Why install npm packages as "--save-exact"?

Question

hi,
i was wondering why @Huston Hedinger (https://teamtreehouse.com/hustonhedinger) & @Ken Howard (https://teamtreehouse.com/kenhowardpdx) suggest making all the local installs of npm packages in this course, particularly mongoose, the node mongodb driver, with the --save-exact or --save-dev-exact flag? isn't it better to just save in the regular way, so if these packages ever update, our app will still work with them?
please advise. i don't see any advantage to saving for exact versions, as these packages are always constantly updating.
best,
—  faddah
     portland, oregon, u.s.a.

Dave McFarland · Accepted Answer

@Faddah Wolf (https://teamtreehouse.com/faddah) If you're building out a production app, you don't always want to let your dependencies automatically update -- even if you've only specified a PATCH update, with hundreds of inter-working packages there is a possibility that an untested update could blow up your app. In development and when messing around with an app, you're probably safe allowing PATCH or MINOR updates. I believe Huston and Ken are modeling a real-world scenario where you are building out an app that's going into production and you KNOW that the modules and all their dependencies work at the current (EXACT version) they are at now.
In addition, using --save-exact makes sure that if you are following along the tutorial will always work.

Faddah Wolf · Answer

hi @Dave McFarland (https://teamtreehouse.com/davemcfarland),
thank you for your response — ok, i think i understand a bit better now. i will mark yours as best answer and close this out.
best,
—  faddah
 portland, oregon, u.s.a.

Welcome to the Treehouse Community

Looking to learn something new?

Faddah Wolf

Faddah Wolf

Why install npm packages as "--save-exact"?

2 Answers

Dave McFarland

Dave McFarland

Faddah Wolf

Faddah Wolf