I'm confused by behavior in NPM / package.json file and the packages dependencies. An example is on the package gulp-watch
. When we look at its package.json file on github we see it has a dependency on "anymatch": "^3.1.1"
. But when I pull in the "gulp-watch": "^5.0.1"
package and take a look in the yarn.lock
file, I see this:
version "5.0.1"
resolved "https://registry.yarnpkg.com/gulp-watch/-/gulp-watch-5.0.1.tgz#83d378752f5bfb46da023e73c17ed1da7066215d"
integrity sha512-HnTSBdzAOFIT4wmXYPDUn783TaYAq9bpaN05vuZNP5eni3z3aRx0NAKbjhhMYtcq76x4R1wf4oORDGdlrEjuog==
ansi-colors "1.1.0"
anymatch "^1.3.0"
chokidar "^2.0.0"
fancy-log "1.3.2"
glob-parent "^3.0.1"
object-assign "^4.1.0"
path-is-absolute "^1.0.1"
plugin-error "1.0.1"
readable-stream "^2.2.2"
slash "^1.0.0"
vinyl "^2.1.0"
vinyl-file "^2.0.0"
Where its pulling in anymatch "^1.3.0"
I've deleted both node-modules and the yarn.lock file and it doesnt seem to change things.
I'm curious why there is a difference there.
That's because you're looking at the most recent version of package.json
, which has updated dependencies since the release of 5.1.0. The package.json
during the release of 5.1.0 specifies "anymatch": "^1.3.0"
, which is why you see the results you see.