npm 是 Node.js 附带的包管理器。它可用于安装和发布 CommonJS 和 ECMAScript 模块、jQuery 插件、可重用 JavaScript 代码（库）、基于 JavaScript 的 CLI 程序等。

要列出用户在其本地环境中成功安装的 npm 软件包，您可以执行以下步骤：

1. 打开命令行界面。
2. 使用 `cd` 命令导航到项目的根目录，这样可以确保您查看的是特定项目的依赖项。如果您想查看全局安装的软件包，则可以跳过这一步。
3. 运行以下命令：

   - 查看项目的本地安装的软件包：
     ```sh
     npm list
     ```
   - 查看全局安装的软件包：
     ```sh
     npm list -g --depth=0
     ```
   这个命令会列出全局安装的顶级（也就是说不包括它们的依赖）软件包。`--depth=0` 参数确保只列出顶级包，而不是它们所有的依赖项。

4. 命令执行后，终端会输出一个树形结构，显示所有已安装的软件包及其版本号。

例如，如果您运行 `npm list` 在一个包含 `express` 和 `lodash` 的项目中，输出可能看起来像这样：

```plaintext
project-name@1.0.0 /path/to/project-name
├── express@4.17.1
└── lodash@4.17.20
```

这表明您的项目成功安装了 `express` v4.17.1 和 `lodash` v4.17.20。

还有一些其他的参数可以用来自定义输出内容，例如：

- `--prod` 只显示生产环境的依赖。
- `--dev` 只显示开发环境的依赖。
- `--json` 以 JSON 格式输出结果。

这些命令和参数可以帮助任何使用 npm 的开发者快速查看已安装的软件包信息。

npm list -g --depth=0
    

*   **npm**: the Node.js package manager command line tool
*   **list -g**: display a tree of every package found in the user’s folders (without the `-g` option it only shows the current directory’s packages)
*   **\--depth 0 / --depth=0**: avoid including every package’s dependencies in the tree view

You can get a list of all globally installed modules using:

    ls `npm root -g`

**As of 13 December 2015**

[![npm list illustration](https://i.stack.imgur.com/VQVGv.gif)](https://i.stack.imgur.com/VQVGv.gif)

_While I found the accepted answer 100% correct, and useful, I wished to expand upon it a little based on my own experiences, and hopefully for the benefit of others too. (Here I am using the terms package and module interchangeably)_

In an answer to the question, yes the accepted answer would be:

    npm list -g --depth=0
    

You might wish to check for a particular module installed globally, on Unix-like systems or when [grep](https://en.wikipedia.org/wiki/Grep) is available. This is particularly useful when checking what version of a module you are using (globally installed; just remove the `-g` flag if checking a local module):

    npm list -g --depth=0 | grep <module_name>
    

If you'd like to see all available (remote) versions for a particular module, then do:

    npm view <module_name> versions
    

Note, _versions_ is plural. This will give you the full listing of versions to choose from.

For the latest remote version:

    npm view <module_name> version
    

Note, _version_ is singular.

To find out which packages need to be updated, you can use:

    npm outdated -g --depth=0
    

To update global packages, you can use

    npm update -g <package>
    

To update all global packages, you can use:

    npm update -g
    

(However, for npm versions less than 2.6.1, please also see [this link](https://docs.npmjs.com/getting-started/updating-global-packages) as there is a special script that is recommended for globally updating all packages.)

The above commands should work across NPM versions 1.3.x, 1.4.x, 2.x and 3.x.

List NPM packages with some friendly GUI!
-----------------------------------------

This is what I personally prefer and it may be for others too, it may also help during presentations or meetings.

With `npm-gui` you can list local and global packages with a better visualization.

You can find the package at

*   _[npm-gui](https://www.npmjs.com/package/npm-gui)_ (npm)
*   _[npm-gui](https://github.com/q-nick/npm-gui)_ (GitHub)

Run the following

    // Once
    npm install -g npm-gui
    
    cd c:\your-prject-folder
    npm-gui localhost:9000
    

Then open your browser at `http:\\localhost:9000`

[![npm-gui](https://i.stack.imgur.com/WAd0c.png)](https://i.stack.imgur.com/WAd0c.png)

For project dependencies use:

    npm list --depth=0
    

For global dependencies use:

    npm list -g --depth=0

How to list npm user-installed packages

在默认情况下，运行 `npm install` 不会重新生成整个 `package-lock.json` 文件。`npm install` 主要有两个目的：

1. 在没有 `package-lock.json` 文件时，安装 `package.json` 中定义的依赖并生成一个新的 `package-lock.json` 文件。这个新生成的文件确保了未来的安装能得到相同版本的依赖，使得项目更加稳定可靠。
2. 当已经存在 `package-lock.json` 文件时，`npm install` 会依照这个文件安装确切版本的依赖，以保证所有使用该项目的开发者都有着一致的依赖树。

然而，当你添加新的包或者更新现有包的版本时，例如使用 `npm install <package>` 或 `npm install <package>@<version>`，`npm` 会更新 `package.json` 并相应地调整 `package-lock.json` 来反映新的依赖信息。这种情况下，`package-lock.json` 文件确实会被修改，但不是完全重写，而是更新或添加了相关依赖的条目。

例如，假设我正在开发一个使用 Express.js 的 Node.js 应用，并且我希望安装一个新的依赖，比如 `axios`。我会运行：

```sh
npm install axios
```

此命令会将 `axios` 添加到 `package.json` 文件中，并更新 `package-lock.json` 文件以包含 `axios` 及其所有子依赖的确切版本信息。如果我已经安装了 `axios`，但是我想要升级到一个新版本，我可以指定版本号：

```sh
npm install axios@0.21.1
```

这将会更新 `package.json` 和 `package-lock.json` 文件，以反映我所选择的 `axios` 版本。这样的更新是选择性的，并且仅针对被修改或添加的依赖部分。

如果确实需要重新生成 `package-lock.json` 文件，可以删除已有的 `package-lock.json` 文件和 `node_modules` 目录，然后运行 `npm install`，这样会基于 `package.json` 中的依赖重新创建一个新的 `package-lock.json` 文件及安装所有依赖。但在日常开发中，这通常是不必要的。

**Update 3:** As other answers point out as well, the `npm ci` command got introduced in npm 5.7.0 as additional way to achieve fast and reproducible builds in the CI context. See the [documentation](https://docs.npmjs.com/cli/ci.html) and [npm blog](https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable) for further information.

* * *

**Update 2:** The issue to update and clarify the documentation is [GitHub issue #18103](https://github.com/npm/npm/issues/18103).

* * *

**Update 1:** The behaviour that was described below got fixed in npm 5.4.2: the currently intended behaviour is outlined in [GitHub issue #17979](https://github.com/npm/npm/issues/17979#issuecomment-332701215).

