email@example.com runs only on Node 0.8
firstname.lastname@example.org runs only on Node 0.10
karma depends on log4js and aims to support both Node 0.8 and 0.10, so it specifies:
"log4js": "~0.5.8 || ~0.6.1"
NPM should install either 0.5.8 (when installing on Node 0.8) or 0.6.1 (when installing on Node 0.10).
It however installs ALWAYS 0.5.8 and displays WARN (if Node 0.10).
IMO this is like browser UA spoofing. We spoof for features, not versions.
@paulmillr agree, however "version" is kind of an alias for huge number of features... so it's easier to say I depend on 0.10, rather than listing all the features that could possible change.
@isaacs What is the current thinking behind the "engine" property in package.json ?
I don't think this will ever happen (and I definitely don't think it should).
If the dependency you are using is not backwards compatible and you need it to be, then submit a patch, or maintain your own fork. Package manager dependency duplicity is an indicator of code smell.
The engine field is entirely advisory. In the old days, npm used to consider it an error if there wasn't a package version available for the running version of Node. In a perfect world, that's probably the right thing to do. However, the world isn't going to be perfect any time soon, and this turned out to be a major pain for all involved. Hence it became advisory, and it's up to the user to determine whether to heed the warning or ignore it.
chore: install log4js manually (on Node 0.10)
Workaround for npm/npm#3305
This is cherry-picked commit from stable branch (707684b)