How Does npm --save Decide Which Version and SemVer Options?

Question

If I type the following into my computer

$ echo '{}' > package.json
$ npm install pug --save

and then look at my package.json, I'll see that npm added a dependency for me.

#File: package.json
{
    "dependencies": {
        "pug": "^2.0.0-rc.1"
    }
}

Sweet! However -- how does npm decide to grab version 2.0.0-rc.1? And how does npm decide to use the ^ SemVer version modifier?

As a user of npm can I configure or tell it to use a different SemVer modifier and/or download a different version? (both a specific version and/or something like "latest stable")

As an npm package maintainer, can I specify that npm's default behavior should be something other than "grab the latest version and slap a ^ on there"?

https://github.com/npm/npm/blob/d46015256941ddfff1463338e3e2f8f77624a1ff/lib/install/save.js#L143 — SLaks, May 11 '17 at 16:24
Useful docs, +1 both, thank you. However, (unless I'm missing something) they don't clearly address the different contexts in my questions. — Alana Storm, May 11 '17 at 16:29

igloczek · Accepted Answer · 2017-05-11T19:28:50.643

npm takes the latest tag publicly available and ^ is the default, you can use save-prefix to change it locally.

To a get specific version use @version after package name i.e. npm install pug@0.1.0. Something like composer's minimum-stability doesn't exist in npm world.

As a maintainer, you can't do anything, except keeping SemVer and writeing good code :)

But at all package.json is just a JSON, you can simply modify them, without using any CLI commands and define whatever you need.

How Does npm --save Decide Which Version and SemVer Options?

1 Answers1

Linked