Types of Dependencies
Dependencies are specified in a simple object that maps a package name to a version range. The version range is a string which has one or more space-separated descriptors. Dependencies can also be identified with a tarball or git URL.
Please do not put test harnesses or transpilers in your
dependencies
object. See devDependencies
, below.
See semver(7) for more details about specifying version ranges.
version
Must matchversion
exactly>version
Must be greater thanversion
>=version
etc<version
<=version
~version
"Approximately equivalent to version" See semver(7)^version
"Compatible with version" See semver(7)1.2.x
1.2.0, 1.2.1, etc., but not 1.3.0http://...
See 'URLs as Dependencies' below*
Matches any version""
(just an empty string) Same as*
version1 - version2
Same as>=version1 <=version2
.range1 || range2
Passes if either range1 or range2 are satisfied.git...
See 'Git URLs as Dependencies' belowuser/repo
See 'GitHub URLs' belowtag
A specific version tagged and published astag
Seenpm-tag(1)
path/path/path
See Local Paths below
For example, these are all valid:
{ "dependencies" :
{ "foo" : "1.0.0 - 2.9999.9999"
, "bar" : ">=1.0.2 <2.1.2"
, "baz" : ">1.0.2 <=2.3.4"
, "boo" : "2.0.1"
, "qux" : "<1.0.0 || >=2.3.1 <2.4.5 || >=2.5.2 <3.0.0"
, "asd" : "http://asdf.com/asdf.tar.gz"
, "til" : "~1.2"
, "elf" : "~1.2.3"
, "two" : "2.x"
, "thr" : "3.3.x"
, "lat" : "latest"
, "dyl" : "file:../dyl"
}
}
URLs as Dependencies
You may specify a tarball URL in place of a version range.
This tarball will be downloaded and installed locally to your package at install time.
Git URLs as Dependencies
Git urls can be of the form:
git://github.com/user/project.git#commit-ish
git+ssh://user@hostname:project.git#commit-ish
git+ssh://user@hostname/project.git#commit-ish
git+http://user@hostname/project/blah.git#commit-ish
git+https://user@hostname/project/blah.git#commit-ish
The commit-ish
can be any tag, sha, or branch which can be supplied as
an argument to git checkout
. The default is master
.
GitHub URLs
As of version 1.1.65, you can refer to GitHub urls as just "foo":
"user/foo-project". Just as with git URLs, a commit-ish
suffix can be
included. For example:
{
"name": "foo",
"version": "0.0.0",
"dependencies": {
"express": "visionmedia/express",
"mocha": "visionmedia/mocha#4727d357ea"
}
}
Local Paths
As of version 2.0.0 you can provide a path to a local directory that contains a
package. Local paths can be saved using npm install -S
or
npm install --save
, using any of these forms:
../foo/bar
~/foo/bar
./foo/bar
/foo/bar
in which case they will be normalized to a relative path and added to your
package.json
. For example:
{
"name": "baz",
"dependencies": {
"bar": "file:../foo/bar"
}
}
This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, but should not be used when publishing packages to the public registry.