Highest versions are not always installed when using version ranges #3963

patrick-steele-idem opened this Issue Oct 2, 2013 · 5 comments


None yet

2 participants


npm is installing the first satisfying module version when looping over the module versions ordered by publish time. That is, if the last version of my-module was published was a really old version then that version will be installed by npm (as long as it satisfies the input version range). What npm should be doing is installing the highest published version of the module that satisfies the input version range.

One would expect the following command to install the highest version of a published module:
npm install my-module@"*"

However, that is not the case since the algorithm looks at the published versions ordered by the time that they were published.

I'm observing the same behavior when I install the dependency from within my package.json file:

"my-module": "*"

I have not completely dug through the source code for npm, but it appears that "maxSatisfying" is not being used for top-level version ranges for dependencies.

I observed this behavior when using Node 0.10.17 and also in the latest 0.10.20 release.

luk- commented Oct 2, 2013

npm install [module] without a version range will install the latest published version. This is intended functionality and is not new.

If you are publishing an old version and want the default installed to be the latest version, you will want to tag it, npm tag [module]@[version] latest.

@luk- luk- closed this Oct 2, 2013

You misunderstood my question and incorrectly closed this issue. If you take a look at my description again you will see that the problem is occurring when version ranges are being used. If version ranges are being used then the expectation is that the max satisfying version should be selected.

Please reopen the issue or clarify why the max satisfying version should not be selected.

luk- commented Oct 2, 2013

Do you have the issue after tagging the correct version latest?


I went back and tagged higher version of the module as latest and ran npm install again and found that it selected the version tagged as latest.

However, I still believe this is the incorrect behavior. Why would the latest tag be used when I specify a version range?

According to the npm docs for the "tag" configuration option:
"If you ask npm to install a package and don't tell it a specific version, then it will install the specified tag."

On a related note, I think the automatic tagging of the all published modules as "latest" by default is a bug:
#3397 (comment)

Thanks for looking into the issue!


This issue still causes problems, but I found a workaround to install the highest version of a module. Turns out, if you specify an invalid tag (using either the "tag" config or the --tag argument) then npm will end up installing the highest (i.e. max satisfying version). For example:

npm install my-module@"*" --tag INVALID_TAG

Therefore, if we configure npm as such:

npm config set tag highest

And then make sure that a module is never actually published with the highest tag:

npm publish --tag last-published

Then things work out okay, but it is a hack. It would still be nice to see a better solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment