Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm ecosystem and semver #328

danseethaler opened this issue Oct 17, 2017 · 2 comments

npm ecosystem and semver #328

danseethaler opened this issue Oct 17, 2017 · 2 comments


Copy link

@danseethaler danseethaler commented Oct 17, 2017

Hey Kent!

I've published a few npm packages recently and also been working on upgrading to React@16 at work. I have some rapid fire questions about npm I'm hoping you can help with or at least point me in the right direction. Two of them I actually asked on SO but haven't had any feedback at all. Thanks so much for any thoughts in advance!

Nested dependecy overhead

While upgrading to react@16 on the foreman project I've been thinking about the structure of npm and how dependencies rely on other dependencies and on and on. Each of those dependencies sets a specific version range that it will work with. This whole scenario seems like it could really slow down the upgrade process if you've got a nested dependency that hasn't updated their package.json to support React@16 (or whatever you're moving to). If a package has a React peer dependency of 15.x will it use React@16 anyway? I realize it may break since it hasn't been tested but would it use it?

Set the semver range as npm author

I just published my first npm package on npm and I don’t understand how the semver range is specified.

When I install react I get "react": "^15.6.1" (with the caret) in my package.json. When I install dayone-to-md I get "dayone-to-md": "0.0.2". I'm assuming as a package author I can do something to set the caret/tilde when a user installs my package. How would I accomplish that?

Get patch updates with caret on npm package

The caret symbol (^) doesn't seem to include patch updates on npm update

After I published v0.0.1 of my package I installed it in a local project and set the semver range to ^0.0.1. I then bumped my packge version to v0.0.2 and published to npm. When I run npm outdated I see

Package       Current  Wanted  Latest  Location
dayone-to-md    0.0.1   0.0.1   0.0.2  test-dayone-to-md

indicating there is a higher latest version but my semver range doesn't want it.

If I change my semver range to ~0.0.1 and run npm outdated I see

Package       Current  Wanted  Latest  Location
dayone-to-md    0.0.1   0.0.2   0.0.2  test-dayone-to-md

I would expect this second outcome to be the result when I use the ^ or the ~ since they both encompass the patch updates.

I read through the docs but I don't see anything that would explain this. Thanks for your help!

Copy link

@kentcdodds kentcdodds commented Nov 16, 2017

Hi @danseethaler!

I was locked out of my house for a few hours the other day so I recorded answers to a bunch of my AMA questions and put them up on my 3 minute podcast. Here's your answer!

@kentcdodds kentcdodds closed this Nov 16, 2017
Copy link

@danseethaler danseethaler commented Nov 16, 2017

Ah this is great! Thanks @kentcdodds! The site is pretty nifty 😀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.