What is the practical difference between npm install and npm update? When should I use which?
asked Sep 18, 2012 at 14:07
-
None of these answers are as comprehensive as this article: medium.com/@mubeennaeem247/…– Daniel KaplanCommented Jul 3 at 23:54
Add a comment
|
6 Answers
The difference between npm install and npm update handling of package versions specified in package.json:
{
"name": "my-project",
"version": "1.0", // install update
"dependencies": { // ------------------
"already-installed-versionless-module": "*", // ignores "1.0" -> "1.1"
"already-installed-semver-module": "^1.4.3" // ignores "1.4.3" -> "1.5.2"
"already-installed-versioned-module": "3.4.1" // ignores ignores
"not-yet-installed-versionless-module": "*", // installs installs
"not-yet-installed-semver-module": "^4.2.1" // installs installs
"not-yet-installed-versioned-module": "2.7.8" // installs installs
}
}
Summary: The only big difference is that an already installed module with fuzzy versioning ...
- gets ignored by
npm install - gets updated by
npm update
Additionally: install and update by default handle devDependencies differently
npm installwill install/update devDependencies unless--productionflag is addednpm updatewill ignore devDependencies unless--devflag is added
Why use npm install at all?
Because npm install does more when you look besides handling your dependencies in package.json.
As you can see in npm install you can ...
- manually install node-modules
- set them as global (which puts them in the shell's
PATH) usingnpm install -g <name> - install certain versions described by git tags
- install from a git url
- force a reinstall with
--force
-
23
-
6what if the version is like ^5.0.9? And is it possible to make
npm install --save somePackagesave the * to dependencies?– KwiZCommented Apr 7, 2015 at 12:13 -
7I'd also note that scripts like
postinstallrun on install, but not on update. Commented Jun 23, 2016 at 3:45 -
3@BoyanKushlev I think you mean minor and patch/bugfix, not major and minor. Major is 1 for all your examples.– jdelmanCommented Feb 8, 2018 at 19:37
-
3In what way does
npm updateignore devDependencies? I don't know if that has changed since written or not, but when I runnpm updateon a fresh folder that has no node_modules at all, it does install those defined in the "devDependencies" section of package.json, without supplying a--devflag.– Ken LyonCommented Oct 29, 2018 at 19:26
npm install installs all modules that are listed on package.json file and their dependencies.
npm update updates all packages in the node_modules directory and their dependencies.
npm install express installs only the express module and its dependencies.
npm update express updates express module (starting with [email protected], it doesn't update its dependencies).
So updates are for when you already have the module and wish to get the new version.
-
7if you don't specify a particular version in a package.json file, npm install will get the latest version of a module. So this a kind of an update.– saeedCommented Sep 18, 2012 at 20:44
-
18So what should I use,
npm installornpm update? Or, in other words, I am now usingnpm installand it seems to do the updating as well, is there any reason why should I ever usenpm update? Commented Sep 18, 2012 at 21:58 -
4So
updatewill always update to the latest version, regardless of package.json, whileinstallwill respect the version given in package.json? Commented Sep 18, 2012 at 22:44 -
2
updateinstalls (or updates to) latest version of module.installinstalls latest version of module if its not presented otherwise keeps current version.– tenphiCommented Mar 13, 2014 at 9:34 -
16@Borek
npm updatewill update to the latest version based on your package.json, not regardless of it. If you have "express": "3.x" and you are on version 3.1.0, it will update to the latest 3.x tag. If there is a 4.x version, it will not install the latest.– gcochardCommented Apr 9, 2014 at 21:28
In most cases, this will install the latest version of the module published on npm.
npm install express --save
or better to upgrade module to latest version use:
npm install express@latest --save --force
--save: Package will appear in your dependencies.
More info: npm-install
-
12
npm install express@latest --save --forcewas exactly what I wanted. Commented Feb 14, 2014 at 0:28 -
5
npm update: install and update with latest node modules which are in package.json
npm install: install node modules which are defined in package.json(without update)
-
Using npm version 6.9.0 I observe the following behavior:
npm updatewill omit a large number of dependencies inpackage-lock.json. To have all required packages available andpackage-lock.jsonto be correct, I always have to executenpm installright afternpm update.– ManfredCommented Apr 23, 2019 at 3:24
Many distinctions have already been mentioned. Here is one more:
Running npm install at the top of your source directory will run various scripts: prepublish, preinstall, install, postinstall. Depending on what these scripts do, a npm install may do considerably more work than just installing dependencies.
I've just had a use case where prepublish would call make and the Makefile was designed to fetch dependencies if the package.json got updated. Calling npm install from within the Makefile would have lead to an infinite recursion, while calling npm update worked just fine, installing all dependencies so that the build could proceed even if make was called directly.
-
1One implication is that if you updated, for instance, your
redismodule, andother_modulerequires an older version ofredis,npm install other_modulewill guarantee thatother_modulewill use the older version. It may addother_module/node_modules/redisif necessary.– jlukantaCommented Apr 6, 2016 at 19:26
npm update also installs the latest version of a package regardless of the checksum saved in package-lock.json. When depending on private repos the saved checksum can break so that npm install throws a mismatch error. npm update will ignore the checksum and install the latest version specified in package.json.
The error can look something like this:
npm WARN tarball tarball data for repo@git+ssh://[email protected]/company/repo.git#b2d8280dfb292c13c614352adra910f298a2a771 (sha512-36mxm1NMCHisdfsdfsdfsdsdf3NtFvwpzpjCEZfQTXmoi04B3qVrsTs1tnsdsdfsdfZNIK8lbEGVRVKcDX5u9pY7B==) seems to be corrupted. Trying again.
npm ERR! code EINTEGRITY
