I passed one learning course on Node.js and Angular. And the teacher there used in package.json
A lot of asterisks instead of specific versions of libs.
"dependencies": {
"bcrypt": "*",
"bcryptjs": "^2.4.3",
"body-parser": "*",
"cors": "*",
"express": "*",
"jsonwebtoken": "*",
"mongoose": "*",
"morgan": "^1.10.0",
"passport": "*",
"passport-jwt": "*"
},
"devDependencies": {
"nodemon": "^2.0.7"
}
Is it a good or a bad practice to use them?
I passed one learning course on Node.js and Angular. And the teacher there used in package.json
A lot of asterisks instead of specific versions of libs.
"dependencies": {
"bcrypt": "*",
"bcryptjs": "^2.4.3",
"body-parser": "*",
"cors": "*",
"express": "*",
"jsonwebtoken": "*",
"mongoose": "*",
"morgan": "^1.10.0",
"passport": "*",
"passport-jwt": "*"
},
"devDependencies": {
"nodemon": "^2.0.7"
}
Is it a good or a bad practice to use them?
Share Improve this question edited Nov 16, 2021 at 5:20 Suraj Rao 29.6k11 gold badges95 silver badges104 bronze badges asked Nov 16, 2021 at 5:10 Tatyana MolchanovaTatyana Molchanova 1,6435 gold badges13 silver badges24 bronze badges 2- No it is not good practice. Why? new upgrade, your code relies on previous version. They change syntax and boom.... your code does not run. – epascarello Commented Nov 16, 2021 at 5:17
- One or more having breaking changes and its chaos – Suraj Rao Commented Nov 16, 2021 at 5:19
1 Answer
Reset to default 6Wildcard is a bad idea. It says load the latest version no matter what. Sounds like a good idea so you do not have to keep updating. It is great until they introduce breaking changes into the api.
If they update from v1.5 to v2.0 and they changed their api, your code that relies on 1.5 syntax will no longer work in v2.0 if it is not backwards patible. Do this with multiple packages and you have a huge mess on your hands.
Some people will allow the minor version to be wildcard, but most people lock it down and manually upgrade so it can be fully tested.
https://docs.npmjs./about-semantic-versioning