Support requiring specific versions of an npm package

[dylburger]

Currenty, I can require() an npm package within a code step, but I cannot specify the version of the package I'd like to use. I'd like support for this.

[dylburger]

I've encountered specific cases with Google npm packages that had instructed me to require a specific version of the package. Using the most recent version (no version specified) fails to work.

[togakangaroo]

To fill in a use case, I’m drawing a utility function deep out of exceljs but am not sure at all that it’s part of their official “public interface” so I'd like to be able to pin the version

[dparnold]

This is really an important issue. If I we have many workflows running for our clients, we cannot afford having npm package updates breaking our code.
The change to a newer version has to be tested properly.
At the moment it comes as a possibly negative surprise.

I hope you can soon add this basic functionality of node via something like a package.json.

[huzaifahj]

Any update on this?

[dylburger]

@huzaifahj not yet, but this is still on our radar. I know it's not ideal by any means, but I've published specific versions of npm packages to my own npm account / namespace using this technique.

Essentially, I'll clone the relevant repo for the project, check out the specific tag / commit I want to use in my workflow, then publish that code to my own namespace, allowing me to require the specific version of that package in my workflow:

const package = require("@your-username/your-package");

We'll provide more updates on this ticket on a native solution, we as we develop it!

[anton-isaykin]

Hi team,

Unfortunately, this issue is the dealbreaker with Pipedream for us also. We can not rely on workflows that can stop working any day.

[dylburger]

We just shipped a way to pin package versions in Node.js code steps! See https://pipedream.com/docs/code/nodejs/#pinning-package-versions for more details (reproducing below), and let us know if you have any questions / feedback on the implementation.

We're still considering exposing the existing version of dependencies in a more clear way, so let us know if there are other related features you'd like to see.

---

Each time you deploy a workflow with Node.js code, Pipedream downloads the npm packages you import in your step. By default, Pipedream deploys the latest version of the npm package each time you deploy a change.

There are many cases where you may want to specify the version of the packages you're using. If you'd like to use a specific version of a package in a workflow, you can add that version in the import string, for example:

import axios from "axios@0.19.2"

You can also pass the version specifiers used by npm to support semantic version upgrades. For example, to allow for future patch version upgrades:

import axios from "axios@~0.20.0"

To allow for patch and minor version upgrades, use:

import got from "got@^11.0.0"

Note that the behavior of the caret (^) operator is different for 0.x versions, for which it will only match patch versions, and not minor versions.

You can also specify different versions of the same package in different steps. Each step will used the associated version. Note that this also increases the size of your deployment, which can affect cold start times.