* * *

**Original answer (pre-5.4.2):** The behaviour of `package-lock.json` was changed in [npm 5.1.0](https://github.com/npm/npm/releases/tag/v5.1.0) as discussed in [issue #16866](https://github.com/npm/npm/issues/16866). The behaviour that you observe is apparently intended by npm as of version 5.1.0.

That means that `package.json` can override `package-lock.json` whenever a newer version is found for a dependency in `package.json`. If you want to pin your dependencies effectively, you now must specify the versions without a prefix, e.g., you need to write them as `1.2.0` instead of `~1.2.0` or `^1.2.0`. Then the combination of `package.json` and `package-lock.json` will yield reproducible builds. To be clear: `package-lock.json` alone no longer locks the root level dependencies!

Whether this design decision was good or not is arguable, there is an ongoing discussion resulting from this confusion on GitHub in [issue #17979](https://github.com/npm/npm/issues/17979). (In my eyes it is a questionable decision; at least the name `lock` doesn't hold true any longer.)

One more side note: there is also a restriction for registries that don’t support immutable packages, such as when you pull packages directly from GitHub instead of npmjs.org. See [this documentation of package locks](https://docs.npmjs.com/files/package-locks) for further explanation.

I've found that there will be a new version of npm [5.7.1](https://github.com/npm/npm/releases/tag/v5.7.1) with the new command `npm ci`, that will install from `package-lock.json` only

> The new npm ci command installs from your lock-file ONLY. If your package.json and your lock-file are out of sync then it will report an error.
> 
> It works by throwing away your node\_modules and recreating it from scratch.
> 
> Beyond guaranteeing you that you'll only get what is in your lock-file it's also much faster (2x-10x!) than npm install when you don't start with a node\_modules.
> 
> As you may take from the name, we expect it to be a big boon to continuous integration environments. We also expect that folks who do production deploys from git tags will see major gains.

**Short Answer:**

*   `npm install` honors package-lock.json only if it satisfies the requirements of package.json.
*   If it doesn't satisfy those requirements, packages are updated & package-lock is overwritten.
*   If you want the install to fail instead of overwriting package-lock when this happens, use `npm ci`.

* * *

**Here is a scenario that might explain things (Verified with NPM 6.3.0)**

You declare a dependency in package.json like:

    "depA": "^1.0.0"
    

Then you do, `npm install` which will generate a package-lock.json with:

    "depA": "1.0.0"
    

Few days later, a newer minor version of "depA" is released, say "1.1.0", then the following holds true:

    npm ci       # respects only package-lock.json and installs 1.0.0
    
    npm install  # also, respects the package-lock version and keeps 1.0.0 installed 
                 # (i.e. when package-lock.json exists, it overrules package.json)
    

Next, you manually update your package.json to:

    "depA": "^1.1.0"
    

Then rerun:

    npm ci      # will try to honor package-lock which says 1.0.0
                # but that does not satisfy package.json requirement of "^1.1.0" 
                # so it would throw an error 
    
    npm install # installs "1.1.0" (as required by the updated package.json)
                # also rewrites package-lock.json version to "1.1.0"
                # (i.e. when package.json is modified, it overrules the package-lock.json)

Use the newly introduced

    npm ci
    

> npm ci promises the most benefit to large teams. Giving developers the ability to “sign off” on a package lock promotes more efficient collaboration across large teams, and the ability to install exactly what is in a lockfile has the potential to save tens if not hundreds of developer hours a month, freeing teams up to spend more time building and shipping amazing things.

[Introducing `npm ci` for faster, more reliable builds](https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable)

Use the `npm ci` command instead of `npm install`.

"ci" stands for "clean install".

It will install the project dependencies based on the package-lock.json file instead of the lenient package.json file dependencies.

It will produce identical builds to your team mates and it is also much faster.

You can read more about it in this blog post: [https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable](https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable)

Why does "npm install" rewrite package- lock.json ?

首先，`nvm`（Node Version Manager）是一个用于管理多个Node.js版本的工具，它允许用户轻松切换和安装不同的Node.js版本。以下是使用`nvm`升级Node.js版本的步骤：

1. **安装或确认安装了 nvm**：
   要使用`nvm`升级Node.js，您首先需要确认您的系统上已经安装了`nvm`。可以通过在终端中运行以下命令来检查：

   ```
   nvm --version
   ```

   如果您还没有安装`nvm`，可以访问官方的[nvm GitHub仓库](https://github.com/nvm-sh/nvm)来查看安装说明。

2. **列出可用的 Node.js 版本**：
   要检查可用的Node.js版本，您可以使用`nvm`列出所有远程服务器上的版本：

   ```
   nvm ls-remote
   ```

   这个命令会列出所有可用的版本，包括LTS（长期支持）版本。

3. **安装新的 Node.js 版本**：
   当您决定要安装一个特定版本的Node.js时，可以使用以下命令：

   ```
   nvm install <version>
   ```

   您可以将`<version>`替换为特定的版本号，例如`14.17.0`，或者使用`node`代表最新的稳定版本：

   ```
   nvm install node
   ```

   这将安装最新的稳定Node.js版本。

4. **切换至新版本**：
   安装完新版本后，您可以使用如下命令切换到新版本：

   ```
   nvm use <version>
   ```

   类似地，将`<version>`替换为您刚才安装的版本号，或者使用`node`来选择最新安装的版本。

5. **确认新版本的 Node.js**：
   完成上述步骤后，您可以通过以下命令确认当前使用的Node.js版本：

   ```
   node --version
   ```

   这应该显示您刚才选择的版本。

6. **升级 npm（如果需要的话）**：
   某些时候，您可能还需要升级`npm`（Node包管理器）。您可以使用以下命令来升级`npm`：

   ```
   npm install -g npm
   ```

7. **设置默认 Node.js 版本**：
   如果您希望每次打开一个新的终端时都使用新版的Node.js，可以将它设置为默认版本：

   ```
   nvm alias default <version>
   ```

8. **如果有必要，重新安装全局包**：
   有时候，升级Node.js后，您可能需要重新安装全局Node包。您可以通过查看当前版本的全局包，然后在新版本中重新安装它们。

   ```
   nvm ls-remote --reinstall-packages-from=<old_version>
   ```

   将`<old_version>`替换为您之前使用的Node.js版本。

通过这些步骤，您应该能够在不影响旧版Node.js及其依赖的情况下，安全且正确地使用`nvm`升级Node.js版本。

This may work:

    nvm install NEW_VERSION --reinstall-packages-from=OLD_VERSION
    

For example:

    nvm install 6.7 --reinstall-packages-from=6.4
    

then, if you want, you can delete your previous version with:

    nvm uninstall OLD_VERSION
    

Where, in your case, NEW\_VERSION = 5.4 OLD\_VERSION = 5.0

Alternatively, try:

    nvm install node --reinstall-packages-from=current
    

Or you can update to the last long-term support version with

    nvm install lts --reinstall-packages-from=current

You can more simply run one of the following commands:

**Latest version**:

    nvm install node --reinstall-packages-from=node
    

**Stable (LTS) version**: (if currently in use)

    nvm install "lts/*" --reinstall-packages-from="$(nvm current)"
    

This will install the appropriate version and reinstall all packages from the currently used node version.

This saves you from manually handling the specific versions.

* * *

Kudos to @m4js7er for commenting about the LTS version.

> ⚡ **TWO** Simple Solutions:

To install the latest version of node and reinstall the old version packages just run the following command.

    nvm install node --reinstall-packages-from=node
    

To install the latest `lts` (long term support) version of node and reinstall the old version packages just run the following command.

    nvm install --lts /* --reinstall-packages-from=node
    

> Here's a **GIF** animation to support this answer:

> [![nvm](https://i.imgur.com/ZEvUYVo.gif)](https://i.imgur.com/ZEvUYVo.gif)

Here are the steps that worked for me for **Ubuntu** OS and using `nvm`

Go to nodejs website and get the last **LTS** version (for example the version will be: x.y.z)

    nvm install x.y.z
    # In my case current version is: 14.15.4 (and had 14.15.3)
    

After that, execute `nvm list` and you will get list of node versions installed by nvm.

Now you need to switch to the default last installed one by executing:

    nvm alias default x.y.z
    

List again or run `nvm --version` to check: [![enter image description here](https://i.stack.imgur.com/zCtUx.png)](https://i.stack.imgur.com/zCtUx.png)

**Update**: sometimes even if i go over the steps above it doesn't work, so what i did was removing the symbolic links in `/usr/local/bin`

    cd /usr/local/bin
    sudo rm node npm npx
    

And relink:

    sudo ln -s $(which node) /usr/local/bin/nodesudo && ln -s $(which npm) /usr/local/bin/npmsudo && ln -s $(which npx) /usr/local/bin/npx

if you have 4.2 and want to install 5.0.0 then

    nvm install v5.0.0 --reinstall-packages-from=4.2
    

the answer of gabrielperales is right except that he missed the "=" sign at the end. if you don't put the "=" sign then new node version will be installed but the packages won't be installed.

source: [sitepoint](https://www.sitepoint.com/quick-tip-multiple-versions-node-nvm/)

How to properly upgrade node using nvm

Bower和npm在功能上有着明显的区别，主要体现在它们各自的侧重点和使用场景上。以下是主要的区别：

1. **侧重点不同**：
   - **Bower**：Bower是一个前端包管理工具，专注于HTML、CSS、JavaScript等前端技术的库和框架的管理。Bower的特点是可以解决前端库的依赖问题，例如，当你需要引入一个前端库时，Bower可以自动下载该库所依赖的其他库。
   - **npm**：npm（Node Package Manager）起初是Node.js的包管理工具，用于管理Node.js模块。然而，随着前端工具链的发展，npm也被广泛用于前端项目中，它可以用来安装和管理项目依赖的库和工具，如React、Angular或Webpack等。

2. **项目结构**：
   - **Bower**：往往会将依赖安装到项目的`bower_components`目录下。
   - **npm**：会将依赖放入`node_modules`目录。

3. **包内容**：
   - **Bower**：通常包含的是编译后的代码，即最终将在浏览器中运行的代码。
   - **npm**：可能包含源码、编译后的代码，也可能包含命令行工具等。

4. **依赖管理**：
   - **Bower**：使用`bower.json`文件来管理项目的依赖关系。
   - **npm**：使用`package.json`文件来管理依赖，并且在npm v5之后，默认生成一个`package-lock.json`或在Yarn中的`yarn.lock`来锁定依赖版本，确保不同环境下安装的依赖版本一致。

5. **命令行接口**：
   - **Bower**：提供了一系列简单的命令来安装和管理前端库，例如`bower install`、`bower update`等。
   - **npm**：提供了更全面的命令行工具，不仅能安装和管理包，还能运行脚本，发布模块等，如`npm install`、`npm update`、`npm run`等。

6. **社区和生态**：
   - **Bower**：在早期前端开发中被广泛使用，但随着前端工具链的发展和npm的成熟，Bower的使用已经大幅减少。Bower自2017年起不再推荐使用，并且建议用户迁移到npm上。
   - **npm**：有着庞大的社区支持和丰富的模块生态。随着Node.js的流行，npm成为了JavaScript世界中最大的模块仓库。

举个例子，假设你在开发一个Web应用，需要引入jQuery和Bootstrap，使用Bower的话，你只需要运行`bower install jquery bootstrap`，Bower会将这两个库及其依赖的其他库（如jQuery可能被Bootstrap所依赖）下载到`bower_components`目录下。然而，随着工具如Webpack和npm脚本的流行，你现在更可能使用npm来管理这些依赖，通过`npm install jquery bootstrap`命令来安装，并通过Webpack这样的模块打包工具来组织这些库和你的应用代码。

总结来说，Bower和npm在设计上针对不同的问题和应用场景。随着前端工具链的不断发展，npm已经成为前后端通用的依赖管理工具，而Bower则逐渐淡出了主流的开发实践。

All package managers have many downsides. You just have to pick which you can live with.

History
-------

[npm](https://www.npmjs.org) started out managing node.js modules (that's why packages go into `node_modules` by default), but it works for the front-end too when combined with [Browserify](http://browserify.org/) or [webpack](https://webpack.js.org/).

[Bower](http://bower.io) is created solely for the front-end and is optimized with that in mind.

Size of repo
------------

npm is much, much larger than bower, including general purpose JavaScript (like `country-data` for country information or `sorts` for sorting functions that is usable on the front end or the back end).

Bower has a much smaller amount of packages.

Handling of styles etc
----------------------

Bower includes styles etc.

npm is focused on JavaScript. Styles are either downloaded separately or required by something like `npm-sass` or `sass-npm`.

Dependency handling
-------------------

The biggest difference is that npm does nested dependencies (but is flat by default) while Bower requires a flat dependency tree _(puts the burden of dependency resolution on the user)_.

A nested dependency tree means that your dependencies can have their own dependencies which can have their own, and so on. This allows for two modules to require different versions of the same dependency and still work. Note since npm v3, the dependency tree will be flat by default (saving space) and only nest where needed, e.g., if two dependencies need their own version of Underscore.

Some projects use both: they use Bower for front-end packages and npm for developer tools like Yeoman, Grunt, Gulp, JSHint, CoffeeScript, etc.

