Locking npm & nodeJS versions

Why you should lock npm & nodeJS versions in your project (2024)

Checkout my discord to comment

A long long time ago, in a galaxy far far away... (2018)
I created an npm project for a client.
Everything was great, and my mission was done, and so I moved on.

5 years into the future, this client wanted my software services once again.
I was happy to oblige.
I opened this old rusty project, run a git pull and started working.

I made a few commits and pushed for a deployment
to my surprise, the CI pipeline failed to build...
And when I proceeded to try to run and build the project locally it also failed =/

After a lot of suffering I realized it's been 5 years, and not to long ago I upgraded my nodeJS version...
I had no logs or a docker image I could rely on =)
Fuck!!! what node & npm versions did I use back in the day?
Nobody knows to this day =)
I had to make some guesses and do some trail and error until I got something working...
It was a very painful process I learned to avoid the hard way.

This inconsistency is something you absolutely need to avoid!
using something like nvm with .npmrc & .nvmrc files + also adding "engines" to your package.json should prevent you from making stupid mistakes like this

NVM is an awesome Node Version Manager tool.
You can quickly install and use different versions of node+npm via the nvm command line.
When you use nvm to install node, it will usually also accompany the desired npm version.
your npm will use .npmrc for configuration when you run any npm commands, unlike .nvmrc that is used for installation commands: running nvm install && nvm use should take the desired nodejs version from .nvmrc file and set both your nodejs and npm versions.

follow this README if you are a terrible person like me who uses a windows machine =)