选择命令行版本:
🌐 Synopsis
npm update [<pkg>...]aliases: up, upgrade, udpate
🌐 Description
此命令将把列出的所有软件包更新到最新版本(由 tag 配置 指定),同时遵守你软件包及其依赖的语义化版本约束(如果它们也需要相同的软件包)。
🌐 This command will update all the packages listed to the latest version (specified by the tag config), respecting the semver constraints of both your package and its dependencies (if they also require the same package).
它还将安装缺少的包。
🌐 It will also install missing packages.
如果指定了 -g 标志,该命令将更新全局安装的软件包。
🌐 If the -g flag is specified, this command will update globally installed packages.
如果未指定包名称,则将更新指定位置(全局或本地)中的所有包。
🌐 If no package name is specified, all packages in the specified location (global or local) will be updated.
请注意,默认情况下,npm update 不会更新你项目 package.json 中直接依赖的语义化版本值,如果你也想更新 package.json 中的值,可以运行:npm update --save(或者在 配置文件 中添加 save=true 选项,使其成为默认行为)。
🌐 Note that by default npm update will not update the semver values of direct dependencies in your project package.json, if you want to also update values in package.json you can run: npm update --save (or add the save=true option to a configuration file to make that the default behavior).
🌐 Example
对于下面的示例,假设当前的软件包是 app,它依赖于依赖 dep1(dep2 等)。dep1 已发布的版本如下:
🌐 For the examples below, assume that the current package is app and it depends on dependencies, dep1 (dep2, .. etc.). The published versions of dep1 are:
{"dist-tags": { "latest": "1.2.2" },"versions": ["1.2.2","1.2.1","1.2.0","1.1.2","1.1.1","1.0.0","0.4.1","0.4.0","0.2.0"]}
🌐 Caret Dependencies
如果 app 的 package.json 包含:
🌐 If app's package.json contains:
"dependencies": {"dep1": "^1.1.1"}
然后 npm update 会安装 dep1@1.2.2,因为 1.2.2 是 latest 且 1.2.2 满足 ^1.1.1。
🌐 Then npm update will install dep1@1.2.2, because 1.2.2 is latest and 1.2.2 satisfies ^1.1.1.
🌐 Tilde Dependencies
但是,如果 app 的 package.json 包含:
🌐 However, if app's package.json contains:
"dependencies": {"dep1": "~1.1.1"}
在这种情况下,运行 npm update 将会安装 dep1@1.1.2。即使 latest 标签指向 1.2.2,这个版本仍然不满足 ~1.1.1,而 ~1.1.1 相当于 >=1.1.1 <1.2.0。因此,将使用满足 ~1.1.1 的排序最高的版本,也就是 1.1.2。
🌐 In this case, running npm update will install dep1@1.1.2. Even though the latest tag points to 1.2.2, this version do not satisfy ~1.1.1, which is equivalent to >=1.1.1 <1.2.0. So the highest-sorting version that satisfies ~1.1.1 is used, which is 1.1.2.
🌐 Caret Dependencies below 1.0.0
假设 app 存在对低于 1.0.0 版本的插入符号依赖,例如:
🌐 Suppose app has a caret dependency on a version below 1.0.0, for example:
"dependencies": {"dep1": "^0.2.0"}
npm update 将安装 dep1@0.2.0,因为没有其他版本能够满足 ^0.2.0。
如果依赖于 ^0.4.0:
🌐 If the dependence were on ^0.4.0:
"dependencies": {"dep1": "^0.4.0"}
然后 npm update 将安装 dep1@0.4.1,因为这是满足 ^0.4.0(>= 0.4.0 <0.5.0)的最高排序版本
🌐 Then npm update will install dep1@0.4.1, because that is the highest-sorting version that satisfies ^0.4.0 (>= 0.4.0 <0.5.0)
🌐 Subdependencies
假设你的应用现在还依赖于 dep2
🌐 Suppose your app now also has a dependency on dep2
{"name": "my-app","dependencies": {"dep1": "^1.0.0","dep2": "1.0.0"}}
而 dep2 本身依赖于这个有限范围的 dep1
🌐 and dep2 itself depends on this limited range of dep1
{"name": "dep2","dependencies": {"dep1": "~1.1.1"}}
然后 npm update 会安装 dep1@1.1.2,因为这是 dep2 允许的最高版本。当单个版本可以满足树中多个依赖的 semver 要求时,npm 会优先在你的依赖树中只保留一个 dep1 版本,而不是两个。在这种情况下,如果你确实需要你的包使用更新的版本,你就需要使用 npm install。
🌐 Then npm update will install dep1@1.1.2 because that is the highest version that dep2 allows. npm will prioritize having a single version of dep1 in your tree rather than two when that single version can satisfy the semver requirements of multiple dependencies in your tree. In this case if you really did need your package to use a newer version you would need to use npm install.