* * *

Resources
---------

*   [Nested Dependencies](http://maxogden.com/nested-dependencies.html) - Insight into why node\_modules works the way it does

This answer is an addition to the answer of Sindre Sorhus. The major difference between npm and Bower is the way they treat recursive dependencies. Note that they can be used together in a single project.

**On the [npm FAQ](https://web.archive.org/web/20150906022540/https://docs.npmjs.com/misc/faq#why-can-t-npm-just-put-everything-in-one-place-like-other-package-managers):** (archive.org link from 6 Sep 2015)

> It is much harder to avoid dependency conflicts without nesting dependencies. This is fundamental to the way that npm works, and has proven to be an extremely successful approach.

**On [Bower](http://bower.io/) homepage:**

> Bower is optimized for the front-end. Bower uses a flat dependency tree, requiring only one version for each package, reducing page load to a minimum.

In short, npm aims for stability. Bower aims for minimal resource load. If you draw out the dependency structure, you will see this:

npm:

    project root
    [node_modules] // default directory for dependencies
     -> dependency A
     -> dependency B
        [node_modules]
        -> dependency A
    
     -> dependency C
        [node_modules]
        -> dependency B
          [node_modules]
           -> dependency A 
        -> dependency D
    

As you can see it installs some dependencies recursively. Dependency A has three installed instances!

Bower:

    project root
    [bower_components] // default directory for dependencies
     -> dependency A
     -> dependency B // needs A
     -> dependency C // needs B and D
     -> dependency D
    

Here you see that all unique dependencies are on the same level.

**So, why bother using npm?**

Maybe dependency B requires a different version of dependency A than dependency C. npm installs both versions of this dependency so it will work anyway, but Bower will give you a _conflict_ because it does not like duplication (because loading the same resource on a webpage is very inefficient and costly, also it can give some serious errors). You will have to manually pick which version you want to install. This can have the effect that one of the dependencies will break, but that is something that you will need to fix anyway.

So, the common usage is Bower for the packages that you want to publish on your webpages (e.g. _runtime_, where you avoid duplication), and use npm for other stuff, like testing, building, optimizing, checking, etc. (e.g. _development time_, where duplication is of less concern).

**Update for npm 3:**

npm 3 still does things differently compared to Bower. It will install the dependencies globally, but only for the first version it encounters. The other versions are installed in the tree (the parent module, then node\_modules).

*   \[node\_modules\]
    *   dep A v1.0
    *   dep B v1.0
        *   dep A v1.0 (uses root version)
    *   dep C v1.0
        *   dep A v2.0 (this version is different from the root version, so it will be an nested installation)

For more information, I suggest reading the [docs of npm 3](https://docs.npmjs.com/how-npm-works/npm3-dupe)

**TL;DR: The biggest difference in everyday use isn't nested dependencies... it's the difference between modules and globals.**

I think the previous posters have covered well some of the basic distinctions. (npm's use of nested dependencies is indeed very helpful in managing large, complex applications, though I don't think it's the most important distinction.)

I'm surprised, however, that nobody has explicitly explained one of the most fundamental distinctions between Bower and npm. If you read the answers above, you'll see the word 'modules' used often in the context of npm. But it's mentioned casually, as if it might even just be a syntax difference.

But this distinction of **modules vs. globals** (or modules vs. 'scripts') is possibly the most important difference between Bower and npm. _The npm approach of putting everything in modules requires you to change the way you write Javascript for the browser, almost certainly for the better._

### The Bower Approach: Global Resources, Like `<script>` Tags

At root, Bower is about loading plain-old script files. Whatever those script files contain, Bower will load them. Which basically means that Bower is just like including all your scripts in plain-old `<script>`'s in the `<head>` of your HTML.

So, same basic approach you're used to, but you get some nice automation conveniences:

*   You used to need to include JS dependencies in your project repo (while developing), or get them via CDN. Now, you can skip that extra download weight in the repo, and somebody can do a quick `bower install` and instantly have what they need, locally.
*   If a Bower dependency then specifies its own dependencies in its `bower.json`, those'll be downloaded for you as well.

But beyond that, _Bower doesn't change how we write javascript_. Nothing about what goes inside the files loaded by Bower needs to change at all. In particular, this means that the resources provided in scripts loaded by Bower will (usually, but not always) still be defined as _global variables_, available from anywhere in the browser execution context.

### The npm Approach: Common JS Modules, Explicit Dependency Injection

All code in Node land (and thus all code loaded via npm) is structured as modules (specifically, as an implementation of the [CommonJS module format](http://wiki.commonjs.org/wiki/Modules), or now, as an ES6 module). So, if you use NPM to handle browser-side dependencies (via Browserify or something else that does the same job), you'll structure your code the same way Node does.

Smarter people than I have tackled the question of 'Why modules?', but here's a capsule summary:

*   Anything inside a module is effectively _namespaced_, meaning it's not a global variable any more, and you can't accidentally reference it without intending to.
*   Anything inside a module must be intentionally injected into a particular context (usually another module) in order to make use of it
*   This means you can have multiple versions of the same external dependency (lodash, let's say) in various parts of your application, and they won't collide/conflict. (This happens surprisingly often, because your own code wants to use one version of a dependency, but one of your external dependencies specifies another that conflicts. Or you've got two external dependencies that each want a different version.)
*   Because all dependencies are manually injected into a particular module, it's very easy to reason about them. You know for a fact: _"The only code I need to consider when working on this is what I have intentionally chosen to inject here"_.
*   Because even the content of injected modules is _encapsulated_ behind the variable you assign it to, and all code executes inside a limited scope, surprises and collisions become very improbable. It's much, much less likely that something from one of your dependencies will accidentally redefine a global variable without you realizing it, or that you will do so. (It _can_ happen, but you usually have to go out of your way to do it, with something like `window.variable`. The one accident that still tends to occur is assigning `this.variable`, not realizing that `this` is actually `window` in the current context.)
*   When you want to test an individual module, you're able to very easily know: exactly what else (dependencies) is affecting the code that runs inside the module? And, because you're explicitly injecting everything, you can easily mock those dependencies.

To me, the use of modules for front-end code boils down to: working in a much narrower context that's easier to reason about and test, and having greater certainty about what's going on.

* * *

It only takes about 30 seconds to learn how to use the CommonJS/Node module syntax. Inside a given JS file, which is going to be a module, you first declare any outside dependencies you want to use, like this:

`var React = require('react');`

Inside the file/module, you do whatever you normally would, and create some object or function that you'll want to expose to outside users, calling it perhaps `myModule`.

At the end of a file, you export whatever you want to share with the world, like this:

`module.exports = myModule;`

Then, to use a CommonJS-based workflow in the browser, you'll use tools like Browserify to grab all those individual module files, encapsulate their contents at runtime, and inject them into each other as needed.

