Nodejs package.json resolutions

package.json contains direct and indirect dependencies.

Your application has dependencies that contain another dependency that is upgraded with the new version. You want your application to have selective dependencies to be chosen.

Your application is myapp, has dependencies package-1.0, package-1.0 has dependent on sub-package1.0.

When your application is created and installed, It works fine.

After a couple of days or a month. You installed dependencies in the application, the application is usually installed with indirect dependencies with the latest versions.

To avoid this, resolutions allows application installed with selective versions for a package package-1.0, This does not upgrade to another version sub-package-1.3, since this package is upgraded to the latest version.

since the sub-package is upgraded, your application doesn’t need it, then you need to define the resolution with the version to choose.

package resolution example

resolutions attribute defined the package with a selective version.

"devDependencies": {
  "package": "1.0",
},
"resolutions": {
  "sub-package": "1.0"
}

when npm install is executed in the application, npm installs the sub-package with the 1.0 version instead of the latest version.

what is the resolution in package.json

The resolutions attribute in package.json contains a list of packages and their versions are selected in the dependency group by removing all the other versions.

yarn resolution alternative

The yarn package has an alternative to the resolutions attribute in the package, which is called the overrides attribute which works for npm and yarn.

{
  "overrides": {
    "sub-package": "1.0"
  }
}

npm supported overrides since npm version 8.3 onwards.

This throws a warning if your resolution dependency version is invalid or compatible with application