npm install not installing latest version on GitHub

Asked 28/4, 2014 at 10:15 Answered 7/9, 2017 at 17:42

Solved node.js express npm sails.js waterline

I have a module called 'sails-mongo' and I want to update it to the newest version using the following command:

npm update sails-mongo --save

I also tried uninstall then install again. I tried sails-mongo@latest and sails-mongo@beta.

Problem: The current version (master) on GitHub the package.json (https://github.com/balderdashy/sails-mongo/blob/master/package.json) file has:

"dependencies": {
  "async": "~0.2.9",
  "lodash": "~2.4.1",
  "mongodb": "1.4.2",
  "waterline-errors": "~0.10.0"
},

And in the one being updated

"dependencies": {
  "async": "0.2.10",
  "underscore": "1.5.2",
  "underscore.string": "2.3.3",
  "mongodb": "~1.3.23"
},

The only way I get the master branch is using the command npm install git+https://github.com/balderdashy/sails-mongo

Why doesn't sails-mongo@latest install the master branch?

Commendam answered 28/4, 2014 at 10:15 Comment(3)

Because NPM doesn't install from Github, it installs from NPM. The repository key in package.json just identifies a repository which shows on the NPM page. – Swor 28/4, 2014 at 11:8

+1 but not sure I got you, let me ask it differently: how does NPM know which version to install? – Commendam 28/4, 2014 at 11:16

Packages are published to NPM independently of Github. When a developer publishes the package, it takes the version number from package.json. NPM stores each of these almost like Github does. When you run NPM install <package> it will always install the latest version, but if you specify the package in package.json you can add which version you'd like to install. – Swor 28/4, 2014 at 11:20

By default, NPM dependencies are pulled from the NPM repository. Authors must manually upload new versions of their software to the NPM repository, so the "@latest" version of the code hosted on NPM is different from the latest version of the code that exists anywhere (e.g., on GitHub).

According to the NPM repository's info page on Sails, the latest NPM-hosted version is 0.9.16 while the current GitHub version is 0.10.0-rc3.

If you want to have your project depend upon a particular branch or commit of a particular Git repo (instead of the version(s) hosted on the NPM repository), the NPM developers have included an explicit mechanism to allow this, detailed in "Git URLs as Dependencies" in the package.json docs:

Git URLs as Dependencies

Git urls can be of the form:
git://github.com/user/project.git#commit-ish
git+ssh://user@hostname:project.git#commit-ish
git+ssh://user@hostname/project.git#commit-ish
git+http://user@hostname/project/blah.git#commit-ish
git+https://user@hostname/project/blah.git#commit-ish
The commit-ish can be any tag, sha, or branch which can be supplied as an argument to git checkout. The default is master.

In fact, it's easier still to use a Github.com repo as a dependency:

As of version 1.1.65, you can refer to GitHub urls as just "foo": "user/foo-project". For example:
{
  "name": "foo",
  "version": "0.0.0",
  "dependencies": {
    "express": "visionmedia/express"
  }
}

So, to use the Sails GitHub repo, simply use:

"dependencies": {
  "sails": "balderdashy/sails-mongo",
  ...
}

And to use the exact state of Sails as it exists on GitHub as of April 28, 2014, use:

"dependencies": {
  "sails": "git://github.com/balderdashy/sails-mongo#b9cdce9a48",
  ...
}

Endosperm answered 28/4, 2014 at 17:58 Comment(4)

So there is actually no way to install latest stable release without going to github everytime and specifically check which release/branch/etc. you need? – Censure 23/5, 2016 at 15:1

@Censure Can you not just use the repo's master branch for the latest stable version? If the repo maintainers keep making new branches and switching which branch has the latest version, then yes, you'd need to keep up with that maintainer's shell-game of which branch is latest. – Endosperm 23/5, 2016 at 15:51

Not always, i.e. npm install github:jquery/jquery-ui installs latest available release (github.com/jquery/jquery-ui/releases)... – Censure 23/5, 2016 at 18:44

@Censure Interesting! That behavior does not need to be documented anywhere I've seen. (The page I linked to when writing this answer last year has disappeared, and I don't think it said anything about releases back then.) I'm not sure when npm uses releases vs. master. (If you can find it, that would make a great addition or possibly separate answer. If you can't find anything, it might make a good separate question.) – Endosperm 23/5, 2016 at 19:15

I had a similar issue. Via the NPM Registry I was trying to get the latest from a project I saw in in GitHub, like this:

//package.json
"devDependencies": {
    "foo-package": "^3.3.0",
}

But the code I got back from npm install (as observed in the node_modules/ folder) was not what I saw in GitHub repository's master branch. I was confused; as the two didn't match.

I eventually found: https://docs.npmjs.com/cli/view, which reveals some information (versions and dates) of what the NPM Registry is aware of for a particular repository.

// Console example
npm view foo-package

After confirming that what I wanted from GitHub repository's master branch wasn't in the NPM Registry, I eventually changed my approach Git URLs as Dependencies, just as @apsillers answers.

Xenon answered 7/9, 2017 at 17:42 Comment(2)

What is an extra info in your answer additionally to @Endosperm answer? – Kinnard 8/10, 2019 at 5:23

It's been 2+ years since I wrote this. However, it appears the value added to @Endosperm answer is the debugging tool toward understanding what is published on npm. Hence the tool: docs.npmjs.com/cli/view – Xenon 9/10, 2019 at 18:42

Recommended topics

Hot tags