我正在处理一些工作空间内的项目,并注意到我的许多依赖项已经大约三年没有更新,包括React本身。我担心的是,如果我运行npm install
或npm update
,可能会导致出现各种问题。在我的情况下,我想知道是最好运行npm install
、npm update
还是保持原样?(我确定没有人会推荐这种做法)。
这是我们的package.json文件:
{
"name": "my-app",
"version": "0.0.2",
"main": "index.js",
"license": "MIT",
"scripts": {
"start": "node src/entry",
"start-dev": "npm-run-all --parallel build babel-node",
"serve": "live-server public/",
"build-linux": "clear && webpack && clear && yarn build-server && clear && yarn start",
"build-windows": "cls && webpack && cls && yarn build-server && cls && yarn start",
"build-server": "babel src/server -d src",
"dev-server": "webpack-dev-server",
"babel-node": "nodemon --exec babel-node src/server.js"
},
"dependencies": {
"aws-sdk": "^2.358.0",
"axios": "^0.19.0",
"babel-cli": "^6.26.0",
"babel-core": "^6.26.3",
"babel-loader": "7.1.1",
"babel-plugin-transform-class-properties": "6.24.1",
"babel-polyfill": "^6.26.0",
"babel-preset-env": "^1.7.0",
"babel-preset-react": "6.24.1",
"babel-preset-stage-0": "^6.24.1",
"bcryptjs": "^2.4.3",
"body-parser": "^1.18.2",
"core-js": "^2.5.3",
"css-loader": "0.28.4",
"express": "latest",
"file-loader": "^1.1.5",
"fs": "0.0.1-security",
"google-maps-react": "^1.1.4",
"html2canvas": "^1.0.0-rc.3",
"image-webpack-loader": "^4.6.0",
"immutability-helper": "^2.4.0",
"jquery": "^3.4.1",
"jsonwebtoken": "^8.1.0",
"jspdf": "^1.5.3",
"lodash": "^4.17.14",
"moment": "^2.22.2",
"node-sass": "^4.11.0",
"nodemailer": "^4.7.0",
"normalize.css": "7.0.0",
"npm": "^6.10.1",
"promise-mysql": "^3.1.0",
"prop-types": "^15.6.0",
"react": "^16.0.0",
"react-csv": "^1.0.14",
"react-dom": "^16.0.0",
"react-router-dom": "4.2.2",
"react-scripts": "^2.1.3",
"sass-loader": "6.0.6",
"socket.io": "^2.0.3",
"style-loader": "0.18.2",
"table2csv": "^1.1.1",
"twilio": "^3.24.0",
"validator": "8.0.0",
"webpack": "^3.12.0",
"webpack-dev-middleware": "^3.5.0",
"webpack-dev-server": "^3.1.14"
},
"devDependencies": {
"concurrently": "^3.5.0",
"npm-run-all": "^4.1.1"
}
}
我已经尝试更新react和react-dom版本到最新,但我开始收到有关componentWillMount和componentWillReceiveProps过时的警告。 我尝试更新react-router-dom以消除其中一些警告,因为它们指向像这样的内容,但这并没有压制它们。
如果有人知道我应该采取的最佳方法是什么,以及npm install与npm update对我的系统会产生什么影响,那就太好了。我知道它们各自能够做什么,但我只是想小心谨慎,并想知道在我的情况下哪个更好。谢谢。
npm install
会得到与你相同且经过测试的 node_modules 呢? - jarmod^1.1.4
这样的版本带来的挑战是,未来有人克隆你的代码并运行npm install
几乎没有机会得到与你使用和测试的相同版本的代码。因此,他们可能会遭受引入问题的小版本发布的影响。这不应该发生,但确实会发生。所以他们的npm install
就像你的npm update
一样——你们两个都处于未知领域。如果软件包供应商没有犯任何错误,那么你就没问题了。你甚至可能通过获得错误修复和安全补丁来改善事情。 - jarmod