Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Git urls don't allow semver ranges #3328

Closed
NickHeiner opened this Issue · 19 comments
@NickHeiner

According to the documentation:

Git URLs as Dependencies
Git urls can be of the form:

git://github.com/user/project.git#commit-ish
git+ssh://user@hostname:project.git#commit-ish
git+ssh://user@hostname/project.git#commit-ish
git+http://user@hostname/project/blah.git#commit-ish
git+https://user@hostname/project/blah.git#commit-ish

The commit-ish can be any tag, sha, or branch which can be supplied as an argument to git checkout. The default is master.

I would like to be able use the full semver range syntax for the commit-ish part:

git://github.com/user/project.git#1.0.x
git://github.com/user/project.git#~2

I'm dependent on git urls because my company uses a number of repos on our internal github instance, and we don't have our own npm registry. (Based on digging through some old issues, it wasn't even clear that setting up our own npm registry would be possible.)

Could I submit a PR for this?

@isaacs
Owner

If you want that to work, then tag or branch so that 1.0.x points to something in git. We're not going to walk through commits finding semver-ish-looking things and try to be clever about them.

@isaacs isaacs closed this
@nathan7
Collaborator

@isaacs We can walk through tags, though? I believe I proposed this to you in the past.

@isaacs
Owner

Yeah, it's not a good idea, though. Very complicated and weird. If you have loose git deps, then point at a branch, rather than a commit.

@meryn

Write a pre-procressor for package.json, call your sourcefile clever-package.json or so. It's a known fact that pre-processors are the solution to just about any gripe you have with the syntax for your platform of choice. ;)

But seriously, the pre-processor could fix up the package.json for you so that it points to a real commit. It'd be certainly a useful little tool, if open source.

Ideally, npm would have a "preinstallpackages" script hook for this. Then you can be sure that the generated package.json is always up to date before it gets evaluated.

@bcherny

@isaacs It's certainly not a trivial implementation, but it would be very nice to have feature parity with bower here.

@rlidwka

It's certainly not a trivial implementation

If we're talking about github only, it's trivial. I can't point out the exact commit, but it was done in visionmedia/npm and yapm a long time ago using github api and gh-lookup. Just run yapm install visionmedia/commander.js@^1.2.0 and see for yourself.

Actual git url's are more tricky than that, because you have to fetch the entire tree before you know what commit hash you need, and there are a few corner cases. But people usually look just for github repos anyway.

@NickHeiner

Amusingly, although I opened this issue originally, I've now come to agree with @isaacs that this would be "very complicated and weird". I would advise people to just use an npm registry instead of conflating source control with published package management.

@jasonkuhrt

@NickHeiner How's that working out with your private packages? Even today, years since npm started, private package hosting is only just in beta.

@rlidwka

Even today, years since npm started, private package hosting is only just in beta.

npm private package hosting isn't the only one hosting available out there. I'm using private packages for 2 years now, and it works just fine.

But git urls are useful for public stuff, if people don't want to use npm registry for one reason or another.

@jasonkuhrt

npm private package hosting isn't the only one hosting available out there. I'm using private packages for 2 years now, and it works just fine.

Link to service provider?

@rlidwka

@jasonkuhrt , if you are looking for a npm-compatible private registry installed on your servers, look at sinopia. If you're looking for 3rd party service provider (SaaS), check cnpm.

@kumavis

+1 this closed issue to the moon! :rocket:

@NickHeiner

@jasonkuhrt, we are hosting our own copy of the npm registry on couchdb. It's painful to maintain at times but generally works.

@Aaike

how come jspm is able to install git packages using a semver range ? can the same technique not be used ? i think it's just getting the tags using git ls-remote --tags and then do the semver match. no need to over complicate it ?
it would really be fantastic to be able to specify a semver range for github packages...

@ciekawy

+1
being impressed by the richness of node packages and the well working idea of reusable modules I am convinced that this is the very case where having an option of working semvers for git urls is worth extracting the job already done for bower.

@dehru

bower.json has no problem with this syntax

"thingy": "http://thingy.lss.com/scm/cuc/emc-login.git#1.x.x",

I wish I could add a similar syntax to package.json.

@ciekawy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.