npm: how to find the latest compatible version of a dependency for a node module at a specific version?

Asked 26/4, 2020 at 20:23 Answered 8/3, 2024 at 8:53

node.js npm version dependency-management

Is there a way to determine the latest version of a specific module which is compatible with another module at a specific version?

For example, running npm install @angular/http pulls @angular/[email protected] which dependes on rxjs@^6.0.0, but a lower version of rxjs is already present in the project — [email protected], and bumping this version will require updating a whole lot of other modules, which I want to avoid.

Is there a command that can show that the latest version of @angular/http which is compatible with [email protected] is x.y.z?

There are tools like npmvet which are good at displaying mismatched versions in the current project but can't find any tools which would show which versions can be used to resolve compatibility conflicts.

Selhorst answered 26/4, 2020 at 20:23 Comment(0)

it doesn't look like a tool exists, but using npmvet and npm view in this one line command was helpful in breaking this task down for me:

npmvet -r json | jq '.[] | .name + "@" + .packageVersion' | sed -e 's/"//g' | awk '{print "echo "$0"; npm view "$0" dependencies"}'|sh | tee ../deps.txt

this has output like so:

[email protected] !
[email protected]
{
  'loose-envify': '^1.4.0',
  'object-assign': '^4.1.1',
  'react-is': '^16.8.1'
}
[email protected] !
[email protected] !
[email protected]
{ 'eve-raphael': '0.5.0' }
[email protected]
{
  'babel-runtime': '6.x',
  classnames: '2.x',
  moment: '2.x',
  'prop-types': '^15.5.8',
  'rc-trigger': '^2.2.0'
}
[email protected]

if you're like me and have got a pre-existing package.json with many dozens of packages/libs that have been allowed/required to diverge over time, you can use this output to help unpick the best matching versions until npmvet hopefully comes up green.

for example I started with this from npmvet:

searching through my deps.txt, I found:

[email protected]
{
  '@typescript-eslint/parser': '^3.0.0',
  'common-tags': '^1.4.0',
  dlv: '^1.1.0',
  eslint: '^6.8.0',
  'indent-string': '^4.0.0',
  'lodash.merge': '^4.6.0',
  'loglevel-colored-level-prefix': '^1.0.0',
  prettier: '^2.0.0',
  'pretty-format': '^23.0.1',
  'require-relative': '^0.8.7',
  typescript: '^3.9.3',
  'vue-eslint-parser': '~7.1.0'
}

I'm on [email protected], but [email protected] wants [email protected].

I then ran npm i [email protected] to satisfy the dependency, and npmvet is now matching for that package:

Silicosis answered 14/4, 2021 at 6:42 Comment(0)

I've never found a good way to do this but this tool makes it a little easier: runpkg. It just allows you to browse different versions of a package from the npm registry. I like to just look at the package.json of different versions until I find one with compatible dependencies.

Hinkel answered 12/9, 2022 at 19:15 Comment(0)

I've found a hacky solution.

Create a dummy npm project with npm init
install all conflicting packages at once using single npm install command
```
eg: `npm install package1 package2 package3`
```

most likely you'll find a non conflicting combination of packages.

But they might be conflicting with other existing packages

Unshapen answered 8/3, 2024 at 8:53 Comment(0)

Recommended topics

Hot tags