> I believe you should be guarded from any surprise patches As far as I know, NP... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

Aeolun on Jan 10, 2022 | parent | context | favorite | on: Dev corrupts NPM libs 'colors' and 'faker', breaki...

> I believe you should be guarded from any surprise patches

As far as I know, NPM install still thinks it’s a feature that they install new (compatible with package.json, but not with lockfile) versions.

knute on Jan 10, 2022 [–]

Which is why you only use `npm install` for development, and `npm ci` for production.

Sharparam on Jan 11, 2022 | [–]

No, updating versions should require an explicit `update` command of some sort. The NPM commands should really just be renamed:

- `npm install` should be renamed to `npm upgrade`

- `npm ci` should be renamed to `npm install`

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact