How to override nested NPM dependency versions?
Last Updated :
03 Apr, 2024
In projects the packages download and used using npm are called dependency and each dependencies can have their own nested dependencies that also gets downloaded. These nested dependency creates conflicts due to the presence of multiple version of the same dependency. This will lead to issues like compatibility, security vulnerabilities, and unexpected behavior.
To solve that we got multiple ways such as overrides property in package.json file, npm-force-resolutions, npm dedupe, npm-check-updates or yarn-upgrade-all.
Manual override in package.json
In the package.json file the overrides property can be used to add key value pair of dependency and its versions. The package name will be key and the value will be the version. Nesting of dependency as key is used for deeper nested dependency. After adding overrides property install or update the packages to apply the changes.
Syntax:
{
"overrides": {
"<dependency_name>": {
"<nested_dependency_name>": "<exact_version_or_range>"
}
}
}- dependency_name: It's the main dependency who's nested dependency you want to change.
- nested_dependency_name: This will be the name of the nested dependency that we want to target.
- exact_version_or_range: You can provide exact version or a range of version of the dependency to override.
Utilizing npm's npm-force-resolutions
You can install npm-force-resolutions package to force installation of a specific version of the dependency. Follow the steps to install and use this:
Step 1: Install npm-force-resolutions as a dev dependencies using the following command:
npm install npm-force-resolutions --save-dev
Step 2: Add resolutions to package.json with the dependency name and version that you want to change.
{
"resolutions": {
"<dependency_name>": "<version>" // Replace with the dependency and desired version
}
}Step 3: Add npm-force-resolutions to the preinstall script. This script runs npm-force-resolutions before every npm install command and modifies the package-lock.json file to reflect the forced version.
"scripts": {
"preinstall": "npx npm-force-resolutions"
}Step 4: Use the npm install command for installing the required dependency.
npm install
Step 5: To verify the installation worked and the right version is installed run the following command.
npm ls <dependency_name>
Using npm dedupe(deduplicate)
The npm dedupe command used for analyzing and making the project's dependency tree much shorter by removing unnecessary copies of packages within your project's dependency tree. It searches for shared dependencies which are packages used by multiple packages in your project and then attempts to move them higher in the tree thus reducing disk space and improving efficiency in some cases.
You need not required to install anything as this dedupe is a native command of npm. Now the steps to use it is as follows:
Step 1: The terminal should be opened in your project root where package.json file is there. Use the cd command to navigate to the required directory.
cd <path>
Step 2: Run npm dedupe to analyze your dependency tree and removing unnecessary copies of packages.
npm dedupe
Automation with npm-check-updates or yarn-upgrade-all
You also have npm-check-updates or yarn-upgrade-all commands that helps you to automate dependency updates, but they does not always handle nested dependency conflicts perfectly. Depending upon the package you are using you can automatically update all your project dependency to the latest versions.
npm users
Step 1: Use the following command to install the npm-check-updates package.
npm install -g npm-check-updates
Step 2: Use the the npm-check-updates or ncu command to check the list of possible updates.
ncu
Step 3: Use the u flag along with the ncu command to upgrade the version in the package.json file. This only changes the package.json file not install it.
ncu -u
Step 4: Install the required changes using the install command of npm.
npm install
yarn users
Step 1: Install the yarn-upgrade-all package as a dev dependency using the following command.
yarn add --dev yarn-upgrade-all
Step 2: Now run the following command to update all the dependencies present in your package.json file.
yarn yarn-upgrade-all
Testing and documentation for changes
Testing
The various things to consider for testing the project for changes are:
- Backup: You must always create a complete project backup before overriding dependencies. This allows you to revert if necessary.
- Testing of specific dependency: Check the part of project that uses on the overridden dependencies.
- Version Checks: Make sure that the overridden versions are compatible with other project dependencies and your overall application requirements.
- Test in Different Environments: In Different environments such development or production, your project must be tested to catch any environment-specific issues.
