I really love using npx, finally I don't need to install all of the modules globally anymore.

One feature of npx is that if you run npx inside a directory which has node_modules/.bin, it will pick the binary from there and doesn't download it anymore. So far so good!

One thing I miss in npx is the following. I have a directory with a package.json file with the following dependency.

{
   "dependencies": {
       "some-package": "^0.12.3"
   }
}

If I have a node_modules/.bin/some-package binary, running npx some-package uses that one (as explained above). But when I don't have node_modules, it will download the latest version of some-package. What I would like is that it will install the version defined in my package.json. So under the hood, it would run npx some-package@^0.12.3 without me having to define the version explicitely.

The concrete use case I have is with yarn. The yarn.lock file is only deterministic if everyone on the team uses the same version. This is just not possible on larger teams, even on small teams this isn't always easy to do. Also in the opensource community this is impossible, you can't expect contributors to install/use a specific version of the package. So you can add yarn@1.6.0 to your devDependencies list, but then again when someone checks out the project and runs npx yarn, it will just use the version globally installed or download the latest version (1.7.0) which doesn't give a deterministic result. The same goes with build servers. Our build server uses npx yarn which is not the same version as defined in package.json, it's just the latest one.

If you are open to the idea, would be happy to see if I can send a PR and contribute.