-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: obey user specific dist-tag #607
base: main
Are you sure you want to change the base?
Conversation
Personally speaking, saving a special dist-tag to package.json doesn't seem a good idea to me. |
Normally, installing a pkg simply using But what if I want a latest tag in my package.json? For now, the only way is to manually change the This RFC is to meet the requirement above. If I want a |
It’s very true that saving any tag - not just latest - will open the user up to silent breaking changes, which is why saving anything but a semver range to package.json is a bad practice. What is your use case where you need to depend on the tag, but can’t depend on a semver range based on what it resolves to? |
Automated prereleases for PRs is my use case. We have a tool which publishes on PRs with a generated prerelease and a dist-tag to track it. So you can say "I want to depend on the work happening in this pr, even it if is changed". Today you need to manually edit the Additionally, I think there is very little difference between |
And to be clear, I do not think it is a best practice to do |
@ljharb We know */latest is bad practice, but in same case, we trust the tag, like |
Why do you trust the tag? There's the same lack of guarantee as |
Because the tag is generate by myself or platform i trust. |
In the pre-release scenario,semver may not works well. If I have two dev branch, foo and bar, I'll release two version, 1.0.0-foo.alpha.0 and 1.0.0-bar.alpha.0. If ^1.0.0-foo.alpha.0 save to the package.json, 1.0.0-bar.alpha.0 will install. So in this case should save dust-tag to package.json. It's just for the test case, at last should release the latest version and modify the package.json. |
Having multiple release channels on the same major, let alone minor and patch, seems like an untenable use of semver to me. |
The |
I'm not sure what you mean. If you have a bugfix, it's a patch; if it's a new feature, it's a minor; and if you don't want people to get those freely, then bump the major so they don't. |
Let me try to get this straight. There are several popular npm packages that are not obey SEMVER rules, such as TypeScript (read more), Runing This RFC provides a best practice, if these prerequisites below are met, (take TypeScript for example):
The best practice of using TypeScript should be FYI @ljharb @wesleytodd |
No, the best practice for TS (and react) is to use ~, not ^. |
I'm with @gemwuu.
From my point of view, as (1) and (2) are given, it would be just consequent to do as this RFC suggests. |
"x supports y" is never a defense or endorsement for using y. |
I had muesli for breakfast today. |
? my comment was a direct response to your point 2 in your comment. Why the nonsequitur? |
The comment is not concrete, it does not contribute to the further development of the discussion |
@SchulteMarkus it's quite concrete. You said
as an implication that because npm supports it, one should draw a conclusion from it. My reply was that npm's support for it is irrelevant to what one should do or should not do. |
Good software has few surprises - and I agree with @gemwuu that the current behaviour is surprising. To support major updates via ‘*’ on the one hand, and to exclude ‘latest’ on the other (because it would also bring major updates with it) is consequently wrong. |
When running
npm install pkg@latest-1
, npm should provide a way to savelatest-1
intopackage.json
.References