npm is installing the first satisfying module version when looping over the module versions ordered by publish time. That is, if the last version of my-module was published was a really old version then that version will be installed by npm (as long as it satisfies the input version range). What npm should be doing is installing the highest published version of the module that satisfies the input version range.
One would expect the following command to install the highest version of a published module:
npm install my-module@"*"
npm install my-module@"*"
However, that is not the case since the algorithm looks at the published versions ordered by the time that they were published.
I'm observing the same behavior when I install the dependency from within my package.json file:
I have not completely dug through the source code for npm, but it appears that "maxSatisfying" is not being used for top-level version ranges for dependencies.
I observed this behavior when using Node 0.10.17 and also in the latest 0.10.20 release.
npm install [module] without a version range will install the latest published version. This is intended functionality and is not new.
npm install [module]
If you are publishing an old version and want the default installed to be the latest version, you will want to tag it, npm tag [module]@[version] latest.
npm tag [module]@[version] latest
You misunderstood my question and incorrectly closed this issue. If you take a look at my description again you will see that the problem is occurring when version ranges are being used. If version ranges are being used then the expectation is that the max satisfying version should be selected.
Please reopen the issue or clarify why the max satisfying version should not be selected.
Do you have the issue after tagging the correct version latest?
I went back and tagged higher version of the module as latest and ran npm install again and found that it selected the version tagged as latest.
However, I still believe this is the incorrect behavior. Why would the latest tag be used when I specify a version range?
According to the npm docs for the "tag" configuration option:
"If you ask npm to install a package and don't tell it a specific version, then it will install the specified tag."
On a related note, I think the automatic tagging of the all published modules as "latest" by default is a bug:
Thanks for looking into the issue!
This issue still causes problems, but I found a workaround to install the highest version of a module. Turns out, if you specify an invalid tag (using either the "tag" config or the --tag argument) then npm will end up installing the highest (i.e. max satisfying version). For example:
npm install my-module@"*" --tag INVALID_TAG
Therefore, if we configure npm as such:
npm config set tag highest
And then make sure that a module is never actually published with the highest tag:
npm publish --tag last-published
Then things work out okay, but it is a hack. It would still be nice to see a better solution.