What's the difference between tilde(~) and caret(^) in package.json?
After I upgraded to the latest stable
npm, I tried
npm install moment --save. It saves the entry in the
package.json with the caret
^ prefix. Previously, it was a tilde
- Why are these changes made in
- What is the difference between tilde
- What are the advantages over others?
~version“Approximately equivalent to version”, will update you to all future patch versions, without incrementing the minor version.
~1.2.3will use releases from 1.2.3 to <1.3.0.
^version“Compatible with version”, will update you to all future minor/patch versions, without incrementing the major version.
^2.3.4will use releases from 2.3.4 to <3.0.0.
See Comments below for exceptions, in particular for pre-one versions, such as ^0.2.3
I would like to add the official npmjs documentation as well which describes all methods for version specificity including the ones referred to in the question
|"Approximately equivalent to version" |
See npm semver - Tilde Ranges
|"Compatible with version" |
See npm semver - Caret Ranges
|Must match version exactly|
|Must be greater than version|
|1.2.0, 1.2.1, etc., but not 1.3.0|
|Matches any version|
|Obtains latest release|
The above list is not exhaustive. Other version specifiers include GitHub urls and GitHub user repo's, local paths and packages with specific npm tags
npm allows installing newer version of a package than the one specified. Using tilde (
~) gives you bug fix releases and caret (
^) gives you backwards-compatible new functionality as well.
The problem is old versions usually don't receive bug fixes that much, so npm uses caret (
^) as the default for
Note that the rules apply to versions above 1.0.0 and not every project follows semantic versioning. For versions 0.x.x the caret allows only patch updates, i.e., it behaves the same as the tilde. See "Caret Ranges"
Here's a visual explanation of the concepts:
Source: "Semantic Versioning Cheatsheet".
<major>.<minor>.<patch>-beta.<beta> == 1.2.3-beta.2
- Use npm semver calculator for testing. Although the explanations for ^ (include everything greater than a particular version in the same major range) and ~ (include everything greater than a particular version in the same minor range) aren't a 100% correct, the calculator seems to work fine.
- Alternatively, use SemVer Check instead, which doesn't require you to pick a package and also offers explanations.
Allow or disallow changes
- Pin version:
^(like head). Allows updates at the second non-zero level from the left:
0.2.3 <= v < 0.3.
~(like tail). Generally freeze right-most level or set zero if omitted:
1.0.0 <= v < 2.0.0
1.2.0 <= v < 1.3.0.
1.2.4 <= v < 1.3.0.
- Ommit right-most level:
0.2 <= v < 1. Differs from
- Starting omitted level version is always
- You can set starting major version without specifying sublevels.
- Starting omitted level version is always
All (hopefully) possibilities
Set starting major-level and allow updates upward
* or "(empty string) any version 1 v >= 1
~0 (0) 0.0 <= v < 1 0.2 0.2 <= v < 1 // Can't do that with ^ or ~ ~1 (1, ^1) 1 <= v < 2 ^1.2 1.2 <= v < 2 ^1.2.3 1.2.3 <= v < 2 ^1.2.3-beta.4 1.2.3-beta.4 <= v < 2
^0.0 (0.0) 0 <= v < 0.1 ~0.2 0.2 <= v < 0.3 ~1.2 1.2 <= v < 1.3 ~0.2.3 (^0.2.3) 0.2.3 <= v < 0.3 ~1.2.3 1.2.3 <= v < 1.3
~1.2.3-beta.4 1.2.3-beta.4 <= v < 1.2.4 (only beta or pr allowed) ^0.0.3-beta 0.0.3-beta.0 <= v < 0.0.4 or 0.0.3-pr.0 <= v < 0.0.4 (only beta or pr allowed) ^0.0.3-beta.4 0.0.3-beta.4 <= v < 0.0.4 or 0.0.3-pr.4 <= v < 0.0.4 (only beta or pr allowed)
1.2.3 1.2.3 ^0.0.3 (0.0.3) 0.0.3
Notice: Missing major, minor, patch or specifying
beta without number, is the same as
any for the missing level.
Notice: When you install a package which has
0 as major level, the update will only install new beta/pr level version! That's because
^ as default in
package.json and when installed version is like
0.1.3, it freezes all major/minor/patch levels.
~ fixes major and minor numbers. It is used when you're ready to accept bug-fixes in your dependency, but don't want any potentially incompatible changes.
^ fixes the major number only. It is used when you're closely watching your dependencies and are ready to quickly change your code if minor release will be incompatible.
In addition to that,
^ is not supported by old npm versions, and should be used with caution.
^ is a good default, but it's not perfect. I suggest to carefully pick and configure the semver operator that is most useful to you.
~freezes major and minor numbers.
- It is used when you're ready to accept bug-fixes in your dependency, but don't want any potentially incompatible changes.
- The tilde matches the most recent minor version (the middle number).
- ~1.2.3 will match all 1.2.x versions, but it will miss 1.3.0.
- Tilde (~) gives you bug fix releases
^freezes the major number only.
- It is used when you're closely watching your dependencies and are ready to quickly change your code if minor release will be incompatible.
- It will update you to the most recent major version (the first number).
- ^1.2.3 will match any 1.x.x release including 1.3.0, but it will hold off on 2.0.0.
- Caret (^) gives you backwards-compatible new functionality as well.
