We can force yarn to install a specific version of a nested dependency. This can be useful if a nested dependency has a bug or security vulnerability.
To change the version of a dependency of a dependency installed by yarn, we simply need to add the name of the package and the version number we want to the resolutions object of our package.json, like this:
{
"resolutions": {
"colors": "1.4.0"
}
}Adding the above two fields in package.json will make sure the nested dependency colors will be installed at version 1.4.0, regardless of what the package requiring actually specifies.
We can achieve a similar thing with npm but not natively. We can use the npm-force-resolutions package, like this:
{
"resolutions": {
"colors": "1.4.0"
},
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
}