Why install npm packages as "--save-exact"?
i was wondering why Huston Hedinger & Ken Howard suggest making all the local installs of npm packages in this course, particularly mongoose, the node mongodb driver, with the
--save-dev-exact flag? isn't it better to just save in the regular way, so if these packages ever update, our app will still work with them?
please advise. i don't see any advantage to saving for exact versions, as these packages are always constantly updating.
— faddah portland, oregon, u.s.a.
Dave McFarlandTreehouse Teacher
Faddah Wolf If you're building out a production app, you don't always want to let your dependencies automatically update -- even if you've only specified a PATCH update, with hundreds of inter-working packages there is a possibility that an untested update could blow up your app. In development and when messing around with an app, you're probably safe allowing PATCH or MINOR updates. I believe Huston and Ken are modeling a real-world scenario where you are building out an app that's going into production and you KNOW that the modules and all their dependencies work at the current (EXACT version) they are at now.
In addition, using --save-exact makes sure that if you are following along the tutorial will always work.