patch-package
Advanced tools
The patch-package npm package allows users to keep track of modifications to node_modules. It is useful when a user needs to make a quick fix to a node module and wants to persist this change across installs without waiting for the upstream fix. It lets you keep your workarounds in version control.
Creating Patches
This command is used to create a patch file for the npm package 'some-package'. After making changes to the node module, running this command will generate a patch file in a directory that can be committed to version control.
npx patch-package some-packageApplying Patches
This command applies all patches from the patches directory. It is typically used in the postinstall script in package.json to ensure that patches are applied after every npm install.
npx patch-packageApplying Specific Patch
This command applies a patch to a specific package. It is useful when you want to apply a patch to 'some-package' without applying all available patches.
npx patch-package some-packageShrinkwrap is a tool for locking down the versions of npm packages installed. It is similar to patch-package in that it helps maintain consistency in dependencies, but it does not allow for modifications to the package code itself.
patch-package lets app authors instantly make and keep fixes to npm
dependencies. It's a vital band-aid for those of us living on the bleeding edge.
# fix a bug in one of your dependencies
vim node_modules/some-package/brokenFile.js
# run patch-package to create a .patch file
npx patch-package some-package
# commit the patch file to share the fix with your team
git add patches/some-package+3.14.15.patch
git commit -m "fix brokenFile.js in some-package"
Patches created by patch-package are automatically and gracefully applied when
you use npm(>=5) or yarn.
No more waiting around for pull requests to be merged and published. No more forking repos just to fix that one tiny thing preventing your app from working.
In package.json
"scripts": {
+ "postinstall": "patch-package"
}
Then
npm i patch-package
You can use --save-dev if you don't need to run npm in production, e.g. if
you're making a web frontend.
yarn add patch-package postinstall-postinstall
You can use --dev if you don't need to run yarn in production, e.g. if you're
making a web frontend.
To understand why yarn needs the postinstall-postinstall package see:
Why use postinstall-postinstall
Same as for yarn ☝️ Note that if you want to patch un-hoisted packages you'll
need to repeat the setup process for the child package. Also make sure you're in
the child package directory when you run patch-package to generate the patch
files.
yarn 2+ have native support for patching dependencies via yarn patch.
You do not need to use patch-package on these projects.
pnpm has native support for patching dependencies via pnpm patch.
You do not need to use patch-package on these projects.
For patch-package to work on Heroku applications, you must specify
NPM_CONFIG_PRODUCTION=false or YARN_PRODUCTION=false.
See this issue for more
details.
If having errors about working directory ("cannot run in wd [...]") when
building in Docker, you might need to adjust configuration in .npmrc. See
#185.
In your Dockerfile, remember to copy over the patch files before running
[npm|yarn] install
If you cache node_modules rather than running yarn install every time,
make sure that the patches dir is included in your cache key somehow.
Otherwise if you update a patch then the change may not be reflected on
subsequent CI runs.
Create a hash of your patches before loading/saving your cache. If using a Linux machine, run md5sum patches/* > patches.hash. If running on a macOS machine, use md5 patches/* > patches.hash
- run:
name: patch-package hash
command: md5sum patches/* > patches.hash
Then, update your hash key to include a checksum of that file:
- restore_cache:
key: app-node_modules-v1-{{ checksum "yarn.lock" }}-{{ checksum "patches.hash" }}
As well as the save_cache
- save_cache:
key: app-node_modules-v1-{{ checksum "yarn.lock" }}-{{ checksum "patches.hash" }}
paths:
- ./node_modules
First make changes to the files of a particular package in your node_modules folder, then run
yarn patch-package package-name
or use npx (included with npm > 5.2)
npx patch-package package-name
where package-name matches the name of the package you made changes to.
If this is the first time you've used patch-package, it will create a folder
called patches in the root dir of your app. Inside will be a file called
package-name+0.44.0.patch or something, which is a diff between normal old
package-name and your fixed version. Commit this to share the fix with your
team.
--create-issue
For packages whose source is hosted on GitHub this option opens a web browser with a draft issue based on your diff.
--use-yarn
By default, patch-package checks whether you use npm or yarn based on which lockfile you have. If you have both, it uses npm by default. Set this option to override that default and always use yarn.
--exclude <regexp>
Ignore paths matching the regexp when creating patch files. Paths are relative to the root dir of the package to be patched.
Default value: package\\.json$
--include <regexp>
Only consider paths matching the regexp when creating patch files. Paths are relative to the root dir of the package to be patched.
Default value: .*
--case-sensitive-path-filtering
Make regexps used in --include or --exclude filters case-sensitive.
--patch-dir
Specify the name for the directory in which to put the patch files.
If you are trying to patch a package at, e.g.
node_modules/package/node_modules/another-package you can just put a /
between the package names:
npx patch-package package/another-package
It works with scoped packages too
npx patch-package @my/package/@my/other-package
Use exactly the same process as for making patches in the first place, i.e. make more changes, run patch-package, commit the changes to the patch file.
Run patch-package without arguments to apply all patches in your project.
--error-on-fail
Forces patch-package to exit with code 1 after failing.
When running locally patch-package always exits with 0 by default. This happens even after failing to apply patches because otherwise yarn.lock and package.json might get out of sync with node_modules, which can be very confusing.
--error-on-fail is switched on by default on CI.
See https://github.com/ds300/patch-package/issues/86 for background.
--reverse
Un-applies all patches.
Note that this will fail if the patched files have changed since being
patched. In that case, you'll probably need to re-install node_modules.
This option was added to help people using CircleCI avoid an issue around caching and patch file updates but might be useful in other contexts too.
--patch-dir
Specify the name for the directory in which the patch files are located
To apply patches individually, you may use git:
git apply --ignore-whitespace patches/package-name+0.44.2.patch
or patch in unixy environments:
patch -p1 -i patches/package-name+0.44.2.patch
If you deploy your package to production (e.g. your package is a server) then
any patched devDependencies will not be present when patch-package runs in
production. It will happily ignore those patch files if the package to be
patched is listed directly in the devDependencies of your package.json. If
it's a transitive dependency patch-package can't detect that it is safe to
ignore and will throw an error. To fix this, mark patches for transitive dev
dependencies as dev-only by renaming from, e.g.
package-name+0.44.0.patch
to
package-name+0.44.0.dev.patch
This will allow those patch files to be safely ignored when
NODE_ENV=production.
Nope. The technique is quite robust. Here are some things to keep in mind though:
yarn or npm when switching between branches
that do and don't have patch files.Most times when you do a yarn, yarn add, yarn remove, or yarn install
(which is the same as just yarn) Yarn will completely replace the contents of
your node_modules with freshly unpackaged modules. patch-package uses the
postinstall hook to modify these fresh modules, so that they behave well
according to your will.
Yarn only runs the postinstall hook after yarn and yarn add, but not after
yarn remove. The postinstall-postinstall package is used to make sure your
postinstall hook gets executed even after a yarn remove.
MIT
FAQs
Fix broken node modules with no fuss
The npm package patch-package receives a total of 1,150,808 weekly downloads. As such, patch-package popularity was classified as popular.
We found that patch-package demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.