I am working on a project with a number of frontend dependencies. The project uses both NPM and JSPM to manage these dependencies.
According to the jspm documentation:
All install ranges are saved in the package.json file, with the exact version solution saved into config.js. Both of these files should be checked into version control.
To reproduce an install of the package.json to the exact version ranges in the config.js file, use
jspm installwith no arguments:
However, even with a package.json that has explicit versions set, the presence of a package-lock.json file and the presence of a config.js file (that is supposed to ensure a consistent jspm_packages folder), I still see floating version information shown when running jspm install - example:
ok Installed npm:buffer@^5.0.6 (5.1.0)
ok Installed npm:ieee754@^1.1.4 (1.1.11)
ok Installed npm:base64-js@^1.0.2 (1.3.0)
ok Installed core-js as npm:[email protected] (1.2.7)
Can any frontend gurus tell me why this is happening?