I could not find any documentation which says that npm will not try to install a deprecated package version.

example:

2.0.0-beta.2  2.0.0-beta.5  2.0.0-rc.9

So if I install ^2.0.0-beta.2, it will resolve to 2.0.0-rc.9

And if I deprecate 2.0.0-rc.9

2.0.0-beta.2  2.0.0-beta.5  2.0.0-rc.9
                           (deprecated)

Now if I install ^2.0.0-beta.2, it will resolve to 2.0.0-beta.5

But I could not find any documentation which proves this behavior. Can someone please help to validate this?

CodePudding user response：

I tested and confirmed that it does indeed ignore deprecated versions if there is another version it can use. (I temporarily deprecated metal-name version 1.3.1 and then ran npm install metal-name@1. It installed version 1.3.0 instead of 1.3.1. When I removed the deprecation for version 1.3.1, it went back to installing 1.3.1 when I ran npm install metal-name@1.

I can not find this behavior mentioned in the documentation. However, I can find it mentioned in the commit log for the npm CLI client.

CodePudding user response：

NPM will do whatever you told it to do, based on your package.json rule for each dependency. If you use ^ as version prefix then yeah: you literally told NPM to use "whatever is the most up to date minor release".

See both the documentation for dependency management and the semver range documentation for what syntax is accepted and what they all mean.