AND, since ES6 modules (which you'll likely transpile to ES5 with Babel or similar) are gaining wide acceptance, and work both in the browser or in Node 4.0, we should mention a [good overview](https://24ways.org/2014/javascript-modules-the-es6-way/) of those as well.

More about patterns for working with modules in [this deck](http://darrenderidder.github.io/talks/ModulePatterns/).

* * *

EDIT (Feb 2017): Facebook's [Yarn](http://yarnpkg.com) is a very important potential replacement/supplement for npm these days: fast, deterministic, offline package-management that builds on what npm gives you. It's worth a look for any JS project, particularly since it's so easy to swap it in/out.

* * *

EDIT (May 2019) "Bower has finally been [deprecated](https://bower.io/blog/2017/how-to-migrate-away-from-bower/). End of story." (h/t: @DanDascalescu, below, for pithy summary.)

And, while Yarn [is still active](https://github.com/yarnpkg/yarn/issues/6953), a lot of the momentum for it shifted back to npm once it adopted some of Yarn's key features.

2017-Oct update
---------------

Bower has finally been [deprecated](https://bower.io/blog/2017/how-to-migrate-away-from-bower/). End of story.

Older answer
------------

[From Mattias Petter Johansson, JavaScript developer at Spotify](https://www.quora.com/Why-use-Bower-when-there-is-npm/answer/Mattias-Petter-Johansson):

> In almost all cases, it's more appropriate to use Browserify and npm over Bower. It is simply a better packaging solution for front-end apps than Bower is. At Spotify, we use npm to package entire web modules (html, css, js) and it works very well.
> 
> Bower brands itself as the package manager for the web. It would be awesome if this was true - a package manager that made my life better as a front-end developer would be awesome. The problem is that Bower offers no specialized tooling for the purpose. It offers NO tooling that I know of that npm doesn't, and especially none that is specifically useful for front-end developers. **There is simply no benefit for a front-end developer to use Bower over npm.**
> 
> We should stop using bower and consolidate around npm. Thankfully, that is what [is happening](http://www.modulecounts.com/):

[![Module counts - bower vs. npm](https://i.stack.imgur.com/HLBsP.png)](https://i.stack.imgur.com/HLBsP.png)

> With browserify or webpack, it becomes super-easy to concatenate all your modules into big minified files, which is awesome for performance, especially for mobile devices. Not so with Bower, which will require significantly more labor to get the same effect.
> 
> npm also offers you the ability to use multiple versions of modules simultaneously. If you have not done much application development, this might initially strike you as a bad thing, but once you've gone through a few bouts of [Dependency hell](http://en.wikipedia.org/wiki/Dependency_hell) you will realize that having the ability to have multiple versions of one module is a pretty darn great feature. Note that npm includes a very handy [dedupe tool](https://docs.npmjs.com/cli/dedupe) that automatically makes sure that you only use two versions of a module if you actually _have_ to - if two modules both _can_ use the same version of one module, they will. But if they _can't_, you have a very handy out.

(Note that [Webpack](https://www.reddit.com/r/javascript/comments/2is81v/why_is_not_systemjs_dominating_the_field_of/cla66t3) and [rollup](https://nolanlawson.com/2016/08/15/the-cost-of-small-modules/) are widely regarded to be better than Browserify as of Aug 2016.)

Bower maintains a single version of modules, it only tries to help you select the correct/best one for you.

> [Javascript dependency management : npm vs bower vs volo?](https://stackoverflow.com/questions/15092345/javascript-dependency-management-npm-vs-bower-vs-volo/22101165#22101165)

NPM is better for node modules because there is a module system and you're working locally. Bower is good for the browser because currently there is only the global scope, and you want to be very selective about the version you work with.

What is the difference between bower and npm

在Node.js中，可以通过npm（Node包管理器）来卸载已安装的模块。卸载npm模块的基本命令格式如下：

```bash
npm uninstall <module_name>
```

这里是详细步骤和示例：

1. **全局卸载模块**：
   如果模块是全局安装的，需要使用 `-g`标志来卸载它。例如，如果您想全局卸载名为 `nodemon`的模块，您可以使用以下命令：

   ```bash
   npm uninstall -g nodemon
   ```
2. **本地卸载模块**：
   如果模块是作为项目依赖安装的，那么您可以直接在项目根目录中执行卸载命令。比如您的项目使用了 `express`，卸载它的命令如下：

   ```bash
   npm uninstall express
   ```

这将会从您的 `node_modules`目录中移除 `express`模块，并且同时更新 `package.json`和 `package-lock.json`文件中的依赖信息。

3. **保存到依赖列表中的卸载**：
   若您在安装模块时使用了 `--save`、`--save-dev`或 `--save-optional`标志，卸载时也应该考虑是否需要从相关的依赖列表中移除。例如，如果 `express`是作为开发依赖（devDependency）安装的，卸载并更新 `package.json`的命令如下：

   ```bash
   npm uninstall --save-dev express
   ```
4. **检查是否正确卸载**：
   卸载后，您可以通过检查项目的 `node_modules`目录，或者使用 `npm list`命令来确认模块是否已被正确卸载。

   ```bash
   npm list
   npm list -g   # 用于检查全局模块
   ```

请注意，有时候即使卸载了一个模块，该模块的依赖可能仍然存在于 `node_modules`目录中。如果您想彻底清理不再需要的模块，可以使用如 `npm prune`的命令来移除项目中未列在 `package.json`文件中的所有模块。

以上就是在Node.js中卸载npm模块的基本步骤。


The command is simply `npm uninstall <name>`

The Node.js documents [https://npmjs.org/doc/](https://npmjs.org/doc/) have all the commands that you need to know with npm.

A local install will be in the `node_modules/` directory of your application. This won't affect the application if a module remains there with no references to it.

If you're removing a global package, however, any applications referencing it will crash.

Here are different options:

`npm uninstall <name>` removes the module from `node_modules` but does not update `package.json`

`npm uninstall <name> --save` also removes it from `dependencies`in `package.json`

`npm uninstall <name> --save-dev` also removes it from `devDependencies` in `package.json`

`npm uninstall -g <name> --save` also removes it globally

If it doesn't work with `npm uninstall <module_name>` try it globally by typing `-g`.

Maybe you just need to do it as an superUser/administrator with `sudo npm uninstall <module_name>`.

Well, to give a complete answer to this question, there are [two methods](https://docs.npmjs.com/getting-started/uninstalling-local-packages) (for example we call the installed module as module1):

1.  To remove module1 **without** changing package.json:
    
    `npm uninstall module1`
    
2.  To remove module1 **with** changing package.json, and removing it from the dependencies in package.json:
    
    `npm uninstall --save module1`
    

Note: to simplify the above mentioned commands, you can use **\-S** instead of **\--save** , and can use **remove**, **rm**, **r**, **un**, **unlink** instead of **uninstall**

I just install _stylus_ by default under my home dir, so I just use `npm uninstall stylus` to detach it, or you can try `npm rm <package_name>` out.