Hat matching may be considered "broken" because it wont update
0.2.0. When the software is emerging use
0.x.y versions and hat matching will only match the last varying digit (
y). This is done on purpose. The reason is that while the software is evolving the API changes rapidly: one day you have these methods and the other day you have those methods and the old ones are gone. If you don't want to break the code for people who already are using your library you go and increment the major version: e.g.
3.0.0. So, by the time your software is finally 100% done and full-featured it will be like version
11.0.0 and that doesn't look very meaningful, and actually looks confusing. If you were, on the other hand, using
0.3.x versions then by the time the software is finally 100% done and full-featured it is released as version
1.0.0 and it means "This release is a long-term service one, you can proceed and use this version of the library in your production code, and the author won't change everything tomorrow, or next month, and he won't abandon the package".
The rule is: use
0.x.y versioning when your software hasn't yet matured and release it with incrementing the middle digit when your public API changes (therefore people having
^0.1.0 won't get
0.2.0 update and it won't break their code). Then, when the software matures, release it under
1.0.0 and increment the leftmost digit each time your public API changes (therefore people having
^1.0.0 won't get
2.0.0 update and it won't break their code).
Given a version number MAJOR.MINOR.PATCH, increment the: MAJOR version when you make incompatible API changes, MINOR version when you add functionality in a backwards-compatible manner, and PATCH version when you make backwards-compatible bug fixes.
Tilde ~ matches minor version, if you have installed a package that has 1.4.2 and after your installation, versions 1.4.3 and 1.4.4 are also available if in your package.json it is used as ~1.4.2 then npm install in your project after upgrade will install 1.4.4 in your project. But there is 1.5.0 available for that package then it will not be installed by ~. It is called minor version.
Caret ^ matches major version, if 1.4.2 package is installed in your project and after your installation 1.5.0 is released then ^ will install major version. It will not allow to install 2.1.0 if you have ^1.4.2.
Fixed version if you don't want to change version of package on each installation then used fixed version with out any special character e.g "1.4.2"
Latest Version * If you want to install latest version then only use * in front of package name.
One liner explanation
The standard versioning system is major.minor.build (e.g. 2.4.1)
npm checks and fixes the version of a particular package based on these characters
~ : major version is fixed, minor version is fixed, matches any build number
e.g. : ~2.4.1 means it will check for 2.4.x where x is anything
^ : major version is fixed, matches any minor version, matches any build number
e.g. : ^2.4.1 means it will check for 2.x.x where x is anything
You probably have seen the tilde (~) and caret (^) in the package.json. What is the difference between them?
When you do npm install moment --save, It saves the entry in the package.json with the caret (^) prefix.
The tilde (~)
In the simplest terms, the tilde (~) matches the most recent minor version (the middle number). ~1.2.3 will match all 1.2.x versions but will miss 1.3.0.
The caret (^)
The caret (^), on the other hand, is more relaxed. It will update you to the most recent major version (the first number). ^1.2.3 will match any 1.x.x release including 1.3.0, but will hold off on 2.0.0.
major version is fixed, minor version is fixed, matches any build number
~4.13.3 means it will check for 4.13.x where x is anything and 4.14.0
major version is fixed, matches any minor version, matches any build number
^3.0.0 means it will check for 3.x.x where x is anything
semver is separate in to 3 major sections which is broken by dots.
These different major, minor and patch are using to identify different releases. tide (~) and caret (^) are using to identify which minor and patch version to be used in package versioning.
~1.0.1 Install 1.0.1 or **latest patch versions** such as 1.0.2 ,1.0.5 ^1.0.1 Install 1.0.1 or **latest patch and minor versions** such as 1.0.2 ,1.1.0 ,1.1.1
The version number is in syntax which designates each section with different meaning. syntax is broken into three sections separated by a dot.
Major, minor and patch represent the different releases of a package.
npm uses the tilde (~) and caret (^) to designate which patch and minor versions to use respectively.
So if you see ~1.0.2 it means to install version 1.0.2 or the latest patch version such as 1.0.4. If you see ^1.0.2 it means to install version 1.0.2 or the latest minor or patch version such as 1.1.0.
^ include everything greater than a particular version in the same major range.
~ include everything greater than a particular version in the same minor range.
For example, to specify acceptable version ranges up to 1.0.4, use the following syntax:
- Patch releases: 1.0 or 1.0.x or ~1.0.4
- Minor releases: 1 or 1.x or ^1.0.4
- Major releases: * or x
For more information on semantic versioning syntax, see the npm semver calculator.
More from npm documentation About semantic versioning
Not an answer, per se, but an observation that seems to have been overlooked.
The description for carat ranges:
Allows changes that do not modify the left-most non-zero digit in the [major, minor, patch] tuple.
10.2.3 <= v < 20.0.0
I don't think that's what they meant. Pulling in versions 11.x.x through 19.x.x will break your code.
I think they meant
left most non-zero number field. There is nothing in SemVer that requires number-fields to be single-digit.
Related to this question you can review Composer documentation on versions, but here in short:
- Tilde Version Range (~) - ~1.2.3 is equivalent to >=1.2.3 <1.3.0
- Caret Version Range (^) - ~1.2.3 is equivalent to >=1.2.3 <2.0.0
So, with Tilde you will get automatic updates of patches but minor and major versions will not be updated. However, if you use Caret you will get patches and minor versions, but you will not get major (breaking changes) versions.
Tilde Version is considered "safer" approach, but if you are using reliable dependencies (well-maintained libraries) you should not have any problems with Caret Version (because minor changes should not be breaking changes.
You should probably review this stackoverflow post about differences between composer install and composer update.