Make latest default version for npm install package instead of *

[iarna]

Merge and bring in https://github.com/npm/npm-package-arg/pull/15/files as the current behavior is basically never what people want.

[sparty02]

Hmmm.... instinctively, I would actually expect npm install foo to install the latest stable version of that package. I almost never want a pre-release version, unless I'm really antsy to leverage some new beta feature and, in that case, I'd rather opt in and make my command explicit, e.g. npm install foo@latest..... but who knows, maybe that's not a popular sentiment?

[iarna]

Remember that latest is NOT the most recent version. latest is the version the author tagged for general installation. If you author something that's pre-release I would encourage you to tag it as beta or something like that.

[iarna]

(eg npm publish --tag beta or npm dist-tag add <pkgname>@<version> beta)

[sparty02]

If you author something that's pre-release I would encourage you to tag it as beta or something like that.

That makes sense, but then why make this change? The release notes on this made it sound like the main driver of this change was to open the door for pre-release versions to be installed without qualification....which seems off to me. But again, just my two cents....just trying to understand.

Maybe this just more strongly encourages authors to more effectively tag their releases?

[iarna]

So I'm sure there are many reasons folks tag prerelease verisons as latest, but here are a few I've seen:

Some projects use the semver-prerelease field for things that aren't prereleases. They would like their software to be installable.

Sometimes folks have tagged what was a prerelease version as latest because the later stable release had problems and they want new users to use the now known to be stable prerelease version until such time as they can make a new release.

[doliver3]

Users should not get prereleases by default. The point of prereleases is to be before a release so if the author is publishing a prerelease they usually don't want their community to get it by default until more testing has been done with that prerelease. By allowing prereleases to become the default when the user doesn't specify the version, npm is encouraging huge instability in codebases using npm. It is very unintuitive and encourages software to crash by accepting software before it has been actually released by the author as an official release.

The author of d3.js has similar concerns.
https://medium.com/@mbostock/prereleases-and-npm-e778fc5e2420#.7fr9zhk7q

Remember that latest is NOT the most recent version. latest is the version the author tagged for general installation. If you author something that's pre-release I would encourage you to tag it as beta or something like that.
In addition, authors should not be required to add a tag to avoid setting the latest tag. Why would the default behavior of publish be to tag unstable versions of code. Prereleases are by their nature unstable. That behavior is unintuitive for authors and encourages publishing unstable code unknowingly by having an unsafe default behavior. The best behavior would be to default to setting the latest tag on non-prereleases then if an author wants to explicitly make a prerelease available to their public then it is that author who should be required to publish passing the tag as latest to the publish command. That gives the unusual author control to publish prerelease code as latest but does not make prereleases the default for everyone else.

Some projects use the semver-prerelease field for things that aren't prereleases. They would like their software to be installable.
Sometimes folks have tagged what was a prerelease version as latest because the later stable release had problems and they want new users to use the now known to be stable prerelease version until such time as they can make a new release.
Those 2 use cases above are 'sometimes' cases which means that they shouldn't be the default case because they are more rare than typical reasonable usage patterns. If authors want to do something unusual with prereleases by making them latest then they should be the ones required to set the latest tag explicitly on the npm publish.