To uninstall the Node.js module:

    npm uninstall <module_name>
    

This will remove the module from folder _node\_modules_, but not from file _package.json_. So when we do npm install again it will download the module.

So to remove the module from file _package.json_, use:

    npm uninstall <module_name> --save
    

This also deletes the dependency from file _package.json_.

And if you want to uninstall any globally module you can use:

    npm -g uninstall <module_name> --save
    

This will delete the dependency globally.

How can I uninstall npm modules in NodeJS ?

要将Node.js和npm更新到最新的版本，需要遵循一系列步骤，这取决于您的操作系统以及您当前安装Node.js的方式。以下是一些通用的指导步骤，适用于多种操作系统：

### 使用包管理器更新

#### 对于 macOS 和 Linux 用户：

1. **使用Homebrew**（如果是macOS并且之前通过Homebrew安装）:
   安装Homebrew:
   ```sh
   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
   ```
   更新Node.js:
   ```sh
   brew update
   brew upgrade node
   ```

2. **使用n或nvm**（Node.js版本管理器）:
   安装n（简化版本管理器）:
   ```sh
   npm install -g n
   ```
   使用n更新到最新的稳定版本:
   ```sh
   n stable
   ```

   或者安装nvm（Node版本管理器）:
   ```sh
   curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
   # 或者使用Wget:
   wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
   ```
   通过nvm安装最新的Node.js版本:
   ```sh
   nvm install node # "node"是指最新版本
   nvm use node
   ```

#### 对于Windows用户：

如果你是通过Windows包管理器如Chocolatey安装的，可以使用以下命令：

```sh
choco upgrade nodejs
```

或者，您也可以使用nvm-windows，一个专为Windows环境设计的nvm版本：

```sh
nvm install latest
nvm use latest
```

### 手动更新

如果你没有使用任何包管理器，你可以手动下载最新的Node.js安装包：

1. 访问Node.js官方网站 [Node.js](https://nodejs.org/)。
2. 根据您的操作系统选择相应的安装包下载。
3. 运行下载的安装程序并遵循其指示以完成安装。

### 更新npm

通常，更新Node.js后，npm也会更新。但是，如果需要手动更新npm，可以使用以下命令：

```sh
npm install -g npm@latest
```

这会将npm更新到最新的版本。

### 验证更新

安装完毕后，您可以运行下面的命令来验证Node.js和npm的版本：

```sh
node -v
npm -v
```

这两条命令将会显示您当前的Node.js和npm版本，从而验证更新是否成功。

请记住，更新到最新版本可能会导致与旧项目的兼容性问题，因此在更新之前最好备份您的项目。此外，某些项目可能依赖于特定的Node.js版本，所以在升级到最新的版本之前，请确保阅读项目文档以避免潜在的版本冲突。

Use:

    npm update -g npm
    

See the documentation for the **[`update`](https://docs.npmjs.com/cli/update)** command:

> `npm update [-g] [<pkg>...]`
> 
> This command will update all the packages listed to the latest version (specified by the tag config), respecting semver.

Additionally, see the documentation on [Node.js and NPM installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) and [Upgrading NPM](https://docs.npmjs.com/try-the-latest-stable-version-of-npm).

The following original answer is from the old FAQ that no longer exists, but it should work for Linux and Mac:

> How do I update npm?
> --------------------
> 
>     npm install -g npm
>     
> 
> Please note that this command will remove your current version of npm. Make sure to use `sudo npm install -g npm` if on a Mac.
> 
> You can also update all outdated local packages by doing `npm update` without any arguments, or global packages by doing `npm update -g`.
> 
> Occasionally, the version of npm will progress such that the current version cannot be properly installed with the version that you have installed already. (Consider, if there is ever a bug in the update command.) In those cases, you can do this:
> 
>     curl https://www.npmjs.com/install.sh | sh
>     

To update Node.js itself, I recommend you use [nvm, the Node Version Manager](https://github.com/creationix/nvm).

I found this really neat way of updating Node.js on [David Walsh's blog](http://davidwalsh.name/upgrade-nodejs). You can do it by installing **[`n`](https://www.npmjs.com/package/n)**:

    sudo npm cache clean -f
    sudo npm install -g n
    sudo n stable
    

It will install the current stable version of Node.js.

* * *

But please don't use `n` anymore. I recommend using **[`nvm`](https://github.com/creationix/nvm)**. You can simply install stable by following the commands below:

    nvm ls-remote
    nvm install <version>
    nvm use <version>

Updating npm is easy:

    npm install npm@latest -g

I understand this question is for a Linux machine, but just in case anybody is looking for a Windows solution, just go to [the Node.js site](http://nodejs.org/), click the **download** button on the homepage and execute the installer program.

Thankfully, it took care of everything, and with a few clicks of the Next button, I got the latest 0.8.15 Node.js version running on my [Windows 7](https://en.wikipedia.org/wiki/Windows_7) machine.

As you may already know, _npm_ is currently bundled with Node.js. It means that if you have installed Node.js, you've already installed npm as well.

Also, pay attention to the [Node.js and npm release versions table](https://nodejs.org/en/download/releases/) that shows us approximate versions compatibility. Sometimes, versions discrepancy may cause incompatibility errors.

So, if you're a developer, it's kind of "best practice" to manage your development environment using one of the Node.js version managers.

Here is a list and usage notes of some of the most popular:

Homebrew _(macOS)_
------------------

If you're on **macOS**, you can use [Homebrew](http://brew.sh/).

_Actually, it's not just a Node.js version manager._

To install Homebrew to your Mac:

    ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
    

To install Node.js and npm using Homebrew, run:

    brew install node
    

Later, you will be able to update them using:

    brew update && brew upgrade node
    

Also, you can _switch_ between Node.js versions as well:

    brew switch node 0.10.26
    

**npm** will be _upgraded/downgraded_ automatically.

n _(macOS, Linux)_
------------------

[n](https://github.com/tj/n) is most likely to _rvm_ (Ruby Version Manager), and is used to manage Node.js and npm versions simultaneously. It is written on pure **Linux shell**, and available as an [npm module](https://www.npmjs.org/package/n). So, if you already have any Node.js version installed, you can _install/update_ the _n_ package through npm:

    npm install -g n
    

Downloading, installing and switching to Node.js and **npm** versions is as easy as:

    n 0.10.26
    n 0.8.17
    n 0.9.6
    

To download, install, and switch to the **latest** official release, use:

    n latest
    

To download, install, and switch to the latest **stable** official release, use:

    n stable
    

To switch to the previously active version (aka `$ cd -`), use:

    n prev
    

If you want to see the list of installed Node.js versions, just run `n` from your command line. The output will be something like the following:

    n
    

Output:

      0.10.26
    • 0.8.17
      0.9.6
    

Where the dot (•) means that it's a currently active version. To select another Node.js version from the list, use Up/Down arrow keys and activate using the Enter key.

