adding ability to use package.json version in comparison #324
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the functionality to allow you to update packages not based on what is currently installed in
node_modules, but instead based on what is currently defined in the package.json.Scenario:
I have just cloned a project that has
"@myorg/common-dep": "^1.0.4"defined in the package.json. The latest version of@myorg/common-depthat has been published isv1.23.4and because we are using^in the package.json npm will installv1.23.4for me (which is what I expect).Now if I run
npm-check -ynothing will happen. This is because my installed version (innode_modules) is currently the same version as the latest. This is potentially unexpected behaviour but it is a perfectly reasonable architectural decision to make 👍This PR caters for the case where someone might want to update the package.json to the latest even though they might have the latest version installed locally. One reason for that is potentially
v1.23.3has a security bug in it and they want to make sure that anyone who has the project checked out locally updates their package ASAP and make sure that it is explicit in the package.json and not just something that the package-lock.json or yarn.lock files communicated 👍