Fail on start, or automatically update, when node_modules is out of date with package.json.

Question

Fail on start, or automatically update, when node_modules is out of date with package.json.

threehams opened this issue 8 years ago · 4 comments

Todd and I were talking about this - I spend a lot of time looking at bugs that are fixed in the package.json version of a dependency, but still happen in the stale version in node_modules. This only affects local environments.

On start, can we check the installed packages against package.json and either update automatically or (Rails-style) show an error that npm install is needed to update before starting?

Answer 1 · 2017-06-28T19:15:00.000Z

I'm looking through the code and it looks like this is already implemented (https://github.com/TrueCar/gluestick/tree/next/packages/gluestick/src/commands/autoUpgrade). Is that correct? If so, what needs to be done?

Answer 2 · 2017-06-28T20:15:21.000Z

Hm.

@toddw What do you think? Gluestick <1 would prompt, and it was... really annoying. A lot of times I'd start up the server, then wondering what was taking so long.

If it failed with an error, but it took multiple seconds, it could have the same issue as the prompt.

Automatically updating could be the most seamless, but would it possibly be a destructive action?

Answer 3 · 2017-06-28T20:35:44.000Z

@vdibs I believe it checks for dependencies that are out of sync between an app and GlueStick dependencies that are shared like react. However, this ticket is talking about the difference between what the package.json file has and what was installed. For example, if my project uses draft-js version 0.10.1 and my package.json has:

…,
"draft-js": "0.10.1"
…,

but the last time I ran npm install my package.json file had:

…,
"draft-js": "0.9.3"
…,

The version of draft-js in the node_modules folder is going to continue to be the 0.9.3 version until I run npm install again, even though my package.json file was updated. The way that I believe we can solve this is to check the node_modules folder to make sure the version specified in package.json is the version installed into the local node_modules folder.

So you would iterate over the dependencies object loaded out of package.json, loop through each dependencies, go into the node_modules/package-name/package.json and look at the version property of that json data. If it does not match then we throw an error suggesting the user run npm install.

Answer 4 · 2017-06-30T22:25:23.000Z

@toddw and @threehams - This is the output I have so far for out-of-date, missing, and up-to-date modules. Would either of you prefer different output, info, format, etc.?