level-iterator-stream dependency breaks Node.js LTS 4.X install with v2.0.2

[ghost]

Hello,

My team and myself have been hit by an oddity today, in the setup of our Node.JS product.

Indeed, using our yarn.lock file, we previously had no issue installing it with node.js 4.X, but today we get:

error level-iterator-stream@2.0.1: The engine "node" is incompatible with this module. Expected version ">=6".
error Found incompatible module

Digging a bit deeper into it, (using yarn list), I see:

├─ level-iterator-stream@2.0.1
│  ├─ inherits@^2.0.1
│  ├─ readable-stream@^2.0.5
│  └─ xtend@^4.0.0
...
├─ levelup@2.0.2
│  ├─ deferred-leveldown@~3.0.0
│  ├─ level-errors@~1.1.0
│  ├─ level-iterator-stream@~2.0.0
│  └─ xtend@~4.0.0

Note that levelup is the only package depending on level-iterator-stream, and given what I read, it's not unexpected that the 2.0.1 would be installed, but here's the issue:
Level/iterator-stream@0b4d52b

As you can see, that commit changed the node engine for level-iterator-stream to >=6, rather than something compatible with your engine requirement in version v2.0.2.

I understand the philosophy of being flexible relatively to your dependencies, but due to the loose aspect of dependencies in the open-source, I'd recommend using hard-set dependencies that would be updated once-in-a-while (and confirmed to work, obviously). It would avoid such surprises to your users (my team included :p).

[vweevers]

Level/iterator-stream#36 (comment)