npm installing jest at a specific version actually installs a different version

[rally25rs]

Do you want to request a feature or report a bug?

bug

What is the current behavior?

Because of the way jest packages are set up, if you:

npm install jest@18.0.0 then it actually installs jest-cli@18.1.0 (or whatever the greatest minor version release is)

If the current behavior is a bug, please provide the steps to reproduce and either a repl.it demo through https://repl.it/languages/jest or a minimal repository on GitHub that we can yarn install and yarn test.

• cd into an npm project directory
• npm install jest@18.0.0 --save
• observe that package.json is set to depend on `"jest":"18.0.0" (exact version)
• grep version node_modules/jest/package.json
• observe output is `"version": "18.0.0"
• node node_modules/jest/bin/jest.js -v
• Output is v18.1.0 (WRONG VERSION!)
• grep version node_modules/jest-cli/package.json
• observe output is `"version": "18.1.0" (NOT18.0.0!)

What is the expected behavior?

The exact version of jest should be installed.

The problem is that packages/jest/package.json contains carrot versions of jest-cli

  "dependencies": {
    "jest-cli": "^18.0.0"
  },

so when jest@18.0.0 is installed, it also gets the latest ^18.* release of jest-cli installed.
all the package.json files in /packages should be exact-version dependencies when they are tagged.

The same holds true with v19 releases... they contain the dependency "jest-cli@^19.0.2" so if jest 19.7.0 were to be released and someone tries to npm install jest@~19.0.2 then too bad, you get 19.7.0 anyway even though you only wanted 19.0.* releases.

Please provide your exact Jest configuration and mention your Jest, node, yarn/npm version and operating system.

[rally25rs]

One additional question; Why are users directed to install the jest package which just turns around and requires jest-cli? why not install jest-cli directly? or rename jest-cli to jest?

The entire source code of the jest package is just

'use strict';

require('jest-cli/bin/jest');

[cpojer]

You are right, we should actually be using ~ for all deps.

[cpojer]

Seems like the folks on lerna recommend against this. lerna/lerna#76 (comment)

If you'd like a specific version of Jest, install jest-cli. The reason we have this split is because we didn't own jest in the past and we simply made it to forward. You can also install jest-cli directly if you'd like.

[rally25rs]

Actually, installing jest-cli at a specific version has the same issue, because it in turn depends on jest-runtime and other packages with a carrot-version. The only way to install a specific version seems to be to manually install all packages at a specific version.

[rally25rs]

It's probably worth noting that I actually only encountered this because I specifically wanted to npm install 18.0.0 and 18.1.0 because there was a breaking change (removal of context) between minor versions. I wanted to demo this behavior specifically during a conference talk about NPM and Yarn and Yarn's deterministic nature (I was going to break my CI server by letting it carrot-update to 18.1.0 and break my tests to demonstrate NPM's non-deterministic nature).

It look me a while to figure out why specifically installing 18.0.0 still didn't have context in it.
So it is certainly a bit of an edge case and not really a blocking/high-priority issue in my case.
It was just a bit of a head-scratcher until I realized what was happening.

[cpojer]

Got it. I'm sorry for causing you churn. That particular breaking change happened accidentally because node.js made a breaking change two days before Christmas and I was on vacation trying to push out a hotfix, which accidentally published a change that shouldn't have gone out. We normally don't do this ;) Oh... dependencies.

[rally25rs]

Understandable :) no worries! thanks! I found a minor version change in moment.js that I can use to demonstrate in my presentation ;)

[HoldOffHunger]

Is this still closed?

[SimenB]

yes?

[thymikee]

no it's open?

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.