如何在 npm 中升级全局包的依赖项 [英] how to upgrade a dependency of a global package in npm
问题描述
我已经全局安装了 pouchdb-server 并且我收到了关于 graceful-fs 的消息:
I have installed globally pouchdb-server and I got this message about graceful-fs:
$ npm install -g pouchdb-server
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
正如消息所说,包将失败 node >7.0(我用的),所以我想知道如何进行升级.
As the message says, the package will failwith node > 7.0 (which I use), so I would like to know how to perform the upgrade.
如果我执行:
$ npm ls graceful-fs -g
我看到 graceful-fs 在几个全局包中使用,但只有一个旧版本在 `pouchdb-server:
I see that graceful-fs is used in several global packages, but the only one with the old version is in `pouchdb-server:
├─┬ pouchdb-server@1.2.1
│ ├─┬ couchdb-harness@0.1.6
│ │ └─┬ glob@3.1.21
│ │ └── graceful-fs@1.2.3
│ ├─┬ http-pouchdb@1.1.3
│ │ └─┬ pouchdb@5.4.5
│ │ └─┬ lie@3.0.4
│ │ └─┬ es3ify@0.2.2
│ │ └─┬ jstransform@11.0.3
│ │ └─┬ commoner@0.10.8
│ │ └── graceful-fs@4.1.11
│ ├─┬ pouchdb-adapter-node-websql@6.1.0
│ │ └─┬ websql@0.4.4
│ │ └─┬ sqlite3@3.1.8
│ │ └─┬ node-pre-gyp@0.6.31
│ │ ├─┬ tar@2.2.1
│ │ │ └─┬ fstream@1.0.10
│ │ │ └── graceful-fs@4.1.9
│ │ └─┬ tar-pack@3.3.0
│ │ └─┬ fstream@1.0.10
│ │ └── graceful-fs@4.1.9
│ └─┬ pouchdb-node@6.1.0
│ └─┬ leveldown@1.5.0
│ └─┬ prebuild@4.5.0
│ ├─┬ node-gyp@3.4.0
│ │ ├─┬ fstream@1.0.10
│ │ │ └── graceful-fs@4.1.11
│ │ └── graceful-fs@4.1.11
│ └─┬ node-ninja@1.0.2
│ └── graceful-fs@4.1.11
├─┬ webpack@1.13.1
│ ├─┬ enhanced-resolve@0.9.1
│ │ └── graceful-fs@4.1.4
│ └─┬ watchpack@0.2.9
│ └─┬ chokidar@1.5.1
│ └─┬ fsevents@1.0.12
│ └─┬ node-pre-gyp@0.6.25
│ └─┬ tar@2.2.1
│ └─┬ fstream@1.0.8
│ └── graceful-fs@4.1.3
我试过 npm update -g graceful-fs 但这不起作用,升级依赖于全局包的包的正确方法是什么?
I've tried npm update -g graceful-fs but this doesn't work, what is the proper way to uppgrade a package that is a dependency of a global package?
明确一点:我不想全局安装 graceful-fs 包;相反,我想升级 pouchdb-server 包使用的 graceful-fs 的安装.
Just to be clear: I don't want to globally install the graceful-fs package; rather, I want to upgrade the installation of graceful-fs that is used by the pouchdb-server package.
推荐答案
你不能自己修复这个,你需要要求包维护者升级他们的依赖项.
You cannot fix this yourself, you need to ask the package maintainer(s) to upgrade their dependencies.
你可以做的最好的事情是运行 npm update -g(又名 npm upgrade -g)以确保所有(全局、在这种情况下)包升级到其依赖项规范允许的最新版本的依赖项.在各自的 package.json 文件中.
The best you can do is to run npm update -g (a.k.a. npm upgrade -g) to ensure that all (global, in this case) packages are upgraded to the latest version of their dependencies as allowed by their dependency specs. in their respective package.json files.
除此之外,无法升级到依赖项中的更高版本号,除非相关包被自身修改为依赖(允许依赖)其依赖包的更新版本.
Beyond that, upgrading to higher version numbers among the dependencies cannot be done, unless the package(s) in question are themselves modified to depend (allow depending) on more recent versions of their dependent packages.
包设计者在依赖包中指定一个允许的范围版本号,由于semver(语义版本控制).
不幸的是,这意味着很长时间没有更新其依赖项的包有被 Node.js/npm 中的更改所淘汰的风险.
Package designers specify a permissible range of version numbers among dependent packages, and going outside that range is usually not safe due to the rules of semver (semantic versioning).
Unfortunately, that means that packages that haven't had their dependencies updated in a long time run the risk of being obsoleted by changes in Node.js/npm.
查看您的具体情况:
pouchdb-server 依赖于 "couchdb-harness": "*",它指定 any couchdb-harness 版本满足依赖关系(这是异常宽容的,可能以牺牲健壮性为代价).
pouchdb-server has a dependency on "couchdb-harness": "*", which specifies that that any couchdb-harness version satisfies the dependency (which is unusually permissive, possibly at the expense of robustness).
couchdb-harness 是问题,但是:它取决于 "glob": "~3.1.21",这意味着它不会安装和使用高于 3.1.x 的 glob 软件包版本 - 请参阅 关于 semver 版本规范的 npm 文档.
couchdb-harness is the problem, however: it depends on "glob": "~3.1.21", which means that it won't install and work with glob package versions higher than 3.1.x - see npm's docs on semver version specifications.
(最新的glob 3.x 包本身依赖于"minimatch": "~0.2.11",这就解释了其他警告,但是,如果 couchdb-harness 将其依赖项更新到 latest glob 版本,该警告就会消失.)
(The latest glob 3.x package itself depends on "minimatch": "~0.2.11", which explains the other warning, which, however, will go away if couchdb-harness updates its dependencies to the latest glob version.)
这篇关于如何在 npm 中升级全局包的依赖项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