To list the versions available to install:

    n lsr
    

nvm _(macOS, Linux)_
--------------------

[nvm](https://github.com/creationix/nvm) is also like rvm, even the command names and usage are very similar.

To install nvm, you can use the [installation script](https://github.com/creationix/nvm/blob/master/install.sh) (requires Git) using `cURL`:

    curl https://raw.github.com/creationix/nvm/master/install.sh | sh
    

or [Wget](https://en.wikipedia.org/wiki/Wget):

    wget -qO- https://raw.github.com/creationix/nvm/master/install.sh | sh
    

To download and install a specific Node.js and npm version, use:

    nvm install 0.10
    

Then, you can switch to the installed version, using:

    nvm use 0.10
    

Also, you can create the _.nvmrc_ file containing the version number, then switch to the specified version using the following command:

    nvm use
    

To see the list of installed Node.js versions, use:

    nvm ls
    

To list the versions available to install:

    nvm ls-remote
    

nvm-windows _(Windows)_
-----------------------

[nvm-windows](https://github.com/coreybutler/nvm-windows#node-version-manager-nvm-for-windows) is a Node.js version management utility for Windows, ironically written in [Go](https://en.wikipedia.org/wiki/Go_%28programming_language%29).

_It is not the same thing as nvm_. However, the usage as a Node.js version manager is very similar.

To install nvm-windows, it is required to uninstall any existing versions of Node.js and npm beforehand. Then, download and run the [latest installer from releases](https://github.com/coreybutler/nvm-windows/releases).

To upgrade nvm-windows, run the new installer. It will safely overwrite the files it needs to update without touching your Node.js installations.

nvm-windows runs in an Admin shell. You'll need to start PowerShell or Command Prompt as _Administrator_ to use nvm-windows.

Before using, you may also need to enable nvm-windows with the following command:

    nvm on
    

To download and install a specific Node.js and npm version, use:

    nvm install 0.12
    

Then, you can switch to the installed version, using:

    nvm use 0.12
    

If you want to see the list of installed Node.js versions, use:

    nvm list
    

To list the versions available to install:

    nvm list available

How can I update Node.js and NPM to their latest versions?

当您在`package.json`文件的依赖项列表中看到波浪号(~)和插入符号(^)，这两个符号都是用来指定npm包的版本范围的。不过，它们指定的版本范围有所不同。

### 波浪号(~)

波浪号`~`后面的版本号意味着当您运行`npm install`时，npm会安装该版本号指定的小版本（minor version）中最新的补丁版本（patch version）。也就是说，它允许安装与指定版本在小版本号相同，但是补丁版本号更高的包。

#### 例子：

如果`package.json`中的依赖项写为`"library": "~1.2.3"`，那么安装的将是1.2.x的最新版本，`x`代表该小版本中的最新补丁。因此，如果最新版本是1.2.4，您将得到1.2.4。但是它不会安装1.3.0，因为这已经是下一个小版本了。

### 插入符号(^)

插入符号`^`后面的版本号意味着当您运行`npm install`时，npm会安装与指定的主版本号（major version）相同的最新版本，但允许小版本（minor version）和补丁版本（patch version）的变动。

#### 例子：

如果`package.json`中的依赖项写为`"library": "^1.2.3"`，那么安装的将是1.x.x的最新版本，只要它不是主版本号变更（比如到2.0.0），都是允许的。所以，如果存在1.3.0或者1.4.1这样的版本，使用`^`会允许安装这些版本。

### 总结

简而言之，插入符号`^`允许更宽泛的版本升级，适用于那些遵循语义化版本（semver）并且对小版本和补丁版本的更新只包含向后兼容的更改时。波浪号`~`则更加保守，只允许补丁级别的更新，适用于对版本更新更加谨慎的场景。

在实际开发中，选择使用哪个取决于对依赖包更新的控制需求以及对三方库的信任度。如果信任库的维护者遵循严格的语义化版本原则，使用`^`可以更方便地获取功能更新和bug修复。如果希望更谨慎地更新依赖，以避免可能引入的不兼容更改，使用`~`会更保险。

See the [NPM docs](https://docs.npmjs.com/cli/v8/configuring-npm/package-json#dependencies) and [semver docs](https://docs.npmjs.com/cli/v6/using-npm/semver):

*   `~version` **“Approximately equivalent to version”**, will update you to all future patch versions, without incrementing the minor version. `~1.2.3` will use releases from 1.2.3 to <1.3.0.
    
*   `^version` **“Compatible with version”**, will update you to all future minor/patch versions, without incrementing the major version. `^1.2.3` will use releases from 1.2.3 to <2.0.0.
    

See Comments below for exceptions, in particular [for pre-one versions, such as ^0.2.3](https://stackoverflow.com/questions/22343224/whats-the-difference-between-tilde-and-caret-in-package-json#comment53973834_22345808)

I would like to add the official npmjs documentation as well which describes all methods for version specificity including the ones referred to in the question

value

desc

`~version`

Approximately equivalent to version, i.e., only accept new **patch** versions  
See [npm semver - Tilde Ranges](https://github.com/npm/node-semver#tilde-ranges-123-12-1)

`^version`

Compatible with version, i.e., accept new **minor and patch** versions  
See [npm semver - Caret Ranges](https://github.com/npm/node-semver#caret-ranges-123-025-004)

`version`

Must match version exactly

`>version`

Must be greater than version

`>=version`

Must be equal or greater than version

`<version`

Must be lesser than version

`<=version`

Must be equal or lesser than version

`1.2.x`

1.2.0, 1.2.1, etc., but not 1.3.0

`*`

Matches any version

`latest`

Obtains latest release

The above list is not exhaustive. Other version specifiers include GitHub urls and GitHub user repo's, local paths and packages with specific npm tags

### Official Docs

*   [npm docs > package.json > dependencies](https://docs.npmjs.com/cli/v7/configuring-npm/package-json#dependencies)
*   [npm docs > semver > versions](https://docs.npmjs.com/cli/v7/using-npm/semver#versions)
*   [semver (7)](http://semver.org/)

The package manager [npm](https://www.npmjs.com/) allows installing a newer package version than the one specified.  
Using tilde (`~`) gives you bug-fix releases, while caret (`^`) in addition gives you backward-compatible new functionality.

The problem is that old versions usually don't receive bug fixes, so npm uses caret (`^`) as the default for `--save`.

