Open adamlui opened 7 months ago
This is the documented behaviour. Try adding --save
.
https://docs.npmjs.com/cli/v10/commands/npm-update
Note that by default npm update will not update the semver values of direct dependencies in your project package.json. If you want to also update values in
package.json
you can run:npm update --save
(or add thesave=true
option to a configuration file to make that the default behavior).
Hey @shadowspawn thanks for the info, npm update --save
also isn't updating package.json
The bug appears to be affecting dependabot's behavior too: https://github.com/dependabot/dependabot-core/issues/9071
Sometimes dependabot updates both files: Bump @adamlui/scss-to-css from 1.1.1 to 1.2.0 Bump @adamlui/minify.js from 1.0.1 to 1.0.2
...and sometimes it doesn't: Bump @adamlui/scss-to-css from 1.0.1 to 1.2.0 Bump sass from 1.70.0 to 1.71.0 in /scss-to-css
Wait nvm those were sub-dependencies and my main ones were already up-to-date, I tested down-bumping then --save
worked to edit both files. But do you know if Dependabot's glitched behavior is due to a npm cli bug?
Also if a user is using --save
and sub-dependencies are being bumped, shouldn't it be expected they want the sub-dependency's package.json' to save this new tree?
I am seeing two behaviors from my workflow and maybe this is related. I am using node@20
and npm@10.1.0
--save
works with the npm update
command, however, if I set save=true
in my .npmrc
file, it does not pick up the setting. And --save
doesn't work for workspaces. e.g. npm update prettier --save -w my_workspace_1
will only update package-lock file.
I'm having a very similar issue, if I run npm up --save
some dependencies are getting updated in package.json
but some don't.
In this example if you run npm up --save
- vite
will be updated but vitest
wont. They both get updated in package-lock.json
as they should.
https://raw.githubusercontent.com/HristoKolev/vite-workshop/e0079a98e32ef069ca20e66c9223836132a37d1b/package.json https://raw.githubusercontent.com/HristoKolev/vite-workshop/e0079a98e32ef069ca20e66c9223836132a37d1b/package-lock.json
10.2.4
v20.11.0
; node bin location = C:\Program Files\nodejs\node.exe
; node version = v20.11.0
; npm local prefix = C:\Users\hristo
; npm version = 10.2.4
; cwd = C:\Users\hristo
; HOME = C:\Users\hristo
; Run `npm config ls -l` to show all defaults.
I also found this behavior surprising.
Instead of npm update <package>
I now use npm install <package>@<version>
to make sure the package json is updated but it's less conveniant because I need to look up the version first.
In my case npm update --save
does update (some!!!!!) packages but not others. I'm using version 10.8.0
on MacOS Sonoma 14.5
with node 20.11.1
Repro steps using an Angular app as sample project:
npm install -g @angular/cli
ng new my-app
and selecy any option in the setup wizard (will not affect the result)cd my-app
package.json
> it should reference tslib: ^2.3.0
as dependencytslib
and zone.js
> npm list
and look for tslib
and zone.js
tslib
version > npm install tslib@2.3.0
zone.js
version > npm install zone.js@0.14.3
2.6.2
at this moment) > npm list tslibnpm update --save
package.json
file and notice that zone.js
version is up to date but tslib
is nottslib
and zone.js
are BOTH up to date > npm list
and look for tslib
and zone.js
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
When running
npm update
from a project's root, only the package-lock.json gets editedExpected Behavior
When running
npm update
, both the package.json + package-lock.json should be editedSteps To Reproduce
npm update
in any package rootEnvironment
prefix = "C:\Users\adaaaam\AppData\Roaming\npm"
; "user" config from C:\Users\adaaaam.npmrc
//registry.npmjs.org/:_authToken = (protected)
; node bin location = C:\Program Files\nodejs\node.exe ; node version = v21.6.2 ; npm local prefix = e:\kudoai\kudoai.com ; npm version = 10.2.4 ; cwd = e:\kudoai\kudoai.com ; HOME = C:\Users\adaaaam ; Run
npm config ls -l
to show all defaults.