[BUG] Tilde package version is not changing after update in package.json

[almasipatrik]

Is there an existing issue for this?

• [X] I have searched the existing issues

This issue exists in the latest npm version

• [X] I am using the latest npm

Current Behavior

1. Install express version: 4.17.0
2. Use tilde (~) instead of caret (^)
3. Run npm install express
4. Express version in package.json not changed, it's 4.17.0 but 4.17.3 in package.lock

Expected Behavior

1. Install express version: 4.17.0
2. Use tilde (~) instead of caret (^)
3. Run npm install express
4. Express version in package.json is 4.17.3 and it's match with package.lock express version

Steps To Reproduce

Please see at Current Behavior

Environment

• npm: 8.19.2
• Node.js: 18.5.0
• OS Name: Windows 11
• System Model Name: Huawei Matebook
• npm config:

  
  ; node bin location = C:\Program Files\nodejs\node.exe
  ; node version = v18.5.0
  ; npm local prefix = C:\Users\Patrik\Desktop\NodeJs
  ; npm version = 8.19.2
  ; cwd = C:\Users\Patrik\Desktop\NodeJs
  ; HOME = C:\Users\Patrik
  ; Run `npm config ls -l` to show all defaults.
  PS C:\Users\Patrik\Desktop\NodeJs> npm -v
  8.19.2
  PS C:\Users\Patrik\Desktop\NodeJs> node -v
  v18.5.0
  PS C:\Users\Patrik\Desktop\NodeJs> npm config ls -l
  ; "default" config from default values

_auth = (protected) access = null all = false allow-same-version = false also = null audit = true audit-level = null auth-type = "legacy" before = null bin-links = true browser = null ca = null cache = "C:\Users\Patrik\AppData\Local\npm-cache" cache-max = null cache-min = 0 cafile = null call = "" cert = null ci-name = null cidr = null color = true commit-hooks = true depth = null description = true dev = false diff = [] diff-dst-prefix = "b/" diff-ignore-all-space = false diff-name-only = false diff-no-prefix = false diff-src-prefix = "a/" diff-text = false diff-unified = 3 dry-run = false editor = "notepad.exe" engine-strict = false fetch-retries = 2 fetch-retry-factor = 10 fetch-retry-maxtimeout = 60000 fetch-retry-mintimeout = 10000 fetch-timeout = 300000 force = false foreground-scripts = false format-package-lock = true fund = true git = "git" git-tag-version = true global = false global-style = false globalconfig = "C:\Users\Patrik\AppData\Roaming\npm\etc\npmrc" heading = "npm" https-proxy = null if-present = false ignore-scripts = false include = [] include-staged = false include-workspace-root = false init-author-email = "" init-author-name = "" init-author-url = "" init-license = "ISC" init-module = "C:\Users\Patrik\.npm-init.js" init-version = "1.0.0" init.author.email = "" init.author.name = "" init.author.url = "" init.license = "ISC" init.module = "C:\Users\Patrik\.npm-init.js" init.version = "1.0.0" install-links = false json = false key = null legacy-bundling = false legacy-peer-deps = false link = false local-address = null location = "user" lockfile-version = null loglevel = "notice" logs-dir = null logs-max = 10 ; long = false ; overridden by cli maxsockets = 15 message = "%s" metrics-registry = "https://registry.npmjs.org/" node-options = null node-version = "v18.5.0" noproxy = [""] npm-version = "8.19.2" offline = false omit = [] omit-lockfile-registry-resolved = false only = null optional = null otp = null pack-destination = "." package = [] package-lock = true package-lock-only = false parseable = false prefer-offline = false prefer-online = false ; prefix = "C:\Program Files\nodejs" ; overridden by builtin preid = "" production = null progress = true proxy = null read-only = false rebuild-bundle = true registry = "https://registry.npmjs.org/" replace-registry-host = "npmjs" save = true save-bundle = false save-dev = false save-exact = false save-optional = false save-peer = false save-prefix = "^" save-prod = false scope = "" script-shell = null searchexclude = "" searchlimit = 20 searchopts = "" searchstaleness = 900 shell = "C:\Windows\system32\cmd.exe" shrinkwrap = true sign-git-commit = false sign-git-tag = false sso-poll-frequency = 500 sso-type = "oauth" strict-peer-deps = false strict-ssl = true tag = "latest" tag-version-prefix = "v" timing = false tmp = "C:\Users\Patrik\AppData\Local\Temp" umask = 0 unicode = true update-notifier = true usage = false user-agent = "npm/{npm-version} node/{node-version} {platform} {arch} workspaces/{workspaces} {ci}" userconfig = "C:\Users\Patrik\.npmrc" version = false versions = false viewer = "browser" which = null workspace = [] workspaces = null workspaces-update = true yes = null

[ljharb]

If you use a carat, does package.json change? Typically npm update doesn’t change package.json, i think.

[almasipatrik]

I changed the issue description from npm update to npm install.

When I tried to run npm install for a caret defined package then the version changed in package.json and package.lock, but when I did the same with tilde then the version was the same in package.json but package.lock was updated with the new one.