This repository has been archived by the owner. It is now read-only.

Strange "npm view" result #8476

Closed
pauldijou opened this Issue Jun 5, 2015 · 9 comments

Comments

Projects
None yet
4 participants
@pauldijou

Today, around 5PM UDT, I played with npm view both with CLI and programmatic API and I got some strange results... Running npm view npm inside my shell returned (lot of stuff removed):

{ name: 'npm',
  description: 'a package manager for JavaScript',
  'dist-tags': { latest: '2.11.1', next: '2.11.2' },
  versions: 
   [ ...,
     '2.11.0',
     '2.11.1',
     '2.11.2' ],
  maintainers: [...],
  time: 
   { modified: '2015-06-05T00:54:40.257Z',
     created: '2013-07-12T18:32:48.902Z',
     ...,
     '2.11.0': '2015-05-22T06:09:54.035Z',
     '2.11.1': '2015-05-28T21:36:47.566Z',
     '2.11.2': '2015-06-05T00:54:40.257Z' },
  dist: 
   { shasum: '6197c1520e8b9110c34b0b6841175fea551e2ecf',
     tarball: 'http://registry.npmjs.org/npm/-/npm-2.11.1.tgz' } }

And running the following code to display the last NPM version:

var npm = require('npm');
npm.load({}, function () {
  npm.commands.view(['npm'], false, function (err, infos) {
    if (err) { console.log(err); }
    else { console.log(infos); }
  });
});

Output the same stuff as before assigned to a 2.11.1 key.

{ "2.11.1": {... same stuff as before...}}

So, here is the question. Maybe I got it wrong, but why is 2.11.1 considered the last version (both in npm.commands.view and in the dist-tags object) even if a 2.11.2 has been created (both in versions array and time object)?

Checking NPM website confirm the 2.11.1 as the last version. But I can actually install 2.11.2 by running npm install npm@2.11.2.

Is that linked to the fact that it's a pre-release on GitHub? Or because it was published with a tag different than latest?

Why is it bothering me? Because I'm trying to figure the best version of a package to install but I got a conflict: if I have npm: ^2.11.0 inside my package.json, checking the best version according to SEMVER inside the versions array will return me 2.11.2 but this version is supposed to be greater than the last version 2.11.1 so it's kind of not really valid. And so my head just exploded...

Thanks a lot for any help!

@KenanY

This comment has been minimized.

Show comment
Hide comment
@KenanY

KenanY Jun 5, 2015

Member

@pauldijou This is part of npm's release process. Currently, 2.11.1 is tagged as latest, while 2.11.2 is tagged as next. Every week, next is "promoted" to latest while a new release becomes next.

Member

KenanY commented Jun 5, 2015

@pauldijou This is part of npm's release process. Currently, 2.11.1 is tagged as latest, while 2.11.2 is tagged as next. Every week, next is "promoted" to latest while a new release becomes next.

@pauldijou

This comment has been minimized.

Show comment
Hide comment
@pauldijou

pauldijou Jun 5, 2015

Got it! Thanks for the answer @KenanY

Got it! Thanks for the answer @KenanY

@pauldijou pauldijou closed this Jun 5, 2015

@pauldijou

This comment has been minimized.

Show comment
Hide comment
@pauldijou

pauldijou Jun 5, 2015

Hey @KenanY, sorry, quick bonus question, if I run npm outdated, I have the following output:

Package  Current  Wanted  Latest  Location
npm       2.11.0  2.11.2  2.11.1

Do you think it's normal to have a wanted version pointing to a non-released version? It doesn't contradict the documentation, but I can't help myself finding it strange for NPM to recommend updating to a version after the latest one...

Hey @KenanY, sorry, quick bonus question, if I run npm outdated, I have the following output:

Package  Current  Wanted  Latest  Location
npm       2.11.0  2.11.2  2.11.1

Do you think it's normal to have a wanted version pointing to a non-released version? It doesn't contradict the documentation, but I can't help myself finding it strange for NPM to recommend updating to a version after the latest one...

@KenanY

This comment has been minimized.

Show comment
Hide comment
@KenanY

KenanY Jun 5, 2015

Member

@pauldijou I guess it does look a bit odd. 2.11.2 is a released version, mind you, it's just in a sort of public-beta-testing state for the next week. As far as npm outdated knows, it is just like any other version. I'm not sure if it is worth hard-coding this case into npm outdated.

Member

KenanY commented Jun 5, 2015

@pauldijou I guess it does look a bit odd. 2.11.2 is a released version, mind you, it's just in a sort of public-beta-testing state for the next week. As far as npm outdated knows, it is just like any other version. I'm not sure if it is worth hard-coding this case into npm outdated.

@pauldijou

This comment has been minimized.

Show comment
Hide comment
@pauldijou

pauldijou Jun 5, 2015

Agreed @KenanY, but if I run npm update, it updates the npm package to the wanted version, aka 2.11.2. I wouldn't expect this command to update beyond the latest dist-tag but the current behaviour is to update to a "public-beta-testing" version as you said. It's kind of ok for the npm package since I think it's pretty stable, but for any other package that would use custom dist-tags for snapshots or beta versions, it might produce strange results IMHO.

Agreed @KenanY, but if I run npm update, it updates the npm package to the wanted version, aka 2.11.2. I wouldn't expect this command to update beyond the latest dist-tag but the current behaviour is to update to a "public-beta-testing" version as you said. It's kind of ok for the npm package since I think it's pretty stable, but for any other package that would use custom dist-tags for snapshots or beta versions, it might produce strange results IMHO.

@KenanY

This comment has been minimized.

Show comment
Hide comment
@KenanY

KenanY Jun 5, 2015

Member

@pauldijou Oh, from here I was under the impression that npm upgrade would give you 2.11.1.

Member

KenanY commented Jun 5, 2015

@pauldijou Oh, from here I was under the impression that npm upgrade would give you 2.11.1.

@pauldijou

This comment has been minimized.

Show comment
Hide comment
@pauldijou

pauldijou Jun 5, 2015

@KenanY I'm not talking about globally installed packages, here npm is locally installed because I need it for programmatic access. I'm more in this use-case. But the doc only have a latest tag inside dist-tags so it doesn't reflect the current situation. To summarize my concern, if you have a package with the following definition:

{
  "name": "whatever",
  "dist-tags": {
    "latest": "1.0.1",
    "beta": "1.0.2"
  },
  "versions": [
    "1.0.0",
    "1.0.1",
    "1.0.2"
  ]
}

And you have "whatever": "^1.0.0" inside your package.json and the 1.0.0 version locally installed, what should npm update install? I would expect 1.0.1 as it is the greatest version that match my range and stay lower or equal to the official latest release. But it looks like it will actually install 1.0.2 because it's the greatest version that match the range, without any regard for the latest tag, which is both kind of logic but also kind of strange for me.

@KenanY I'm not talking about globally installed packages, here npm is locally installed because I need it for programmatic access. I'm more in this use-case. But the doc only have a latest tag inside dist-tags so it doesn't reflect the current situation. To summarize my concern, if you have a package with the following definition:

{
  "name": "whatever",
  "dist-tags": {
    "latest": "1.0.1",
    "beta": "1.0.2"
  },
  "versions": [
    "1.0.0",
    "1.0.1",
    "1.0.2"
  ]
}

And you have "whatever": "^1.0.0" inside your package.json and the 1.0.0 version locally installed, what should npm update install? I would expect 1.0.1 as it is the greatest version that match my range and stay lower or equal to the official latest release. But it looks like it will actually install 1.0.2 because it's the greatest version that match the range, without any regard for the latest tag, which is both kind of logic but also kind of strange for me.

@pauldijou

This comment has been minimized.

Show comment
Hide comment
@pauldijou

pauldijou Jun 8, 2015

I will reopen the issue after doing a more in-deep analysis. I truly think to something is wrong with npm update and dist-tags. More infos here.

I will reopen the issue after doing a more in-deep analysis. I truly think to something is wrong with npm update and dist-tags. More infos here.

@npm-robot

This comment has been minimized.

Show comment
Hide comment
@npm-robot

npm-robot Jun 17, 2017

We're closing this support issue as it has gone three days without activity. The npm CLI team itself does not provide support via this issue tracker, but we are happy when users help each other here. In our experience once a support issue goes dormant it's unlikely to get further activity. If you're still having problems, you may be better served by joining package.community and asking your question there.

For more information about our new issue aging policies and why we've instituted them please see our blog post.

We're closing this support issue as it has gone three days without activity. The npm CLI team itself does not provide support via this issue tracker, but we are happy when users help each other here. In our experience once a support issue goes dormant it's unlikely to get further activity. If you're still having problems, you may be better served by joining package.community and asking your question there.

For more information about our new issue aging policies and why we've instituted them please see our blog post.

@npm-robot npm-robot closed this Jun 17, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.