🌐 Updating Globally-Installed Packages
npm update -g 将对每个全局安装且 outdated 的软件包执行 update 操作——也就是说,其版本与 wanted 不同的软件包。
注意:全局安装的包会被视为已使用插入符号(^)的语义化版本范围安装。因此,如果你需要更新到 latest,你可能需要运行 npm install -g [<pkg>...]
注意:如果一个软件包已升级到比 latest 更新的版本,它将被 降级。
🌐 NOTE: If a package has been upgraded to a version newer than latest, it will be downgraded.
🌐 Configuration
savetrue,除非使用 npm update 时,默认值为 false将已安装的软件包保存到 package.json 文件中作为依赖。
🌐 Save installed packages to a package.json file as dependencies.
与 npm rm 命令一起使用时,会移除对 package.json 的依赖。
🌐 When used with the npm rm command, removes the dependency from package.json.
如果设置为 false,也将阻止向 package-lock.json 写入。
🌐 Will also prevent writing to package-lock.json if set to false.
global以“全局”模式运行,因此软件包会安装到 prefix 文件夹中,而不是当前工作目录。有关行为差异的更多信息,请参见 folders。
🌐 Operates in "global" mode, so that packages are installed into the prefix folder instead of the current working directory. See folders for more on the differences in behavior.
{prefix}/lib/node_modules 文件夹中,而不是当前工作目录。{prefix}/bin 关联{prefix}/share/maninstall-strategy设置在 node_modules 中安装包的策略。hoisted(默认):在顶层安装非重复包,必要时在目录结构中安装重复包。nested(原先为 --legacy-bundling):就地安装,不采用提升。shallow(原先为 --global-style):仅在顶层安装直接依赖。linked(实验性):安装在 node_modules/.store 中,就地链接,不提升。
🌐 Sets the strategy for installing packages in node_modules. hoisted (default): Install non-duplicated in top-level, and duplicated as necessary within directory structure. nested: (formerly --legacy-bundling) install in place, no hoisting. shallow (formerly --global-style) only install direct deps at top-level. linked: (experimental) install in node_modules/.store, link in place, unhoisted.
legacy-bundling--install-strategy=nested不要在 node_modules 中提升包安装,而是按照依赖的方式安装包。这可能会导致非常深的目录结构和重复的包安装,因为没有去重功能。设置 --install-strategy=nested。
🌐 Instead of hoisting package installs in node_modules, install packages in the same manner that they are depended on. This may cause very deep directory structures and duplicate package installs as there is no de-duplicating. Sets --install-strategy=nested.
global-style--install-strategy=shallow 取代只在顶层 node_modules 安装直接依赖,但在更深层的依赖上使用提升(hoist)。设置 --install-strategy=shallow。
🌐 Only install direct dependencies in the top level node_modules, but hoist on deeper dependencies. Sets --install-strategy=shallow.
omitNODE_ENV 环境变量设置为 'production',则为 'dev',否则为空。要从磁盘上的安装树中省略的依赖类型。
🌐 Dependency types to omit from the installation tree on disk.
请注意,这些依赖仍然会被解析并添加到 package-lock.json 或 npm-shrinkwrap.json 文件中。它们只是没有实际安装到磁盘上。
🌐 Note that these dependencies are still resolved and added to the package-lock.json or npm-shrinkwrap.json file. They are just not physically installed on disk.
如果某种封装类型同时出现在 --include 和 --omit 列表中,那么它将被包括在内。
🌐 If a package type appears in both the --include and --omit lists, then it will be included.
如果生成的省略列表包含 'dev',那么所有生命周期脚本的 NODE_ENV 环境变量将被设置为 'production'。
🌐 If the resulting omit list includes 'dev', then the NODE_ENV environment variable will be set to 'production' for all lifecycle scripts.
strict-peer-deps如果设置为 true,且未设置 --legacy-peer-deps,那么任何冲突的 peerDependencies 都将被视为安装失败,即使 npm 能够基于非 peer 依赖合理地猜测适当的解决方案。
🌐 If set to true, and --legacy-peer-deps is not set, then any conflicting peerDependencies will be treated as an install failure, even if npm could reasonably guess the appropriate resolution based on non-peer dependency relationships.
默认情况下,依赖图中深层的冲突 peerDependencies 将使用最近的非对等依赖规范来解决,即使这样做会导致某些包获得的对等依赖超出其包的 peerDependencies 对象中设置的范围。
🌐 By default, conflicting peerDependencies deep in the dependency graph will be resolved using the nearest non-peer dependency specification, even if doing so will result in some packages receiving a peer dependency outside the range set in their package's peerDependencies object.
当执行此类覆盖时,会打印警告,解释冲突及涉及的包。如果设置了 --strict-peer-deps,则此警告将被视为失败。
🌐 When such an override is performed, a warning is printed, explaining the conflict and the packages involved. If --strict-peer-deps is set, then this warning is treated as a failure.
package-lock如果设置为 false,则在安装时忽略 package-lock.json 文件。如果 save 为 true,这也将防止写入 package-lock.json。
🌐 If set to false, then ignore package-lock.json files when installing. This will also prevent writing package-lock.json if save is true.
foreground-scripts在前台进程中运行已安装包的所有构建脚本(即 preinstall、install 和 postinstall 脚本),并与主 npm 进程共享标准输入、输出和错误。
🌐 Run all build scripts (ie, preinstall, install, and postinstall) scripts for installed packages in the foreground process, sharing standard input, output, and error with the main npm process.
