Two versions of same npm package in Node application

Based on my answer for a similar question:

As of npm v6.9.0, npm now supports package aliases. It implements the same syntax as Yarn uses:

npm install my-sdk-legacy@npm:my-sdk@1
npm install my-sdk

This adds the following to package.json:

"dependencies": {
  "my-sdk-legacy": "npm:my-sdk@^1.0.0",
  "my-sdk": "2.0.0"
}

This seems to me the most elegant solution available, and is compatible with the Yarn solution proposed by @Aivus.

So this is actually a quite common scenario which was addressed several times.

There is a closed issue for npm and open issue for yarn package managers.

---

The first solution was suggested by the author of NPM in this GH comment:

Publish a separate package under a different name. It will require a specific version inside.

{ "name": "express3",
  "version": "1.0.0",
  "description":"Express version 3",
  "dependencies": { "express":"3" } }

// index.js
module.exports = require('express')

In your case you'll publish my-sdk-v1 and my-sdk-v2. And from now you can easily install 2 versions of a package in one project without running into conflicts.

const mySDKLegacy = require('my-sdk-v1');
const mySDKModern = require('my-sdk-v2');

The second way pretty much the same idea proposed - use git url:

{
    "my-sdk-v1": "git://github.com/user/my-sdk#1.0.0",
    "my-sdk-v2": "git://github.com/user/my-sdk#2.0.0"
}

Unlike npm package, you are free to choose any name you wish! The source of truth is the git url.

Later npm-install-version popped up. Buuut, as you already proved, its usage is a bit limited. Since it spawns a child process to execute some commands and writes to tmp dirs. Not the most reliable way for a CLI.

To sum up: you're left with choices 1 & 2. I'd stick with the first one, since the github repo name & tags could change.

2nd option with git url is better when you want to change a version to depend more frequently. Imagine you want to publish a security patch for my-sdk-v1 legacy. Will be easier to reference a git url then publish my-sdk-v1.1 to npm again and again.

So to just add up to current solutions you can also provide packages like so:

yarn add my-sdk-newest@npm:my-sdk

or in package.json

{
  ...
  "my-sdk-newest": "npm:my-sdk",
  "my-sdk": "1.0.0"
  ...
}

if you only care about specific legacy version and the newest.

Do npm i alias@npm:package_name@package_version

Inside package.json use “alias”: “npm:package_name@package_version”