[BUG] npx does not fetch latest possible semvar match
Problem
Is there an existing issue for this? - [X] I have searched the existing issues This issue exists in the latest npm version - [X] I am using the latest npm Current Behavior When using the syntax `npx <package>@<semvar> <command>`, `npx` is always using a local cached version instead of fetching the latest available version that falls within the semvar from the npm registry and prompting for an upgrade. Running `npm cache clean --force` does not seem to help. The issue only seems to be reproducible on some machines. One user even reported that with momentic@1.0.12 installed locally, `npx momentic^1` was still invoking `1.0.11` instead of the newer version. Expected Behavior I expect `npx` to issue a prompt like the one below: [code block] rather than proceeding with the locally cached version of momentic@1.0.12, for example. Steps To Reproduce 1. Run `npx momentic@1.0.12 init` and accept the install prompt. Ignore the output of the program (the program in this case doesn't matter and can be substituted with any other). 2. Run `npx momentic@^1 init`. This should be expected to prompt to install `1.0.13` or whatever the latest version is. However, it does not and instead prints the same output as step 1. Screenshot of what I mean on the `turbo` repo (the latest `turbo` version is `2.1.3` at time of writing): Environment - npm: 10.9.0 - Node.js: v20.9.0 - OS Name: Mac OS Sonoma 14.4 - System Model Name: M3 Max MBP - npm config: [code block] I confirmed that my npx p
Unverified for your environment
Select your OS to check compatibility.
1 Fix
[FIX] Ensure npx fetches the latest semver match from npm registry
The issue arises due to npx prioritizing the local cache over fetching the latest version from the npm registry. This behavior can be influenced by the npm configuration settings, specifically the cache settings and the way npx resolves package versions. In some cases, local installations of packages can interfere with npx's ability to fetch the latest version, leading to unexpected behavior.
Awaiting Verification
Be the first to verify this fix
- 1
Check npm configuration
Verify the npm configuration settings to ensure that caching behavior is set correctly. Specifically, check for the 'cache' and 'prefer-offline' settings.
bashnpm config get cache npm config get prefer-offline - 2
Clear npm cache
Forcefully clear the npm cache to ensure that no stale versions are being used. This can help in cases where the cache is causing npx to use an outdated version.
bashnpm cache clean --force - 3
Update npx command syntax
Modify the npx command to explicitly specify the latest version using the 'latest' tag, which can help bypass local cache issues.
bashnpx momentic@latest init - 4
Check for global installations
Inspect if the package is installed globally, which might interfere with npx's behavior. If found, consider uninstalling the global version.
bashnpm list -g --depth=0 npm uninstall -g momentic - 5
Test the npx command again
After performing the above steps, run the npx command again to verify if it now fetches the latest version correctly.
bashnpx momentic@^1 init
Validation
To confirm the fix worked, run the command 'npx momentic@^1 init' and check if it prompts for the installation of the latest version instead of using the cached version. The output should indicate that a newer version is available and prompt for installation.
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep