Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shrinkwrap dependencies and remove carrots from package.json #654

Closed
garretto opened this Issue Oct 10, 2016 · 2 comments

Comments

2 participants
@garretto
Copy link

garretto commented Oct 10, 2016

Today eslint-plugin-react was updated and had bug - yannickcr/eslint-plugin-react@d0dfc07

This caused all of our builds to start failing since we npm install for every new build.

To fix this, I propose this package remove all carrots from dependency versions, e.g.
"eslint-plugin-react": "6.0.0", instead of "eslint-plugin-react": "^6.0.0", and include a shrinkwrap file - https://docs.npmjs.com/cli/shrinkwrap

We are now shrinkwrapping our dev dependencies at my company to prevent this issue in the future. But I think it'd be a good idea within this dependency as well for others.

@feross

This comment has been minimized.

Copy link
Member

feross commented Oct 10, 2016

Sorry your builds got broken. I do think that on the whole, having loose dependencies has been good for standard. We feel the pain acutely when semver is violated, but we don't appreciate all the times that bugs get fixed for free.

I think one improvement to the situation is to switch to ~ instead of ^. This is slightly more conservative, and would have prevented the breakage you experienced today. We use ~ already for ESLint since minor versions are more likely to introduce incompatibilities than patch versions.

feross added a commit that referenced this issue Oct 10, 2016

Dependencies: Use ~ instead of ^.
Fixes: #654

I think one improvement to the situation is to switch to ~ instead of
^. This is slightly more conservative, and would have prevented the
breakage described in the above issue. We use ~ already for ESLint
since minor versions are more likely to introduce incompatibilities
than patch versions.
@garretto

This comment has been minimized.

Copy link
Author

garretto commented Oct 10, 2016

👍 thanks for the quick response

@feross feross closed this in #655 Oct 10, 2016

@lock lock bot locked as resolved and limited conversation to collaborators May 10, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.