Skip to content
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.

Strange "npm view" result #8476

Closed
pauldijou opened this issue Jun 5, 2015 · 9 comments
Closed

Strange "npm view" result #8476

pauldijou opened this issue Jun 5, 2015 · 9 comments

Comments

@pauldijou
Copy link

Today, around 5PM UDT, I played with npm view both with CLI and programmatic API and I got some strange results... Running npm view npm inside my shell returned (lot of stuff removed):

{ name: 'npm',
  description: 'a package manager for JavaScript',
  'dist-tags': { latest: '2.11.1', next: '2.11.2' },
  versions: 
   [ ...,
     '2.11.0',
     '2.11.1',
     '2.11.2' ],
  maintainers: [...],
  time: 
   { modified: '2015-06-05T00:54:40.257Z',
     created: '2013-07-12T18:32:48.902Z',
     ...,
     '2.11.0': '2015-05-22T06:09:54.035Z',
     '2.11.1': '2015-05-28T21:36:47.566Z',
     '2.11.2': '2015-06-05T00:54:40.257Z' },
  dist: 
   { shasum: '6197c1520e8b9110c34b0b6841175fea551e2ecf',
     tarball: 'http://registry.npmjs.org/npm/-/npm-2.11.1.tgz' } }

And running the following code to display the last NPM version:

var npm = require('npm');
npm.load({}, function () {
  npm.commands.view(['npm'], false, function (err, infos) {
    if (err) { console.log(err); }
    else { console.log(infos); }
  });
});

Output the same stuff as before assigned to a 2.11.1 key.

{ "2.11.1": {... same stuff as before...}}

So, here is the question. Maybe I got it wrong, but why is 2.11.1 considered the last version (both in npm.commands.view and in the dist-tags object) even if a 2.11.2 has been created (both in versions array and time object)?

Checking NPM website confirm the 2.11.1 as the last version. But I can actually install 2.11.2 by running npm install npm@2.11.2.

Is that linked to the fact that it's a pre-release on GitHub? Or because it was published with a tag different than latest?

Why is it bothering me? Because I'm trying to figure the best version of a package to install but I got a conflict: if I have npm: ^2.11.0 inside my package.json, checking the best version according to SEMVER inside the versions array will return me 2.11.2 but this version is supposed to be greater than the last version 2.11.1 so it's kind of not really valid. And so my head just exploded...

Thanks a lot for any help!

@kenany
Copy link
Contributor

kenany commented Jun 5, 2015

@pauldijou This is part of npm's release process. Currently, 2.11.1 is tagged as latest, while 2.11.2 is tagged as next. Every week, next is "promoted" to latest while a new release becomes next.

@pauldijou
Copy link
Author

Got it! Thanks for the answer @kenany

@pauldijou
Copy link
Author

Hey @kenany, sorry, quick bonus question, if I run npm outdated, I have the following output:

Package  Current  Wanted  Latest  Location
npm       2.11.0  2.11.2  2.11.1

Do you think it's normal to have a wanted version pointing to a non-released version? It doesn't contradict the documentation, but I can't help myself finding it strange for NPM to recommend updating to a version after the latest one...

@kenany
Copy link
Contributor

kenany commented Jun 5, 2015

@pauldijou I guess it does look a bit odd. 2.11.2 is a released version, mind you, it's just in a sort of public-beta-testing state for the next week. As far as npm outdated knows, it is just like any other version. I'm not sure if it is worth hard-coding this case into npm outdated.

@pauldijou
Copy link
Author

Agreed @kenany, but if I run npm update, it updates the npm package to the wanted version, aka 2.11.2. I wouldn't expect this command to update beyond the latest dist-tag but the current behaviour is to update to a "public-beta-testing" version as you said. It's kind of ok for the npm package since I think it's pretty stable, but for any other package that would use custom dist-tags for snapshots or beta versions, it might produce strange results IMHO.

@kenany
Copy link
Contributor

kenany commented Jun 5, 2015

@pauldijou Oh, from here I was under the impression that npm upgrade would give you 2.11.1.

@pauldijou
Copy link
Author

@kenany I'm not talking about globally installed packages, here npm is locally installed because I need it for programmatic access. I'm more in this use-case. But the doc only have a latest tag inside dist-tags so it doesn't reflect the current situation. To summarize my concern, if you have a package with the following definition:

{
  "name": "whatever",
  "dist-tags": {
    "latest": "1.0.1",
    "beta": "1.0.2"
  },
  "versions": [
    "1.0.0",
    "1.0.1",
    "1.0.2"
  ]
}

And you have "whatever": "^1.0.0" inside your package.json and the 1.0.0 version locally installed, what should npm update install? I would expect 1.0.1 as it is the greatest version that match my range and stay lower or equal to the official latest release. But it looks like it will actually install 1.0.2 because it's the greatest version that match the range, without any regard for the latest tag, which is both kind of logic but also kind of strange for me.

@pauldijou
Copy link
Author

I will reopen the issue after doing a more in-deep analysis. I truly think to something is wrong with npm update and dist-tags. More infos here.

@npm-robot
Copy link

We're closing this support issue as it has gone three days without activity. The npm CLI team itself does not provide support via this issue tracker, but we are happy when users help each other here. In our experience once a support issue goes dormant it's unlikely to get further activity. If you're still having problems, you may be better served by joining package.community and asking your question there.

For more information about our new issue aging policies and why we've instituted them please see our blog post.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants