How can I specify the required Node.js version in package.json?

Question

I have a Node.js project that requires Node version 12 or higher. Is there a way to specify this in the packages.json file, so that the installer will automatically check and inform the users if they need to upgrade?

A similar way to Adam's response, also using node.version: stackoverflow.com/a/48691987/3032209 — Yair Kukielka, Commented Feb 8, 2018 at 18:08
Possible duplicate of How to enforce a specific node.js version to use? — cilap, Commented Feb 6, 2019 at 15:09
Question was already asked here: How to enforce a specific node.js version to use? — cilap, Commented Feb 6, 2019 at 15:09
I wonder if there is any tool that can automatically set this field to an appropriate value by inspecting API usage. — geekley, Commented Dec 5, 2019 at 5:00
NOTE: If using yarn version 2+, you will need to install the yarn engines plugin found here: github.com/devoto13/yarn-plugin-engines — Joshua Pinter, Commented Oct 26, 2021 at 16:41

Grandpa · Accepted Answer · 2023-09-03 13:51:37Z

984

You can set the engines field in your package.json and set requirements for either node or npm versions or both:

  "engines" : { 
    "npm" : ">=8.0.0 <9.0.0",
    "node" : ">=16.0.0 <17.0.0"
  }

To enforce this via npm you need to create an .npmrc file (and commit it to the repository) and set the engine-strict option to true, which will cause npm commands such as npm install to fail if the required engine versions to not match:

# .npmrc
engine-strict=true

Without that file, every developer will need to run npm config set engine-strict true in their local workspace to switch on this option.

Original Answer

As you're saying your code definitely won't work with any lower versions, you probably want the "engineStrict" flag too:

{ "engineStrict" : true }

Documentation for the package.json file can be found on the npmjs site

Update

engineStrict is now deprecated, so this will only give a warning. It's now down to the user to run npm config set engine-strict true if they want this.

Update 2

As ben pointed out below, creating a .npmrc file at the root of your project (the same level as your package.json file) with the text engine-strict=true will force an error during installation if the Node version is not compatible.

edited Sep 3, 2023 at 13:51

Grandpa

3,1731 gold badge27 silver badges36 bronze badges

answered Mar 30, 2015 at 15:09

IBam

11.4k1 gold badge26 silver badges36 bronze badges

23

github.com/npm/npm/blob/master/CHANGELOG.md#enginestrict "The rarely-used package.json option engineStrict has been deprecated for several months, producing warnings when it was used. Starting with npm@3, the value of the field is ignored, and engine violations will only produce warnings. If you, as a user, want strict engines field enforcement, just run npm config set engine-strict true"
– uxcxdx
Commented Dec 24, 2015 at 2:22
1

Remember to cd .. && npm i <folder-name> in order to check for the project itself. However, this will trigger a whole build in it self.
– mlunoe
Commented Jul 26, 2016 at 23:20
11

why on earth they deprecated that.. it looses all its meaning then
– vasilakisfil
Commented May 10, 2017 at 13:52
42

Adding engine-strict=true to your .npmrc now has the same effect
– ben
Commented Jun 13, 2018 at 5:23
4

@ben Perfect, thank you! And this can be committed so that at least your entire team is required to adhere to the engine version requirements.
– Joshua Pinter
Commented Aug 3, 2019 at 4:25

| Show 11 more comments

Samuel RIGAUD · Accepted Answer · 2024-03-05 12:05:39Z

356

Add the following to package.json:

"engines": {
  "npm": ">=8.0.0 <9.0.0",
  "node": ">=16.0.0 <17.0.0"
},

Add the following to .npmrc (same directory as package.json):

engine-strict=true

edited Mar 5 at 12:05

Samuel RIGAUD

1,48217 silver badges25 bronze badges

answered Jun 11, 2018 at 13:13

Mikel

6,1125 gold badges36 silver badges50 bronze badges

5

This is the easiest solution that gives the end user a nice fat error about not having the right version of node when they run npm install; works with yarn as well
– jcollum
Commented Jan 4, 2019 at 18:35
8

This seems to have no effect at all. I set up my package.json with an "engines" section similar to the above (11.13.0 and 6.7.0), and a .npmrc with nothing but content specified above. I had nvm switch me to an older node version, then ran npm install, but it just installs the dependencies and doesn't even mention the engine version mismatch.
– Adrian
Commented Apr 2, 2019 at 19:03
3

Adding engine-strict=true to your .npmrc file only enforces you to use the right engine when you install packages. It does not enforce anything for your end user. If you want your users to use the engines listed under the "engines: {}" property in your package.json when they install it, you should tell them to add engine-strict=true to their .npmrc file.
– chharvey
Commented Dec 27, 2020 at 15:34
3

@chharvey you could add to the package.json the script "preinstall": "echo 'engine-strict=true' >> .npmrc"
– Mikel
Commented May 5, 2021 at 17:21
engine-strict usage in .npmrc is currently not supported by direnv's .envrc github.com/direnv/direnv/wiki/Node (Found '.nvmrc' with version engine-strict=trueN/A: version "engine-strict=true -> N/A" is not yet installed.
– svandragt
Commented Aug 12, 2021 at 9:39

Add a comment |

Adam · Accepted Answer · 2019-03-11 08:23:32Z

Just like said Ibam, engineStrict is now deprecated. But I've found this solution:

check-version.js:

import semver from 'semver';
import { engines } from './package';

const version = engines.node;
if (!semver.satisfies(process.version, version)) {
  console.log(`Required node version ${version} not satisfied with current version ${process.version}.`);
  process.exit(1);
}

package.json:

{
  "name": "my package",
  "engines": {
    "node": ">=50.9" // intentionally so big version number
  },
  "scripts": {
    "requirements-check": "babel-node check-version.js",
    "postinstall": "npm run requirements-check"
  }
}

Find out more here: https://medium.com/@adambisek/how-to-check-minimum-required-node-js-version-4a78a8855a0f#.3oslqmig4

.nvmrc

And one more thing. A dotfile '.nvmrc' can be used for requiring specific node version - https://github.com/creationix/nvm#nvmrc

But, it is only respected by npm scripts (and yarn scripts).

This is the best answer in 2019, in light of set engine deprecation and the reality that many are (likely) encountering this due to switching versions with nvm. — craft, Commented Jan 29, 2019 at 2:19

Ciro Santilli OurBigBook.com · Accepted Answer · 2022-03-17 08:57:35Z

69

.nvmrc

If you are using NVM like this, which you likely should, then you can indicate the nodejs version required for given project in a git-tracked .nvmrc file:

node --version > .nvmrc

or:

echo v10.15.1 > .nvmrc

This does not take effect automatically on cd, which is sane: the user must then do a:

nvm use

and now that version of node will be used for the current shell.

You can list the versions of node that you have with:

nvm list

.nvmrc is documented at: https://github.com/creationix/nvm/tree/02997b0753f66c9790c6016ed022ed2072c22603#nvmrc

How to automatically select that node version on cd was asked at: Automatically switch to correct version of Node based on project

Tested with NVM 0.33.11.

.nvmrc vs package.json engines

What you might want to do is:

use engines in package.json to give a "no known incompatibilities range"
give the .nvmrc to set a "tested with"

much like package.json vs package-lock.json.

Heroku does respect package.json engines:

Worth mentioning, as documented here, Heroku does play it nice and obey the engines: entry e.g.:

  "engines": {
    "node": "14.17.0",
    "npm": "6.14.13"
  },

So you should Always, Always set that to what you are using locally.

This had been previously mentioned on this self deleted answer to this thread.

edited Mar 17, 2022 at 8:57

answered Feb 3, 2019 at 21:17

Ciro Santilli OurBigBook.com

370k114 gold badges1.3k silver badges1k bronze badges

nvm use doesn't pick up .nvmrc for nvm version 1.1.7
– Aakash Verma
Commented Jan 7, 2021 at 20:58
@AakashVerma hmmm, on a quick look nvm only goes to version 0.37.2, and nvmrc is still documented on master: github.com/nvm-sh/nvm/tree/… let me know if you figure it out.
– Ciro Santilli OurBigBook.com
Commented Jan 7, 2021 at 23:55
2

@AakashVerma I'm guessing you're using github.com/coreybutler/nvm-windows/releases As mentioned on their README "The original nvm is a completely separate project for Mac/Linux only. This project uses an entirely different philosophy and is not just a clone of nvm" so it's not surprising. Consider opening a feature request on their tracker.
– Ciro Santilli OurBigBook.com
Commented Jan 8, 2021 at 8:43
2

Seems there's a recent PR waiting for this github.com/coreybutler/nvm-windows/pull/594
– Aakash Verma
Commented Jan 8, 2021 at 14:47

Add a comment |

vnglst · Accepted Answer · 2018-02-11 13:45:43Z

19

There's another, simpler way to do this:

npm install Node@8 (saves Node 8 as dependency in package.json)
Your app will run using Node 8 for anyone - even Yarn users!

This works because node is just a package that ships node as its package binary. It just includes as node_module/.bin which means it only makes node available to package scripts. Not main shell.

See discussion on Twitter here: https://twitter.com/housecor/status/962347301456015360

answered Feb 11, 2018 at 13:45

vnglst

6425 silver badges11 bronze badges

7

I disagree, this would potentially hide the issue and would sideload a different version of node if it wasn't installed.
– Brendan Hannemann
Commented Mar 14, 2018 at 17:44
4

Sounds like a great idea to me. Separate node versions for separate projects. Can safely upgrade one without upgrading the others. Only catch is have to run in .bin ./node node-sass rather than just node-sass. Not sure if same for all .bin files.
– Jon
Commented Aug 10, 2018 at 5:56
4

This is a simple and elegant solution - as long as the team members working on the product know this is happening, I think it's a great answer. We are using this technique at a large company to deal with the variety of Node versions for a dozen web front-end products. Removes the need for constant switching with nvm when going back and forth between products.
– Nathan Bedford
Commented Sep 29, 2019 at 14:53
5

This solution has its own pros and cons. Node version encapsulation is potentially its biggest pro. The downside is bloated docker image size if you are going to deploy it this way.
– ivosh
Commented Oct 2, 2019 at 17:59
1

Am I misunderstanding something but, couldn't this be installed as a 'dev' dependency, so npm I -D Node@8, I'm guessing it wouldn't (shouldn't) then be bundled into a Docker image (or executable), which would simply provide it's own NodeJS runtime, right?
– Big Rich
Commented Apr 13, 2022 at 16:23

| Show 2 more comments

leonbloy · Accepted Answer · 2022-07-19 11:52:42Z

Here's my complete ready-to-use script, based on Adam's answer.

check-version.js :

/* eslint-disable no-console */
const fs = require('fs');
const semver = require('semver');
const childProcess = require('child_process');

// checks that current node and npm versions satisfies requirements in package.json
// to run manually:   node check-version.js [verbose]

const VERBOSE_FORCED = false;    
const args = process.argv.slice(2);
const VERBOSE = VERBOSE_FORCED || (args.length > 0 && args[0] === 'verbose');

const printErrAndExit = (x) => {
  console.error(x);
  console.error('Aborting');
  process.exit(1);
};

const checkNpmVersion = (npmVersionRequired) => {
  if (!npmVersionRequired) {
    console.log('No required npm version specified');
    return;
  }
  const npmVersion = `${childProcess.execSync('npm -v')}`.trim();
  if (VERBOSE) console.log(`npm required: '${npmVersionRequired}' - current: '${npmVersion}'`);
  if (!semver.satisfies(npmVersion, npmVersionRequired)) {
    printErrAndExit(`Required npm version '${npmVersionRequired}' not satisfied. Current: '${npmVersion}'.`);
  }
};

const checkNodeVersion = (nodeVersionRequired) => {
  if (!nodeVersionRequired) {
    console.log('No required node version specified');
    return;
  }
  const nodeVersion = process.version;
  if (VERBOSE) console.log(`node required: '${nodeVersionRequired}' - current: '${nodeVersion}'`);
  if (!semver.satisfies(nodeVersion, nodeVersionRequired)) {
    printErrAndExit(`Required node version '${nodeVersionRequired}' not satisfied. Current: '${nodeVersion}'.`);
  }
};

const json = JSON.parse(fs.readFileSync('./package.json'));
if (!json.engines) printErrAndExit('no engines entry in package json?');
checkNodeVersion(json.engines.node);
checkNpmVersion(json.engines.npm);

It should be placed in the root project directory.

It checks node and/or npm version, as specified in package.json (engines entry), eg

  "engines": {
    "node": ">=16.0.0 <17.0.0",
    "npm": ">=8.0.0 <9.0.0"
  },

You can invoke it manually as

node check-version.js [verbose]

or include it as script inside package json, either as standalone script or as a prerequisite for other scripts, eg

"scripts" : {
  "start": "node check-version.js && vite",
  "build": "node check-version.js && vite build",
  "lint": "node check-version.js && eslint .",
  "check-version": "node check-version.js verbose"
},

but this cannot prevent user running npm install right?
– zhuhang.jasper
Commented Mar 21 at 3:25 — zhuhang.jasper, Commented Mar 21 at 3:25

sai reddy · Accepted Answer · 2024-05-31 08:31:57Z

1

"engines": {
    "node": ">=20.0.0"
  }

answered May 31 at 8:31

sai reddy

991 silver badge5 bronze badges

Add a comment |

Jamie Nicholl-Shelley · Accepted Answer · 2019-04-11 08:53:01Z

-1

A Mocha test case example:

describe('Check version of node', function () {
    it('Should test version assert', async function () {

            var version = process.version;
            var check = parseFloat(version.substr(1,version.length)) > 12.0;
            console.log("version: "+version);
            console.log("check: " +check);         
            assert.equal(check, true);
    });});

answered Apr 11, 2019 at 8:53

Jamie Nicholl-Shelley

6031 gold badge10 silver badges27 bronze badges

1

Should not be a unit test, use package.json /dotfiles
– Ben G
Commented Dec 10, 2019 at 6:36
2

But whhhhhhhy, a unit test is designed for this >.-
– Jamie Nicholl-Shelley
Commented Mar 31, 2020 at 13:21
1

Because you need Node to run a unit test. If the node version present is too outdated, the tests will simply not run or they'll fail with syntax error or smth. similar, which defeats the point of unit testing. It's like hiding a password reset form behind an authorization form. If you can't remember the password, you need to use reset password function, but now you can't use it, because you don't remember the password.
– ankhzet
Commented Jun 15, 2020 at 8:34
My assumption being there is at least a minimal packages installed. why else enforce a specific one.
– Jamie Nicholl-Shelley
Commented Mar 20, 2021 at 16:40
1

As a number of node runtimes grows (deno.js, bun.js, ts-node etc.) this "unit" test becomes even more useless =D And again, OP asked about a fail-safe for an installer. Tests are run after an installation already completed, at best. You have a chicken and an egg problem here.
– ankhzet
Commented Aug 21, 2022 at 3:48

| Show 8 more comments

Collectives™ on Stack Overflow

How can I specify the required Node.js version in package.json?

8 Answers 8

Original Answer

Not the answer you're looking for? Browse other questions tagged
node.js
npm
package
version
or ask your own question.

Linked

Hot Network Questions

Collectives™ on Stack Overflow

8 Answers 8

Original Answer

Not the answer you're looking for? Browse other questions tagged node.jsnpmpackageversion or ask your own question.

Linked

Related

Not the answer you're looking for? Browse other questions tagged
node.js
npm
package
version
or ask your own question.