Dependency resolution overrides feature status?

[ssidorchik]

Hi folks

I found conflicting documentation about "Dependency resolution overrides" feature. According to the roadmap page it should be available in v7, while on the v7 release notes page is mentioned its introduction in the the future versions.

I setup a test project with node v16 and npm v8. And attempted to use the feature, but it doesn't seem to work. So, I'm guessing that it's not ready yet. Could you please clarify this? Do you have any ETA? Thank you!

[merrywhether]

This is the latest info I've found: npm/rfcs#129 (comment). Seems like it's in design phase right now.

[darcyclarke]

@ssidorchik apologize for the confusion (the public roadmap needs to be updated, and will be first thing in the New Year). That said, we have indeed been working hard on overrides now for several months actually & we're just about to launch that. Definitely stay tuned to our weekly releases when we go live (in a few weeks 🤞🏻).

[Closing as this isn't a bug]

[bmaupin]

It seems like it was released in v8.3.0?

introduces overrides

https://github.com/npm/cli/releases/tag/v8.3.0

I see this now too: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides

This has been something I've been waiting on for a while as a way to deal with the neverending whack-a-mole problem of vulnerabilities in dependencies of unmaintained packages, so I'm surprised how little fanfare it's been given. Or maybe I'm just misunderstanding what it can do 😅