Wizard saved dependencies don't match wizard prompt

[matthew-dean]

In this wizard, it will allow you to select either the exact version (e.g. 1.0.1) or a semver variant like ^1.0.1 or ~1.0.1. However, because this script runs --save-dev but does NOT add --save-exact, then no matter if an exact version is specified, it will default to ^1.0.1 because of the way NPM works.

So, currently, there's no way to run lernaupdate and actually output what is selected.

[matthew-dean]

Note: I tried lernaupdate --installargs="--save-exact" which seemed to do nothing.

[matthew-dean]

Also: because the wizard does not save the dependency correctly, it can repeatedly list the same dependency as having two versions.

For instance, I had something like "grunt-contrib-requirejs": "0.4.4" and "grunt-contrib-requirejs": "^0.4.4". Because I selected 0.4.4 as an exact version, the wizard refused to update it. Then it tried to update the second, but of course, just saved it as ^0.4.4 again. So then when the wizard run again, it was back where it started. Nothing had changed because what the wizard thinks it is doing is different from what it actually does.

[Anifacted]

Thank you for pointing this out, Matthew! This is an important point 👍

One problem seems to be with the absence of --save-exact, as you mention, for when you want to target a specific version.

Another seems to be with the way NPM resolves versions before writing to the package.json and installing the dependency.
E.g. running npm i --save "lodash@^3.2.1" will actually write "lodash": "^3.10.1" to the package.json, because it will interpret ^3.2.1 and resolve it to ^3.10.1 which is the last version before 4.0.0.
This creates a difference in behavior between normal usage and usage via the --lazy flag.

I will have to think a bit about an optimal solution for this problem.

[matthew-dean]

@Anifacted You may want to consider explicitly installing the exact version, and then writing package.json manually.

In other words, you could do npm i [email protected] --save --save-exact, then open and write over package.json, changing the field value to ^3.2.1. Something like that? Not sure how that affects writing to package-lock.json though.

[matthew-dean]

Just another note, which I think is referenced in other issues -- ideally, npm install wouldn't be run at all at the end of batching (or run by default), especially in an environment that's using lerna bootstrap --hoist (like mine). In my use case, I want to update all the relevant package.json files (again, accurately with the exact version specified, if possible), and then run my lerna command to have it prune / link those installs as needed, so it seems like using npm install to update package.json is not ideal on two different counts. i.e. package.json should just be written directly.

[shreyashah7]

Note: I tried lernaupdate --installargs="--save-exact" which seemed to do nothing.

lernaupdate --install-args="--save-exact" works for me but the problem is when i run it in the interactive mode, and if i want to select any semver then it wont allow me to override it.

@Anifacted , Is it possible to add --save-exact in case of no semver selected?