Comments (8)
This is the documented behaviour. Try adding --save
.
https://docs.npmjs.com/cli/v10/commands/npm-update
Note that by default npm update will not update the semver values of direct dependencies in your project package.json. If you want to also update values in
package.json
you can run:npm update --save
(or add thesave=true
option to a configuration file to make that the default behavior).
from cli.
Hey @shadowspawn thanks for the info, npm update --save
also isn't updating package.json
The bug appears to be affecting dependabot's behavior too: dependabot/dependabot-core#9071
Sometimes dependabot updates both files:
Bump @adamlui/scss-to-css from 1.1.1 to 1.2.0
Bump @adamlui/minify.js from 1.0.1 to 1.0.2
...and sometimes it doesn't:
Bump @adamlui/scss-to-css from 1.0.1 to 1.2.0
Bump sass from 1.70.0 to 1.71.0 in /scss-to-css
from cli.
Wait nvm those were sub-dependencies and my main ones were already up-to-date, I tested down-bumping then --save
worked to edit both files. But do you know if Dependabot's glitched behavior is due to a npm cli bug?
from cli.
Also if a user is using --save
and sub-dependencies are being bumped, shouldn't it be expected they want the sub-dependency's package.json' to save this new tree?
from cli.
I am seeing two behaviors from my workflow and maybe this is related. I am using node@20
and [email protected]
--save
works with the npm update
command, however, if I set save=true
in my .npmrc
file, it does not pick up the setting. And --save
doesn't work for workspaces. e.g. npm update prettier --save -w my_workspace_1
will only update package-lock file.
from cli.
I'm having a very similar issue, if I run npm up --save
some dependencies are getting updated in package.json
but some don't.
In this example if you run npm up --save
- vite
will be updated but vitest
wont. They both get updated in package-lock.json
as they should.
https://raw.githubusercontent.com/HristoKolev/vite-workshop/e0079a98e32ef069ca20e66c9223836132a37d1b/package.json
https://raw.githubusercontent.com/HristoKolev/vite-workshop/e0079a98e32ef069ca20e66c9223836132a37d1b/package-lock.json
- npm:
10.2.4
- Node.js:
v20.11.0
- OS Name: Windows 11 Pro
- npm config:
; node bin location = C:\Program Files\nodejs\node.exe
; node version = v20.11.0
; npm local prefix = C:\Users\hristo
; npm version = 10.2.4
; cwd = C:\Users\hristo
; HOME = C:\Users\hristo
; Run `npm config ls -l` to show all defaults.
from cli.
I also found this behavior surprising.
Instead of npm update <package>
I now use npm install <package>@<version>
to make sure the package json is updated but it's less conveniant because I need to look up the version first.
from cli.
In my case npm update --save
does update (some!!!!!) packages but not others. I'm using version 10.8.0
on MacOS Sonoma 14.5
with node 20.11.1
Repro steps using an Angular app as sample project:
- Install angular cli if not already in place >
npm install -g @angular/cli
- Create an empty angular app >
ng new my-app
and selecy any option in the setup wizard (will not affect the result) - Move to the new working folder >
cd my-app
- Check the created
package.json
> it should referencetslib: ^2.3.0
as dependency - Check the actual installed version of
tslib
andzone.js
>npm list
and look fortslib
andzone.js
- Eventually, for the sake of the issue, force the proper
tslib
version >npm install [email protected]
- Eventually, for the sake of the issue, force the proper
zone.js
version >npm install [email protected]
- Check all dependencies for tslib allow for latest version of tslib (
2.6.2
at this moment) > npm list tslib - Run
npm update --save
- Check your
package.json
file and notice thatzone.js
version is up to date buttslib
is not - Check the actual installed version of
tslib
andzone.js
are BOTH up to date >npm list
and look fortslib
andzone.js
from cli.
Related Issues (20)
- [BUG] minimatch warning HOT 2
- [BUG] `npm pack` doesn't match directory prefiex (`dist-*` doesn't match `dist-cjs/index.js`) HOT 20
- [BUG] <title>
- [BUG] <title>
- [BUG] Fatal error Check failed: VerifyChecksum(blob) HOT 3
- [BUG] Npm install not sending accept: 'application/vnd.npm.install-v1+json' header HOT 4
- [BUG] Wrong lock file modification for optional dependency
- npm ERR! Exit handler never called![BUG] <title> HOT 1
- [BUG] Can not get `npm ls` to show origin of an optional dependency HOT 2
- [BUG] `npm view` returning string without quotes with version 10.8.0 HOT 1
- [BUG] My computer is a Surface based on Windows ARM architecture, and I also encountered the same problem. I have tried to delete `package-lock.json` and `node_modules`, and then re-executed the `npm install` command, but the result has not changed. The following are my relevant error reports: HOT 2
- [BUG] <title>
- [BUG] Package fails to publish with OTP on `[email protected]` HOT 2
- [BUG] incorrect resolution of relative paths with install-strategy=linked
- Npm install HOT 3
- Install Progress
- Progress bar HOT 1
- [BUG] "npm publish" tags pre-versions as "latest" HOT 8
- [BUG] `npm` doesn't correctly resolve workspaces when defining a dependency using GitHub URLs
- [BUG] Failed index access on utils/tar.js while trying to publish a package with node_modules HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.