如何覆盖嵌套的NPM依赖版本?

I would like to use the grunt-contrib-jasmine NPM package. It has various dependencies. Part of the dependency graph looks like this:

我想使用grunt- managed -jasmine NPM套装。它有各种依赖关系。依赖性图的一部分是这样的:

─┬ grunt-contrib-jasmine@0.4.1
 │ ├─┬ grunt-lib-phantomjs@0.2.0
 │ │ ├─┬ phantomjs@1.8.2-2

Unfortunately, there's a bug in this version phantomjs which prevents it from installing correctly on Mac OS X. This is fixed in the latest version.

不幸的是，这个版本的phantomjs中有一个错误，这个错误导致它无法在Mac OS x上正确安装。

How can I get grunt-lib-phantomjs to use a newer version of phantomjs?

我怎么能让grunt-lib-phantomjs使用新版本的phantomjs?

Some additional context:

一些额外的背景:

grunt-contrib-jasmine explicitly requires version "~0.2.0" of grunt-lib-phantomjs, which explicitly requires version "~1.8.1" of phantomjs.
grunt-悔过-jasmine明确要求grunt-lib-phantomjs版本“~0.2.0”，明确要求phantomjs版本“~1.8.1”。
Adding phantomjs to my package's dependencies first has no effect; both versions are installed and grunt-contrib-jasmine still uses the older versions (see: When installing a package with NPM, can you tell it to use a different version of one of its dependencies?).
首先向包的依赖项添加phantomjs没有任何效果;两个版本都已安装，grunt- managed -jasmine仍然使用旧版本(参见:在使用NPM安装包时，您能告诉它使用一个依赖项的不同版本吗?)

3 个解决方案

#1

179

You've probably found a workaround for this already.

你可能已经找到了解决方法。

Anyway, you can use npm shrinkwrap functionality, in order to override any dependency or sub-dependency.

无论如何，您可以使用npm shrinkwrap功能，以覆盖任何依赖项或子依赖项。

I've just done this in a grunt project of ours. We needed a newer version of connect, since 2.7.3. was causing trouble for us. So I created a file named npm-shrinkwrap.json :

我刚刚在我们一个乏味的项目中做了这个。我们需要一个更新的connect版本，从2.7.3开始。给我们带来了麻烦。所以我创建了一个名为npm-shrinkwrap的文件。json:

{
  "dependencies": {
    "grunt-contrib-connect": {
      "version": "0.3.0",
      "from": "grunt-contrib-connect@0.3.0",
      "dependencies": {
        "connect": {
          "version": "2.8.1",
          "from": "connect@~2.7.3"
        }
      }
    }
  }
}

npm should automatically pick it up while doing the install for the project.

在为项目进行安装时，npm应该自动拾取它。

(See: https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/)

(参见:https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/)

#2

For those from 2018 and beyond, using npm version 5 or later: edit your package-lock.json: remove the library from "requires" section and add it under "dependencies".

对于那些从2018年以后使用npm版本5或更高版本的用户，请编辑您的包锁。json:将库从“required”部分移除，并将其添加到“依赖项”中。

For example, you want deglob package to use glob package version 3.2.11 instead of its current one. You open package-lock.json and see:

例如，您希望deglob包使用glob包3.2.11版本而不是当前版本。你打开package-lock。json和看到的:

"deglob": {
  "version": "2.1.0",
  "resolved": "https://registry.npmjs.org/deglob/-/deglob-2.1.0.tgz",
  "integrity": "sha1-TUSr4W7zLHebSXK9FBqAMlApoUo=",
  "requires": {
    "find-root": "1.1.0",
    "glob": "7.1.2",
    "ignore": "3.3.5",
    "pkg-config": "1.1.1",
    "run-parallel": "1.1.6",
    "uniq": "1.0.1"
  }
},

Remove "glob": "7.1.2", from "requires", add "dependencies" with proper version:

从“需要”中删除“glob”:“7.1.2”，添加“依赖项”，并使用适当的版本:

"deglob": {
  "version": "2.1.0",
  "resolved": "https://registry.npmjs.org/deglob/-/deglob-2.1.0.tgz",
  "integrity": "sha1-TUSr4W7zLHebSXK9FBqAMlApoUo=",
  "requires": {
    "find-root": "1.1.0",
    "ignore": "3.3.5",
    "pkg-config": "1.1.1",
    "run-parallel": "1.1.6",
    "uniq": "1.0.1"
  },
  "dependencies": {
    "glob": {
      "version": "3.2.11"
    }
  }
},

Now remove your node_modules folder, run npm install and it will add missing parts to the "dependencies" section.

现在，删除node_modules文件夹，运行npm安装，它将为“依赖项”部分添加缺失的部分。

#3

Simplest minimum is to only add the initial shrinkwrapped dependency json to package.json. The "from" and "to" needed

最简单的最小值是只将最初的收缩包装依赖项json添加到package.json中。“从”和“到”需要

"grunt-contrib-connect": {
  "version": "0.3.0",
  "from": "grunt-contrib-connect@0.3.0",
  "dependencies": {
    "connect": {
      "version": "2.8.1",
      "from": "connect@~2.7.3"
    }
  }
}

#1

179