Version pinning for external packages

Bergstein · 29 January 2025 12:07

Hi, all. First post here, searched for similar questions, didn't find any.

I am interested in version pinning for external packages (those in Setup tab of Function node).
Tried to use "package@version" notation, in a losing effort.
Is there a way to pin/fix version of external package?

Sometimes "current version" is not a perfect solution.
It's not very clear, what version I get if I import flow on fresh installation.
NPM registry is not the safest supply chain on the planet.
It can be compliance issue (itsec people hate when versions not nailed down)

TotallyInformation · 29 January 2025 13:18

If you are using the palette manager in the Editor then that is designed to be as simple and robust to use as possible I believe. If you want to do something outside its features, you will need a command line on the Node-RED server. From there, go to your Node-RED userDir (usually ~/.node-red) and you can then use standard npm commands and/or edit your package.json file to pin versions as needed.

Just note that I think that if you later update something from the palette manager, I don't know whether it simply updates to the latest or whether it respects your package.json - you may wish to check that.

Colin · 29 January 2025 13:29

It will update to the latest.

TotallyInformation · 29 January 2025 13:30

So that means that you always need to use the command line.

Bergstein · 30 January 2025 06:43

Thanks, all.
Looks like workaround falls on me.

Colin · 30 January 2025 08:55

What workaround, and in what way does it fail?

TotallyInformation · 30 January 2025 09:46

Anyone can suggest improvements. There is a category on this forum for feature requests.

Of course, developer time for core changes is very limited and so code is always welcomed once a feature is agreed on.

Bergstein · 30 January 2025 10:41

Not "fail", "falls". Like "responsibility falls on me"
Workaround will be in form of a script doing npm install inside the container.

Bergstein · 30 January 2025 10:44

Yeah, I am not very good at js/ts right now (backend background), so I won't be bothering core devs with a feature request, until I have a quality PR to back it )

I think I will return to this question in the future.

TotallyInformation · 30 January 2025 12:40

The great thing about Node-RED is that it can do pretty much anything if you want to authorise it.

So you could have a flow that runs the command line for you.

system · 13 February 2025 12:40

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Npm, versioning and palette manager confusions General	76	2493	25 June 2021
Add `package-lock.json` to the node-red repo Feature Requests	1	1239	4 October 2018
I can't find Manage Palette General	14	2742	20 May 2019
Node version selection in palette General	7	129	1 October 2024
Palette Manager installation leave invalid tag in package.json General	17	1155	4 January 2021

Version pinning for external packages

Related topics