-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Version with v-prefix is incorrectly marked as valid #376
Comments
As a "fix" this would be a breaking change, so I would be against that. But I do think there is room for a feature that would allow for a more strict parsing according to the spec. |
The npm ecosystem doesn’t follow semver 2.0 - it follows 1.0, i believe - because version changes under v1 aren’t always breaking. That said, i don’t think the v has ever been included according to the spec, but also, in the npm ecosystem it’s very often there. I don’t think there’d be any value in rejecting these. |
@ljharb that not what is writed in the readme: |
Then i guess the docs are wrong. |
@ljharb that what you believe, to me this package follow |
|
I see value in rejecting thoses. |
this package is explicitly and only for npm. it's not "the official semver package", it's "the npm ecosystem's official semver package" |
This package is download more than |
Everything on npm is node-specific by default, no scope is needed. If you want something that can work in Swift, there should be a Swift package for it - which there is (https://github.com/ddddxxx/Semver, for example). |
I agree for all packages who are 100% Any parser (HTML, CSS, MARKDOWN) in NPM follow the RFC as much as they can. We try to stop having browsers interpreting the JS differently, and follow the RFC for interoperability. |
Browsers have nothing to do with this - this package is for npm's semver implementation only. If you're using it for non-npm semver, you're misusing it. |
I'm talking about interoperability and use example like Browsers and JS story to find a common ground where we can understand each others. I use this package in a CLI who is coded in JS, but made for other usage than node. I misusing it for sure, the namespace, the README let me think it was a generic package following a generic convention. If you believe i'm the only one who going to think that, you're missing some perspectives. :/ |
The repo is named “npm/node-semver” and it’s a node package published on npm, I’m not sure how much clearer it could be ¯\_(ツ)_/¯ |
Agree for GitHub, but that out of the problem. On NPM, it's just A package who not follow the RFC of a subject shouldn't use the common name. And if then in the current situation, a big warning should be in it |
Following this chat npm#376 This add to the README to prevent misleading usage
i openned PR to add it to the README #476 |
It's on npm. Everything on npm has the implicit context "the node ecosystem". |
I can say the same when it's wrote By saying that we go nowhere… |
I do agree that a "strict" mode that actually follows the spec would be nice. As seen in npm/cli#6370, the currently sloppy parsing already causes issues for npm itself. |
@ljharb This is only mostly correct. The npm ecosystem started with SemVer 1.0, which was a much less clear and precisely worded spec. SemVer 2.0 brought a lot more rigor, but the npm ecosystem already had a fairly large corpus of version numbers that were only compliant with (a particular interpretation of) SemVer 1.0. So, it has "strict mode" (used for publishing, The presence of a Historical accidents all the way down, but the cost of changing to not allow the if (semver.valid(version)) { with this: if (version === semver.valid(version)) { |
The |
That said, this is not a bug per se w/ this module but with npm itself. Folks using this package can get whatever behavior they want, either cleaning it or not. |
make sense for the explaining of how npm ecosystem works and that difficult to change.
For both improvement i'm willing to make a PR but i would like to know if you are open to this changes |
I think it's worth exploring a way to make valid choose between v1 and v2. Docs would probably end up being part of that PR right? |
According to SemVer 2.0.0, a version like
v1.2.3
is not valid (https://semver.org/#is-v123-a-semantic-version).The library incorrectly marks a version like this as valid:
I understand that the v-prefix is often used to indicate that some string represents a version. However, when I explicitly want to check if a string is valid according to the SemVer spec, I expect the method to return false in this case, especially when I set the
loose
option tofalse
.A fix (or an option to be extra strict for backwards compatibility) would be appreciated!
The text was updated successfully, but these errors were encountered: