I'm building a boilerplate for my every frontend projects and if I wanted when I run npm install so all my dependencies will be the latest version, Would I change all the packages' distag to "latest" for that purpose?

"@babel/plugin-syntax-dynamic-import": "latest",
        "@babel/plugin-transform-runtime": "^7.3.4",
        "@babel/preset-env": "^7.3.4",
        "babel-eslint": "^10.0.1"


"@babel/plugin-syntax-dynamic-import": "latest",
        "@babel/plugin-transform-runtime": "latest",
        "@babel/preset-env": "latest",
        "babel-eslint": "latest"

The package-lock.json

npm v5.2+ comes with a package-lock.json file that is generated when you install packages. This file should be versioned because it contains the information of every package installed.

The idea then becomes that instead of using package.json to resolve and install modules, npm will use the package-lock.json. Because the package-lock specifies a version, location and integrity hash for every module and each of its dependencies, the install it creates will be the same, every single time. It won’t matter what device you are on, or when in the future you install, it should give you the same result every time, which is very useful.

So, if package-lock.json locks down the version of installed packages, what is the problem using "latest"?

The problem lies in that your package.json is not meaningful.

  • Your package.json does not tell you what version is actually installed, not even a clue.
  • What if someone overrides the package-lock.json or deletes it.

It is not the end of the world, but having a package.json should give us a clue about the packages we have installed.

Of course you can see a list of your installed packages with versions: npm list --depth=0 and also if you want to update packages, you can see the list of outdated ones: npm outdated

Check out this article: Everything you wanted to know about package-lock.json but were too afraid to ask.


I think it is ok when you use lastest tag as there is no conflict in version of packages.

In the user's guide of distag, they show that:

By default, the latest tag is used by npm to identify the current version of a package, and npm install <pkg> (without any @<version> or @<tag> specifier) installs the latest tag. Typically, projects only use the latest tag for stable release versions, and use other tags for unstable versions such as prereleases.

So if you are gonna to release a stable version, use latest tag will definitely true.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.