I could not find any documentation which says that npm will not try to install a deprecated package version.
example:
2.0.0-beta.2 2.0.0-beta.5 2.0.0-rc.9
So if I install ^2.0.0-beta.2, it will resolve to 2.0.0-rc.9
And if I deprecate 2.0.0-rc.9
2.0.0-beta.2 2.0.0-beta.5 2.0.0-rc.9
(deprecated)
Now if I install ^2.0.0-beta.2, it will resolve to 2.0.0-beta.5
But I could not find any documentation which proves this behavior. Can someone please help to validate this?
I tested and confirmed that it does indeed ignore deprecated versions if there is another version it can use. (I temporarily deprecated metal-name version 1.3.1 and then ran npm install metal-name@1. It installed version 1.3.0 instead of 1.3.1. When I removed the deprecation for version 1.3.1, it went back to installing 1.3.1 when I ran npm install metal-name@1.
I can not find this behavior mentioned in the npm CLI documentation. However, I can find it mentioned in the commit log for the npm CLI client.
npm uses npm-pick-manifest to determine what to install. The README for that module says:
Prefers non-deprecated versions to deprecated versions.