Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] npx not getting latest version, yes again! #700

Closed
2 tasks done
markg85 opened this issue Jun 8, 2023 · 11 comments
Closed
2 tasks done

[BUG] npx not getting latest version, yes again! #700

markg85 opened this issue Jun 8, 2023 · 11 comments
Labels
Bug thing that needs fixing Needs Triage needs an initial review

Comments

@markg85
Copy link

markg85 commented Jun 8, 2023

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

As soon as you've used npx, the package you used it on is cached.
Subsequent uses of that package will use the cache and therefore not update.

Unless you explicitly manually provide <package>@latest

Expected Behavior

npx should nearly always try to get the latest version. Except when an explicit tag/version is provided.
This essentially flips the default behavior.

I know a lot has been said about this very subject in the past. People have good arguments for either direction.
My argument to flipping the default behavior is:

  • When using npx, you don't care about the version. You want to run package X in it's current - upstream - state!
  • The current behavior makes npx at the very least a lot less useful. I'm using npx to have an easy way to get the latest version (usually with the serve package). If npx now in it default behavior nags me about a package updates then it's usefulness for my purposes is rapidly declining

Steps To Reproduce

Environment

@markg85 markg85 added Bug thing that needs fixing Needs Triage needs an initial review labels Jun 8, 2023
@lukekarrys lukekarrys transferred this issue from npm/cli Jun 15, 2023
@lukekarrys
Copy link
Contributor

Transferred this to our RFCs repo where it will be better to discuss both sides of this. I'm also thinking that a change to this could be breaking depending on the final outcome.

@wraithgar
Copy link
Member

This doesn't track. npx will always try to get the newest version of a package when requested with no tag/version unless it is installed globally or is installed in the package at cwd/prefix.

@wraithgar
Copy link
Member

The local cache that npm uses when fetching packuments has a maximum life of 5 minutes. So at the very most there is a 5 minute window after a new version is published that your local cache will not pull the brand newest packument.

@wesleytodd
Copy link

wesleytodd commented Jun 15, 2023

I have not tested explicitly recently, but I have a bunch of places where I have had to add @latest for npx to actually pick up the latest version. I have done this afaik in both 8.x and 9.x versions.

@wraithgar
Copy link
Member

@wesleytodd I'm sure you did. There was a regression that got fixed two months ago npm/cli#6374

That shipped with [email protected].

As of right now though npx works as intended.

@markg85
Copy link
Author

markg85 commented Jun 16, 2023

I might have been wrong, i still don't know.

I'm using npm from my package manager (Arch linux), npx comes from npm in that package.
https://gitlab.archlinux.org/archlinux/packaging/packages/npm/-/blob/main/PKGBUILD

It does turn out that my version is 8.19.2 with no update on the arch side of things yet [1]

Using it this way does mean npx is installed globally. Does this mean that npx doesn't auto update a package that's already be used before? As that's the impression i get from @wraithgar reply.

[1] That's unique. It's flagged as out of date and usually an update is there in at most a couple weeks. This time things take longer apparently.

@wraithgar
Copy link
Member

Your package manager appears to be at least a major version behind. We usually recommend using a node version manager to install node/npm and then using npm to update itself to the latest version.

https://docs.npmjs.com/cli/v9/configuring-npm/install

@markg85
Copy link
Author

markg85 commented Jun 16, 2023

We usually recommend using a node version manager to install node/npm and then using npm to update itself to the latest version.

Why is that?
That's the role of a package manager.

I get that switching between nodejs versions would be sweet and you'd need a fancy script for that to do that cleanly. But installing nodejs (and npm) should in my opinion be left to the distribution package manager.

In fact, that very page you linked to states for linux: "NodeSource installer (recommended)" is something i passionately disagree with. Besides that the project is named confusingly (you get binaries, not sources. So "NodeSource" is misleading at best). It also means you get generic installs which always hurt performance. Distribution specific installs at least have the option to go for optimal compiler flags. Lastly, no archlinux which only proves my point of this belonging into the distribution package manager, not a third party one.

Sorry for being a bit on the offensive here. This stuff - on a surface level, haven't dived deep into it - just has a lot of red flags for me.

@wesleytodd
Copy link

That's the role of a package manager.

@markg85 that is not the case here. Based on your comments, I would strongly recommend not using what ships with your linux version/package manager for managing your node version or npm version. These are not handled well by the varying linux distros. The best bet is something like nvm and then updating like @wraithgar mentioned.

The main reason is just that linux distros have a very different take on how they ship updates than runtimes like node.js (and this is not node.js specific, it applies to python, java, etc).

@ljharb
Copy link
Contributor

ljharb commented Jun 17, 2023

@markg85 node is not officially distributed by any distributions, and as such, I'd suggest that you use the official installation method only - downloading from nodejs.org, which conveniently is what node version managers automate for you.

@markg85
Copy link
Author

markg85 commented Jun 17, 2023

I'm not liking this...
I am using nvm now, as per the suggestion of @wesleytodd and it does work just flawlessly and super fast!

But...
I'm now manually in control of updates. My package manager won't do it as i'm outside of it now. I get that to some this is a feature, to some this is an annoyance. This much depends on how one wants to use it. I for example just want to have the latest version always and fix my node applications if they need fixing. So for me in my case this is an annoyance (have to manually update). But i totally get that this is an awesome feature for others.

Another potential issue is nvm breaking when i update my system. I hope that's not going to happen.

Oh well, i'll just keep using nvm for the time being.

But hey, i do now have the latest version of npx out of the "nvm box" :)

❯ npx --version
9.6.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Needs Triage needs an initial review
Projects
None yet
Development

No branches or pull requests

6 participants
@wraithgar @ljharb @markg85 @lukekarrys @wesleytodd and others