[![SemVer table](https://i.stack.imgur.com/JQ4ei.png)](https://i.stack.imgur.com/JQ4ei.png)

Source: ["SemVer explained - why there's a caret (^) in my package.json?"](http://bytearcher.com/articles/semver-explained-why-theres-a-caret-in-my-package-json/).

**Note** that the rules apply to versions above 1.0.0. Not every project follows semantic versioning.  
For versions 0.x.x the caret allows only _patch_ updates, i.e., it behaves the same as the tilde.  
See ["Caret Ranges"](https://github.com/npm/node-semver#caret-ranges-123-025-004).

Here's a visual explanation of the concepts:

> ![semver diagram](https://bytearcher.com/goodies/semantic-versioning-cheatsheet/wheelbarrel-with-tilde-caret-white-bg-w1000.jpg)

Source: ["Semantic Versioning Cheatsheet"](http://bytearcher.com/goodies/semantic-versioning-cheatsheet).

Semver
------

    <major>.<minor>.<patch>-beta.<beta> == 1.2.3-beta.2
    

*   Use [npm semver calculator](https://semver.npmjs.com/) for testing. Although the explanations for ^ (include everything greater than a particular version in the same major range) and ~ (include everything greater than a particular version in the same minor range) aren't a 100% correct, the calculator seems to work fine.
*   Alternatively, use [SemVer Check](http://jubianchi.github.io/semver-check/) instead, which doesn't require you to pick a package and also offers explanations.

Allow or disallow changes
-------------------------

*   Pin version: `1.2.3`.
*   Use `^` (like head). Allows updates at the second non-zero level from the left: `^0.2.3` means `0.2.3 <= v < 0.3`.
*   Use `~` (like tail). Generally freeze right-most level or set zero if omitted:
*   `~1` means `1.0.0 <= v < 2.0.0`
*   `~1.2` means `1.2.0 <= v < 1.3.0`.
*   `~1.2.4` means `1.2.4 <= v < 1.3.0`.
*   Ommit right-most level: `0.2` means `0.2 <= v < 1`. Differs from `~` because:
    *   Starting omitted level version is always `0`
    *   You can set starting major version without specifying sublevels.

All (hopefully) possibilities
-----------------------------

**Set starting major-level and allow updates upward**

    *  or "(empty string)   any version
    1                         v >= 1
    

**Freeze major-level**

    ~0 (0)            0.0 <= v < 1
    0.2               0.2 <= v < 1          // Can't do that with ^ or ~ 
    ~1 (1, ^1)        1 <= v < 2
    ^1.2              1.2 <= v < 2
    ^1.2.3            1.2.3 <= v < 2
    ^1.2.3-beta.4     1.2.3-beta.4 <= v < 2
    

**Freeze minor-level**

    ^0.0 (0.0)        0 <= v < 0.1
    ~0.2              0.2 <= v < 0.3
    ~1.2              1.2 <= v < 1.3
    ~0.2.3 (^0.2.3)   0.2.3 <= v < 0.3
    ~1.2.3            1.2.3 <= v < 1.3
    

**Freeze patch-level**

    ~1.2.3-beta.4     1.2.3-beta.4 <= v < 1.2.4 (only beta or pr allowed)
    ^0.0.3-beta       0.0.3-beta.0 <= v < 0.0.4 or 0.0.3-pr.0 <= v < 0.0.4 (only beta or pr allowed)
    ^0.0.3-beta.4     0.0.3-beta.4 <= v < 0.0.4 or 0.0.3-pr.4 <= v < 0.0.4 (only beta or pr allowed)
    

**Disallow updates**

    1.2.3             1.2.3
    ^0.0.3 (0.0.3)    0.0.3
    

**Notice**: Missing major, minor, patch or specifying `beta` without number, is the same as `any` for the missing level.

**Notice**: When you install a package which has `0` as major level, the update will only install new beta/pr level version! That's because `npm` sets `^` as default in `package.json` and when installed version is like `0.1.3`, it freezes all major/minor/patch levels.

*   [https://docs.npmjs.com/misc/semver](https://docs.npmjs.com/misc/semver)
*   [https://docs.npmjs.com/files/package.json#dependencies](https://docs.npmjs.com/files/package.json#dependencies)

As long as the first number ("major") is at least 1:

`~` locks major and minor numbers. It is used when you're ready to accept only bug-fixes (increments in the third number), but don't want any other changes, not even minor upgrades that add features.

`^` locks the major number only. It is used when you are willing to receive bug fixes (increments in the third number) and minor upgrades that add features but should not break existing code (increments in the second number). However you do not want changes that break existing code (increments in the first number).

In addition to that, `^` is [not supported](https://stackoverflow.com/questions/22270244/install-grunt-phonegap-error-no-compatible-version-found-urijs1-12-0#comment33861904_22270244) by old npm versions, and should be used with caution.

So, `^` is a good default, but it's not perfect. I suggest to carefully pick and configure the semver operator that is most useful to you.

(Revised to avoid saying "fixes" and "bug-fixes" with conflicting use of "fixes", which is confusing)

What 's the difference between tilde(~) and caret(^) in package.json ?

在使用 `pnpm` 执行命令时，如果您需要向脚本或命令传递任意参数，通常可以在命令后直接添加这些参数。但是，如果需要将参数传递给通过 `pnpm` 运行的npm脚本，则需要在参数前加上 `--` 来确保参数正确传递。

例如，如果您有一个名为 `start` 的npm脚本，您想传递一些任意参数给它，您可以这样做：

```sh
pnpm start -- --user=yourname --port=8080
```

在这个例子中，`--user=yourname` 和 `--port=8080` 是将要传递给 `start` 脚本的参数。`--` 确保 `pnpm` 会把后面的参数原封不动地传递给 `start`，而不是被 `pnpm` 本身消费。

另一个例子，如果你要使用 `pnpm exec` 命令执行一个工具，并且需要传递参数给那个工具，你通常不需要 `--`。例如：

```sh
pnpm exec some-tool --option=value
```

在这种情况下，`--option=value` 是直接传递给 `some-tool` 的参数。

请注意，pnpm的行为可能会与npm和yarn略有不同，但它们都支持使用 `--` 分隔符来传递额外的参数。

I am not sure why it throws an error. Sounds like a bug. However, this will work:

    pnpm run build --foo=bar
    

But it will not create the `npm_config_foo` env variable. It will just append the option to the executed script. So if your build script is `webpack`, then pnpm will run:

    webpack --foo=bar
    

So, it is basically like running `npm run build -- --foo=bar`. Or like running `yarn build --foo=bar`

You can read about this also in the pnpm docs: [https://pnpm.io/cli/run#options](https://pnpm.io/cli/run#options)

NPM相关问题