NPM and package.json weirdness

[scripting]

Something weird is going on with NPM and how package.json files work.

Suppose I have a package called package1 which is required by a package called package2, which in turn is required by package3 which is required by an app called helloworld, which only requires package3.

Okay, so I make a change to package1, npm publish the new version, and go to the directory that contains helloworld and npm update it.

You'd think that we'd get the new version of package1 but we don't. The only way to get it to update that I've discovered is to make a change to package3, publish it, and then npm update. But nothing changed in package3, why should I have to rebuild it just to get the change in package1 reflected in the app.

I have a feeling that this is because NPM modifies the package.json that NPM passes up the chain of require's? I swear this used to work, and what a pain in the ass if this is the only way to get changes deep in the stack reflected at the top.

[scotthansonde]

I have no idea how to try this out, but maybe package-lock.json is preventing the dependencies from updating? Maybe delete package-lock.json, then npm update?

[scripting]

@scotthansonde -- that's certainly worth a try, hadn't thought of that. thanks.

[danieldekay]

But for package3 all is fine. It requires package2 in a version that runs, and maybe even works around quirks. no need to be greedy and take all updates of required packages.

Kind of like in python a nest practice is to require the exact version of a package and not pull all upstream updates. Causes too many headaches