Contents
What is a pinned version?
With the term pinning we are referring to the practice of making explicit the version of the libraries your application is depending on. Package managers like npm or yarn use semver ranges by default, which basically allows you to install a “range” of versions instead of a specific one.
Should I use save exact?
–save-exact is a near perfect solution for protecting your code against open source development errors. If you want to go whole-hog on package version control, then you will need to lock down the dependencies of your packages recursively. Take a look at the npm shrinkwrap command for more information on this.
What is meant by semantic versioning?
Semantic Versioning is a versioning scheme for using meaningful version numbers (that’s why it is called Semantic Versioning). Semantic Versioning works by structuring each version identifier into three parts, MAJOR , MINOR , and PATCH , and them putting these together using the familiar “ MAJOR.
What are the downsides of pinning dependencies?
The biggest downside of pinning concerns libraries development. If you are publishing you own library to npm and you decide to pin the dependencies then the incredibly narrow range of versions will almost certainly lead to duplicates in node_module.
How should you Pin Your NPM dependencies and why?
If you are publishing you own library to npm and you decide to pin the dependencies then the incredibly narrow range of versions will almost certainly lead to duplicates in node_module. If another package pinned a different version you will end up with both and your bundle size will increase (and thus the loading times).
How to pin dependencies in package.json?
package.json and the sub-dependencies problem Historically the most common way to pin dependencies was to specify an exact version in your package.json, for example using the –save-exact parameter with npm install (you can make it default by adding save-exact=true to your.npmrc). With yarn you can use –exact / -E.