为什么在 运行 npm update 时所有节点包都没有更新到最新版本?

Why aren't all node packages updated to the latest version when running npm update?

环境

Windows 10 家
节点 v10.13.0
NPM 6.4.1

期望的行为

更新所有节点包。

实际行为

并非所有包都在更新。

我试过的

npm update 根据此 post 中的信息:

npm install vs. update - what's the difference?

宁运行之前npm update:

$ npm outdated
Package                      Current   Wanted   Latest  Location
babel-loader                   7.1.4    7.1.5    8.0.5  my_folder
bcrypt                         3.0.0    3.0.4    3.0.4  my_folder
body-parser                   1.18.2   1.18.3   1.18.3  my_folder
clipboard                      2.0.1    2.0.4    2.0.4  my_folder
cors                           2.8.4    2.8.5    2.8.5  my_folder
css-loader                   0.28.11  0.28.11    2.1.0  my_folder
date-fns                      1.29.0   1.30.1   1.30.1  my_folder
dompurify                      1.0.8   1.0.10   1.0.10  my_folder
express                       4.16.3   4.16.4   4.16.4  my_folder
file-loader                   1.1.11   1.1.11    3.0.1  my_folder
file-saver                     1.3.8    1.3.8    2.0.1  my_folder
helmet                        3.13.0   3.15.1   3.15.1  my_folder
hotkeys-js                     3.3.8    3.4.4    3.4.4  my_folder
jsonwebtoken                   8.2.1    8.5.0    8.5.0  my_folder
less                           3.0.4    3.9.0    3.9.0  my_folder
mongodb                        3.1.6   3.1.13   3.1.13  my_folder
nodemailer                     4.6.8    4.7.0    5.1.1  my_folder
socket.io                      2.1.1    2.2.0    2.2.0  my_folder
style-loader                  0.21.0   0.21.0   0.23.1  my_folder
uglifyjs-webpack-plugin        1.2.5    1.3.0    2.1.2  my_folder
uikit                    3.0.0-rc.24    3.0.3    3.0.3  my_folder
url-loader                     1.0.1    1.1.2    1.1.2  my_folder
validator                     10.8.0  10.11.0  10.11.0  my_folder
webpack                       4.19.1   4.29.6   4.29.6  my_folder
webpack-cli                    2.1.5    2.1.5    3.2.3  my_folder

package.json 之前 运行宁 npm update:

"dependencies": {
"bcrypt": "^3.0.0",
"body-parser": "^1.18.2",
"clipboard": "^2.0.1",
"cors": "^2.8.4",
"date-fns": "^1.29.0",
"dompurify": "^1.0.8",
"express": "^4.16.3",
"file-saver": "^1.3.8",
"helmet": "^3.13.0",
"hotkeys-js": "^3.3.8",
"jquery": "^3.3.1",
"js-cookie": "^2.2.0",
"jsonwebtoken": "^8.2.1",
"markdown-it": "^8.4.2",
"markdown-it-attrs": "^2.3.2",
"mongodb": "^3.1.6",
"nodemailer": "^4.6.8",
"rename-keys": "^2.0.1",
"socket.io": "^2.1.1",
"validator": "^10.8.0"
},
"devDependencies": {
"babel-cli": "^6.26.0",
"babel-core": "^6.26.3",
"babel-loader": "^7.1.4",
"babel-preset-env": "^1.7.0",
"babel-preset-stage-0": "^6.24.1",
"css-loader": "^0.28.11",
"expose-loader": "^0.7.5",
"file-loader": "^1.1.11",
"less": "^3.0.4",
"less-loader": "^4.1.0",
"style-loader": "^0.21.0",
"uglifyjs-webpack-plugin": "^1.2.5",
"uikit": "^3.0.0-rc.24",
"url-loader": "^1.0.1",
"webpack": "^4.19.1",
"webpack-cli": "^2.1.5"
}

宁运行后npm update:

$ npm outdated
Package                  Current   Wanted  Latest  Location
babel-loader               7.1.5    7.1.5   8.0.5  my_folder
css-loader               0.28.11  0.28.11   2.1.0  my_folder
file-loader               1.1.11   1.1.11   3.0.1  my_folder
file-saver                 1.3.8    1.3.8   2.0.1  my_folder
nodemailer                 4.7.0    4.7.0   5.1.1  my_folder
style-loader              0.21.0   0.21.0  0.23.1  my_folder
uglifyjs-webpack-plugin    1.3.0    1.3.0   2.1.2  my_folder
webpack-cli                2.1.5    2.1.5   3.2.3  my_folder

为什么这些包在 运行 宁 npm update 时没有更新到最新版本?

如何将它们更新到最新版本?

上下文

我已经离开一个开发项目大约 3 个月了,当我试图在本地机器上 运行 npm start 时遇到错误:

Error: EPERM: operation not permitted, open 'C:\Users\Me\AppData\Roaming\npm\node_modules\nodemon\node_modules\flatmap-stream\index.min.js'

event‑stream 节点包似乎是 'hijacked'(参见相关 github issue here)。

我的防病毒程序 Bitdefender 确实删除了有问题的文件:

Item was deleted.  
Threat name:  
Trojan.Agent.DQGP.
C:\Users\Me\AppData\Roaming\npm\node_modules\nodemon\node_modules\flatmap-stream\index.min.js

所以我决定更新所有节点包,希望有问题的包被删除并更新到最新的 'clean' 版本。

它的行为符合预期。

如果您查看作为 "not getting updated" 提到的软件包,并在 package.json 中参考它们各自的条目,您可以看到它们带有 ^ 前缀(插入符运算符)只会将它们更新到最新的主要版本(第一个数字)。

例如,如果您使用包 babel-loader,则您的 package.json 标记了版本 "^7.1.4"babel-loader 的 ^7.X.X 的最新主要版本是 => 7.1.5

您可以在此处查看(babel-loader)的版本历史 => https://www.npmjs.com/package/babel-loader/v/8.0.0-beta.1

以上内容适用于在您的 package.json 中以 ^ 开头的其他软件包,例如

css-loader
file-loader
file-saver
nodemailer
style-loader
uglifyjs-webpack-plugin
webpack-cli

希望对您有所帮助!