为什么`npm install` 在版本号中添加/删除插入符号(^)? [英] Why does `npm install` add / remove caret (^) to / from version numbers?

问题描述

我有一个项目，我使用两台不同的笔记本电脑进行工作.有时我会在我的项目中添加额外的包，所以我必须使用 npm install (duh).当我这样做时，我 git push 上传新的 package.json 和 package-lock.json 文件，当我切换计算机时，我有git pull 那些更改，然后再次运行 npm install 将该包安装到另一台计算机上.

I have a project that I work on with two different laptops. Sometimes I add extra packages to my project, so I have to use npm install <package-name> (duh). When I do that, I git push up the new package.json and package-lock.json files, and when I switch computers I have to git pull those changes, then run npm install again to get that package onto the other computer.

我最近注意到并开始关心一台笔记本电脑不断在每个软件包版本号的开头添加插入符号 (^).例如:

I recently noticed and started caring that one laptop kept adding carets (^) to the beginning of every package version number. For example:

一台计算机将软件包版本#s 设置为如下所示:

One computer set package version #s to look like this:

"regexpu-core": {
  "version": "1.0.0",
  "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-1.0.0.tgz",
  "integrity": "sha1-hqdj9Y7k18L2sQLkdkBQ3n7ZDGs=",
  "requires": {
    "regenerate": "1.4.0",
    "regjsgen": "0.2.0",
    "regjsparser": "0.1.5"
  }
},

另一个设置包版本#s看起来像这样:

The other set package version #s to look like this:

"regexpu-core": {
  "version": "1.0.0",
  "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-1.0.0.tgz",
  "integrity": "sha1-hqdj9Y7k18L2sQLkdkBQ3n7ZDGs=",
  "requires": {
    "regenerate": "^1.2.1",
    "regjsgen": "^0.2.0",
    "regjsparser": "^0.1.4"
  }
},

我知道插入符号 (^) 表示版本不是 100% 精确，但我想弄清楚为什么我的不同笔记本电脑为包创建了不同的格式版本！我检查了 this SO question，其中有一些~ 和 ^ 之间差异的很好解释，但我没有找到任何解释为什么 npm 有时会添加有时会删除插入符号(<代码>^).我还查看了 Github 上的这个 npm 问题，建议查看 npm 配置设置，但我的两台笔记本电脑都有相同的设置:

I understand that carets (^) mean the version is not 100% precise, but I'm trying to figure out WHY my different laptops create different formats for package versions! I checked this SO question which has some great explanations for the differences between ~ and ^, but I didn't find anything explaining why npm would sometimes add and sometimes remove carets (^) altogether. I also looked at this npm issue on Github which recommended looking at npm config settings, but both of my laptops have the same settings:

• npm config get save = true(两台电脑)
• npm config get save-prefix = ^(两台电脑)
• npm config get save-exact = false(两台电脑)

• npm config get save = true (both computers)
• npm config get save-prefix = ^ (both computers)
• npm config get save-exact = false (both computers)

一台笔记本电脑正在运行 npm 版本 5.6.0，但我刚刚将其更新为 6.5.0.另一台计算机运行的是 6.4.1 版本，但我也将其更新为 6.5.0.我尝试在两台计算机上的项目中运行 npm install，但我仍然发现一台计算机总是删除 ^ 而另一台总是添加 ^.

One laptop was running npm version 5.6.0, but I just updated it to 6.5.0. The other computer was running version 6.4.1, but I also updated it to 6.5.0. I tried running npm install in my project on both computers, but still I find that one computer always removes ^ and the other always adds ^.

如果我遗漏了什么，请告诉我.感谢您的帮助！

Please let me know if there's something I'm missing. Thanks for any help!

推荐答案

根据 issue #20434 这是通过设计使用 npm >=6.0.0 发生的.

According to the discussion in issue #20434 this occurs by design using npm >=6.0.0.

为什么会发生这种情况?@rakins 在 此评论.为方便起见，下面引用了他的评论(逐字):

Why does this happen? @rarkins elaborately explains the reasoning for why this happens (and it’s advantages) in this comment. For convenience his comment is quoted below (verbatim):

假设您使用依赖项aaa"、bbb"和ccc"的固定版本.假设他们每个人都像这样依赖zzz":

• aaa 依赖 zzz@^1.0.0
• bbb 依赖 zzz@^1.1.0
• ccc 依赖 zzz@^1.0.1

即所有这三个都取决于 zzz 的范围，而不是确切的版本.

假设 zzz 的最新版本是 1.5.0.

在这个改动前后，很明显zzz的解析版本应该是1.5.0，所以唯一的区别是package-lock.json的结构和记录此子依赖项.

Both before and after this change, it's pretty obvious that the resolved version of zzz should be 1.5.0, so the only difference is how the package-lock.json is structured and documents this sub-dependency.

之前锁文件会显示三个都依赖zzz@1.5.0，z的解析版本是1.5.0.

现在，它记录了实际的原始"文件.每个依赖项的依赖项版本(例如 ^1.0.0、^1.1.0 等)，但仍将 z 的解析版本显示为 1.5.0.

然后考虑当 zzz@1.5.1 发布时会发生什么:

之前，锁文件需要在所有四个地方从 z@1.5.0 更新到 z@1.5.1.

现在，锁文件只需要将z的解析版本更新为1.5.1，而依赖项可以保留^1.0.0、^1.1.0和^1.0.1，因为它们没有改变了.

正如我之前在线程中提到的，在这两种情况下您仍然会获得完全相同的 node_modules.新方法的优点是:

1. 您可以看到依赖项实际需要什么(例如范围，而不是确切版本).之前，您无法判断 aaa 是否确实需要 zzz@1.5.0 或改为 zzz@^1.0.0.

锁定文件中没有更改四行，而是只有一行.流失更少，更清楚发生了什么.

顺便说一句，yarn 使用与 yarn.lock 类似的概念.例如这是一个 @sindresorhus/is 被固定的例子，但它的子依赖符号可观察不是:

As an aside, yarn uses a similar concept with yarn.lock. e.g. here's an example where @sindresorhus/is is pinned, but it's sub-dependency symbol-observable is not:

"@sindresorhus/is@0.10.0":
 version "0.10.0"
 resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.10.0.tgz#f42dd6a9d12cd79fa6f53b27cf5bea3a30d2cafa"
 dependencies:
   symbol-observable "^1.2.0"

---

原答案:

在你 git pull 修改后的 package.json 和 package-lock.json 到第二台计算机后，尝试删除 node_modules 目录，然后再次安装软件包.

After you git pull the revised package.json and package-lock.json onto computer two try deleting the node_modules directory before installing the packages again.

例如:

1. 首先cd到你在电脑2上的项目目录.

1. Firstly cd to your project directory on computer 2.

运行以下命令删除现有的 node_modules 目录:rm -rf node_modules.

Delete the existing node_modules directory by running: rm -rf node_modules.

然后运行:npm install

或者您可以使用 && 运算符链接上述两个命令:

Or you can chain the two aforementioned commands using the && operator:

rm -rf node_modules && npm install

这篇关于为什么`npm install` 在版本号中添加/删除插入符号(^)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！