3

I passed one learning course on Node.js and Angular. And the teacher there used in package.json

A lot of asterisks instead of specific versions of libs.

"dependencies": { "bcrypt": "*", "bcryptjs": "^2.4.3", "body-parser": "*", "cors": "*", "express": "*", "jsonwebtoken": "*", "mongoose": "*", "morgan": "^1.10.0", "passport": "*", "passport-jwt": "*" }, "devDependencies": { "nodemon": "^2.0.7" }

Is it a good or a bad practice to use them?

Improve this question
2
  • No it is not good practice. Why? new upgrade, your code relies on previous version. They change syntax and boom.... your code does not run. Commented Nov 16, 2021 at 5:17
  • One or more having breaking changes and its chaos Commented Nov 16, 2021 at 5:19

1 Answer 1

Reset to default
6

Wildcard is a bad idea. It says load the latest version no matter what. Sounds like a good idea so you do not have to keep updating. It is great until they introduce breaking changes into the api.

If they update from v1.5 to v2.0 and they changed their api, your code that relies on 1.5 syntax will no longer work in v2.0 if it is not backwards compatible. Do this with multiple packages and you have a huge mess on your hands.

Some people will allow the minor version to be wildcard, but most people lock it down and manually upgrade so it can be fully tested.

https://docs.npmjs.com/about-semantic-versioning

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.