请注意,这通常会使安装运行速度变慢,并且噪音更大,但对调试很有用。
🌐 Note that this will generally make installs run slower, and be much noisier, but can be useful for debugging.
ignore-scripts如果为 true,npm 不会运行 package.json 文件中指定的脚本。
🌐 If true, npm does not run scripts specified in package.json files.
请注意,明确用于运行特定脚本的命令,例如 npm start、npm stop、npm restart、npm test 和 npm run-script,如果设置了 ignore-scripts,仍会运行其指定的脚本,但它们不会运行任何前置或后置脚本。
🌐 Note that commands explicitly intended to run a particular script, such as npm start, npm stop, npm restart, npm test, and npm run-script will still run their intended script if ignore-scripts is set, but they will not run any pre- or post-scripts.
audit当设置为“true”时,会将审核报告与当前的 npm 命令一起提交到默认注册表以及为作用域配置的所有注册表。有关提交内容的详细信息,请参阅 npm audit 文档。
🌐 When "true" submit audit reports alongside the current npm command to the default registry and all registries configured for scopes. See the documentation for npm audit for details on what is submitted.
bin-links告诉 npm 为包的可执行文件创建符号链接(在 Windows 上则创建 .cmd 垫片)。
🌐 Tells npm to create symlinks (or .cmd shims on Windows) for package executables.
设置为 false 可使其不执行此操作。这可以用来应对某些文件系统不支持符号链接的情况,即使在表面上的 Unix 系统上也是如此。
🌐 Set to false to have it not do this. This can be used to work around the fact that some file systems don't support symlinks, even on ostensibly Unix systems.
fund当“true”显示消息时,会在每个 npm install 的末尾确认正在寻找资金的依赖数量。详情请参见 npm fund。
🌐 When "true" displays the message at the end of each npm install acknowledging the number of dependencies looking for funding. See npm fund for details.
dry-run表示你不希望 npm 做出任何更改,并且它只应该报告本来会做的事情。这个选项可以传递给任何修改本地安装的命令,例如 install、update、dedupe、uninstall,以及 pack 和 publish。
🌐 Indicates that you don't want npm to make any changes and that it should only report what it would have done. This can be passed into any of the commands that modify your local installation, eg, install, update, dedupe, uninstall, as well as pack and publish.
注意:其他与网络相关的命令(例如 dist-tags、owner 等)不支持此项。
🌐 Note: This is NOT honored by other network related commands, eg dist-tags, owner, etc.
workspace启用在当前项目的已配置工作区的上下文中运行命令,同时通过仅运行此配置选项定义的工作区进行过滤。
🌐 Enable running a command in the context of the configured workspaces of the current project while filtering by running only the workspaces defined by this configuration option.
workspace 配置的有效值为以下之一:
🌐 Valid values for the workspace config are either:
对于 npm init 命令设置时,可以将其设置为一个尚不存在的工作区文件夹,以创建该文件夹并将其作为项目内全新的工作区进行设置。
🌐 When set for the npm init command, this may be set to the folder of a workspace which does not yet exist, to create the folder and set it up as a brand new workspace within the project.
此值不会导出到子进程的环境中。
🌐 This value is not exported to the environment for child processes.
workspaces设置为 true 以在 所有 配置的工作区上下文中运行命令。
🌐 Set to true to run the command in the context of all configured workspaces.
将此显式设置为 false 会导致像 install 这样的命令完全忽略工作区。如果不显式设置:
🌐 Explicitly setting this to false will cause commands like install to ignore workspaces altogether. When not set explicitly:
node_modules 树操作的命令(安装、更新等)会将工作区链接到 node_modules 文件夹。- 执行其他操作的命令(测试、执行、发布等)会在根项目上运行,除非 在 workspace 配置中指定了一个或多个工作区。此值不会导出到子进程的环境中。
🌐 This value is not exported to the environment for child processes.
include-workspace-root为命令启用工作区时包括工作区根。
🌐 Include the workspace root when workspaces are enabled for a command.
当为 false 时,通过 workspace 配置指定单个工作区,或通过 workspaces 标志指定所有工作区,将导致 npm 仅在指定的工作区上操作,而不会在根项目上操作。
🌐 When false, specifying individual workspaces via the workspace config, or all workspaces via the workspaces flag, will cause npm to operate only on the specified workspaces, and not on the root project.
此值不会导出到子进程的环境中。
🌐 This value is not exported to the environment for child processes.
install-links当设置文件时:协议依赖将作为常规依赖被打包和安装,而不会创建符号链接。此选项对工作区没有影响。
🌐 When set file: protocol dependencies will be packed and installed as regular dependencies instead of creating a symlink. This option has no effect on workspaces.
🌐 See Also