StefanNedelchev commented 2 years ago

I ran into the same issue as well. This could potentially break some production apps, since pinning a dependency to a specific version is rather common and can slip through code reviews quite easily.

Agree for the code reviews. Much easier to review package.json rather than package-lock.json.

matthewmayer commented 2 years ago

npm update --save in npm@8.3.2 works differently to npm update in npm@6 when specifying an exact version

For example if you run npm install --save-exact cron@1.8.0

Then your package.json will look like this:

"cron": "1.8.0"

if you then run on npm@6 npm update

nothing is changed

but if you then run on npm@8.3.2

npm update --save

package.json is updated to

"cron": "^1.8.0"

and then if you run npm update --save again package.json is updated to

"cron": "^1.8.2"

This was fixed in npm@8.4.0, thanks @ruyadorno !

aplotor commented 2 years ago

v=8.11.0 npm update --save is not updating package.json for me

skysantoroa commented 2 years ago

v=8.11.0 npm update --save is not updating package.json for me

Same for version 8.5.5, node 16, Ubuntu 22

ljharb commented 2 years ago

There’s no point in trying a non-latest version of npm - if you’re still having problems with the latest version, please file a new issue.

amycheng2958 commented 2 years ago

v=8.11.0 npm update --save is not updating package.json for me

Same for version 8.5.5, node 16, Ubuntu 22

Same for version 8.5.0, node 16, macos monterey

lukekarrys commented 1 year ago

Please open a new issue for any bugs or regressions with update --save.