Today, I figured something wrong in our dependencies, I though it would be nice to share it !

Let’s assume we have a project called “website” with this (shorten) package.json  file:

The “some-package” package.json  file looks like:

See the “fixed” version here.


Let’s assume that I add a functionality in the our-sdk  package, and I bumped the 2.1.0  tag.

If I just run (yarn|npm) upgrade , the sdk will stay in 2.0.0  version. This is easily understandable by reading the yarn.lock  file witch will contain:

As the website  package requires “anything >= 2.0.0 and < 3.0.0”, the 2.0.0  version matches perfectly, so it is not updated.


The two things I recommend here is :

  1. Don’t force static version, as we did in some-package
  2. If you require a functionality of a minor version, update your package.json  as well to force the wanted version


In the second line, if we force ^2.1.0  in the website package.json, the yarn.lock will be like this

As there can be no common version, yarn|npm will download the two versions. It’s not perfect as you will have two version of your SDK in your dependencies, but it’s better than nothing.