0

We develop in Angular with Visual Studio Code using GitHub as a code repository. This works fine, but recently we had a problem due to one of the developers having a different version of a certain library. Since installing with npm doesn't require to specify the version (it installs the latest) he ended up with a version different from the other developers.

One way to solve the problem is to put all the libraries in GitHub, but that seems overwhelming. What are the best practices to have all developers use the same version of javascript libraries?

Improve this question
4
  • 2
    I guess I may be misinformed, but isn't that the role of package-lock? Is the file committed in the repo? Commented Jan 17, 2020 at 1:16
  • 4
    1) Designate fixed versions of Angular in your package.json (e.g. "8.0.0") or 2) If you want to stick with SemVer specs to update minor and patch versions (e.g. "^8.0.0"), commit your package-lock.json file. Commented Jan 17, 2020 at 1:17
  • it's a good question. You can require exact versions in your package.json using @. Commented Jan 17, 2020 at 1:21
  • yeah I aggree with @miqh, you need the package-lock.json so that, when one member uses npm-install. The library should install the right version. Commented Jan 17, 2020 at 2:07

1 Answer 1

Reset to default
1

Make sure package.json specifies the version of dependencies and that you commit this file

{
  "dependencies": {
    "foo": "1.2.3"  exact version
    "bar": ">1.2.3" greater than 1.2.3
    "baz": "^1.2.3" compatible with 1.2.3, ie from 1.2.3 until below 2.0.0
  }
}

More details on semantic versionning

package.json defines which range of versions can be installed, but package-lock.json defines which exact versions of all packages (all = includes dependencies of dependencies) are installed. You have to commit this file.

Also, prefer npm clean-install rather than npm install because it throws an error if the installed packages in the node modules folder don't match the ones defined in the package lock.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I prefer to use package-lock.json so everybody has the same library versions, even small changes can make a difference.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.