Documentation
The various things to consider for documentation of the changes to the project and dependencies are:
- Document the Dependencies: Clearly document the overridden versions of nested dependencies and the reasoning behind it.
- Update every Information: Every time the package.json gets updated document the whole file by copying or copying only the specific changes.
- Document Testing Results: Record the results of your tests which can be any issues encountered after overriding dependencies or the project behaviours after the overrides.
Best practices for management
- Try for better Compatibility: Whenever possible try to choose dependency versions that work well together to minimize the need for overrides.
- Check for Security risks: If you dependencies or any nested dependencies have security vulnerability make sure you update or override it to a secure version.
- Use Exact Versions: For dependencies with lack of compatible version keep track and use an exact versions that works with other dependency so that you can avoid unexpected or breaking changes in future updates.
- Documentation: Try to document the working versions and changes made in the package.json file or any other file with respective to the dependency version. Also try to explain the reasons for overrides or other methods used for version changes.
- Automation is not perfect: If you are using automation tools like npm-check-updates or yarn-upgrade-all then carefully test you project after the automated updates as they might not always handle nested dependencies perfectly.
Similar Reads
How to Find the Version of Installed NPM Package?
Knowing the version of NPM installed on your system is important especially when working with specific versions of Node JS or when troubleshooting issues. This article provides instructions to check the version of NPM installed on your system.Prerequisites:Node JS Command Line InterfaceSteps To Find
1 min read
How to install the previous version of Node and npm?
Installing a specific version of Node.js and npm can be essential for compatibility reasons or to work with legacy projects. In this guide, we’ll go through the steps to install an older version of Node.js and npm on your system.What is NodeJS?Node is a JavaScript runtime(server-side) built on the V
3 min read
How to Install Specific NPM Version ?
Node Package Manager (npm) is the default package manager for Node.js and is crucial for managing JavaScript libraries and frameworks. Sometimes, you may need to install a specific version of npm to ensure compatibility with certain projects, scripts, or tools. This article explains how to install a
2 min read
How to update all Node.js dependencies to their latest version ?
To update all Node.js dependencies to their latest versions, you can use the npm (Node Package Manager) command-line tool. First, navigate to your project's root directory. Then, run the following command to update all dependencies: npx npm-check-updates -unpm installHow Packages Become Dependencies
2 min read
How to use NPM Trends to Pick a Javascript Dependency?
Choosing the right JavaScript dependency for your project can be daunting, given the vast number of available packages. npm trends is a valuable tool that helps developers compare the popularity and usage of npm packages over time. By analyzing download statistics, developers can make more informed
3 min read
How to Define the Required Node.js Version in package.json?
Like the other project dependencies we can also define the node js version for a project. As we know that node is javascript runtime so it will not be contained by the normal dependencies. It ensures that the project should run and install only the compaitible node and npm version.ApproachThe define
3 min read
How to Check NPM Version?
Node Package Manager (npm) is an essential tool for managing JavaScript projects. Whether you're working on a simple script or a large application, knowing your npm version is important for ensuring compatibility and troubleshooting issues. How to Check NPM Version?To check your npm version, you can
3 min read
How To Install Specified Directory Using NPM?
To install a specified directory using npm, you can use npm’s ability to install local modules directly from a directory on your machine. This is particularly useful when you're working with custom packages, private modules, or developing a project across multiple repositories and need to share a mo
3 min read
How to add a non-npm dependency to package.json?
One of the great features of the npm ecosystem is the ability to install and manage packages from the npm registry. These dependencies are listed in the "dependencies" section of the project's package.json file. Â However, sometimes you may need to use a dependency that isn't available through npm, s
5 min read
How to Upgrade NPM Dependencies?
Upgrading NPM dependencies is important to ensure your NodeJS project is updated with the latest features, bug fixes, and security patches This process guarantees compatibility with modern JavaScript environments and increases performance and stability for your projects.NPM (Node Package Manager) is
3 min read