Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yarn installs bad package version if dash in version number #1304

Closed
Kirill89 opened this issue Oct 20, 2016 · 5 comments
Closed

Yarn installs bad package version if dash in version number #1304

Kirill89 opened this issue Oct 20, 2016 · 5 comments

Comments

@Kirill89
Copy link

If package.json looks like this:

"dependencies": {
    "bootstrap-multiselect": "^0.9.13-1"
  }

yarn installs bootstrap-multiselect of version 0.9.13 instead of 0.9.13-1.

But if i try to remove ^ from version, yarn works fine.

With npm 3.10.8 both cases works fine.
On mac os x 10.11.6, node v6.8.0.

@jiripospisil
Copy link

jiripospisil commented Oct 20, 2016

The difference in behavior is probably something to look into but keep in mind that 0.9.13 satisfies ^0.9.13-1 as well so it's not that yarn installs an incorrect package but rather a different one.

@jsynowiec
Copy link
Contributor

jsynowiec commented Oct 20, 2016

Pre-release versions have a lower precedence than the associated normal version [1]. Considering semver spec, I would say that Yarn is right and NPM wrong(?) if it installs the pre-release version.

node-semver (the one used by npm) is even a bit more restrictive [2]: both, a greater pre-release 0.9.13-2 and a release 0.9.13 satisfies ^0.9.13-1 range but a pre-release of a next release (e.g. 0.9.14-1) don't.

@puzrin
Copy link

puzrin commented Oct 20, 2016

We don't mean yarn/npm are good or bad. We just try to replace npm with yarn and report problems been found.

PS. Also package author was asked to use pure semver without dashes in patch numbers.

@jsynowiec
Copy link
Contributor

I think it's related to npm/npm#13248 and tagging pre-release versions as latest in the registry when publishing. NPM is installing the latest version specified in the registry and not the latest semver (stable) version. If you run npm outdated then it's properly reported as outdated:

$ npm outdated                                                                                                                                                         
Package                 Current  Wanted    Latest  Location                                                                                                            
bootstrap-multiselect  0.9.13-1  0.9.13  0.9.13-1  semver-test  

and when you npm upgrade the package, it gets upgraded to 0.9.13

$ npm upgrade                                                                                                                                                          
[email protected] /Users/jakub/Projekty/tests                                                                                                                          
└── [email protected]  

@gsklee
Copy link
Contributor

gsklee commented Jun 21, 2017

@Kirill89 This is exactly how node-semver works. If you believe that it should work in another way, you should raise this issue there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants