发表新帖
发表新帖

How do I override nested NPM dependency versions?

前端 未结
关注
6 1199
[愿得一人]
[愿得一人] 2020-11-22 13:51

I would like to use the grunt-contrib-jasmine NPM package. It has various dependencies. Part of the dependency graph looks like this:

─┬ grunt-c
6条回答
  • 执笔经年
    执笔经年 (楼主)
    2020-11-22 14:35

    I had an issue where one of the nested dependency had an npm audit vulnerability, but I still wanted to maintain the parent dependency version. the npm shrinkwrap solution didn't work for me, so what I did to override the nested dependency version:

    1. Remove the nested dependency under the 'requires' section in package-lock.json
    2. Add the updated dependency under DevDependencies in package.json, so that modules that require it will still be able to access it.
    3. npm i

    0 讨论(0)
 看不清?
提交回复
热议问题