I am getting problems like this when validating that the right version of a dependency is installed:
package with name csvtojson is not satisfied. Installed version: 0.4.5 desired version: github:Keyang/node-csvtojson#16ba2237e0bd96d6e3773e4c4d6e36c70efa620e
I am trying to use the semver package to validate a desired dependency version:
const semver = require('semver');
const satisfies = semver.satisfies(installedVersion, desiredVersion);
in package.json, we might see this:
"csvtojson": "^1.12.0"
or
"csvtojson":"github:Keyang/node-csvtojson#16ba2237e0bd96d6e3773e4c4d6e36c70efa620e"
what I want to do is determine if an installed dependency meets the version range of the desired dependency.
If the desired version is not semverish, I am willing to skip it, but I don't have a good test for that, anyone have a good idea how to skip desired versions that don't appear to be semverish?
Maybe use a regex like this:
/.*[0-9]{1,5}\.[0-9]{1,5}\.[0-9]{1,5}/
?
This RegExp here is validating all scenarios:
^(\d|[1-9]\d*)\.(\d|[1-9]\d*)\.(\d|[1-9]\d*)(-(0|[1-9A-Za-z-][0-9A-Za-z-]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*)(\.(0|[1-9A-Za-z-][0-9A-Za-z-]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*))*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$
Source: https://brunorb.com/untangling-semver/
Related
I did Google about this but no luck.
Basically, I need a particular version of a NPM package (A) to be installed if the local Node.js version is X, if not then install version B of that NPM package. This needs to be a part of build process, so its all dynamic.
If there was a way to have this config in package.json, then it would have been a straightforward solution for me.
How do I achieve this?
You can achieve this by using Yarn as your dependency management tool in combination with the Selective Versions Resolutions feature.
More specifically in your case you'd use it as described in the "Mapping version specifications" format, based on that your package.json you would include something like the following, assuming that version X=1.0.3 and version B=2.0.0 in the following example:
"devDependencies": {
"a": "1.0.3"
},
"resolutions": {
"a#==1.0.3": "a#2.0.0"
}
I am working on a nodejs project with typescript 2.2 that is using node 6.3.1 and I want to migrate from using typings to using #types. By doing so I ran into a set of questions related to whether there is a relationship between the version of the #types file and the corresponding npm package.
If I use jasmine as an example, the existing versions of the types definitions are
npm show #types/jasmine#* version
#types/jasmine#1.3.0 '1.3.0'
#types/jasmine#1.3.1 '1.3.1'
#types/jasmine#1.3.2 '1.3.2'
#types/jasmine#2.2.29 '2.2.29'
#types/jasmine#2.2.30 '2.2.30'
#types/jasmine#2.2.31 '2.2.31'
#types/jasmine#2.2.32 '2.2.32'
#types/jasmine#2.2.33 '2.2.33'
#types/jasmine#2.2.34 '2.2.34'
#types/jasmine#2.5.35 '2.5.35'
#types/jasmine#2.5.36 '2.5.36'
#types/jasmine#2.5.37 '2.5.37'
#types/jasmine#2.5.38 '2.5.38'
#types/jasmine#2.5.39 '2.5.39'
#types/jasmine#2.5.40 '2.5.40'
#types/jasmine#2.5.41 '2.5.41'
#types/jasmine#2.5.42 '2.5.42'
#types/jasmine#2.5.43 '2.5.43'
#types/jasmine#2.5.44 '2.5.44'
#types/jasmine#2.5.45 '2.5.45'
#types/jasmine#2.5.46 '2.5.46'
But if I examine the versions of the jasmine packages I have;
npm show jasmine#* version
jasmine#2.0.1 '2.0.1'
jasmine#2.1.0 '2.1.0'
jasmine#2.1.1 '2.1.1'
jasmine#2.2.0 '2.2.0'
jasmine#2.2.1 '2.2.1'
jasmine#2.3.0 '2.3.0'
jasmine#2.3.1 '2.3.1'
jasmine#2.3.2 '2.3.2'
jasmine#2.4.0 '2.4.0'
jasmine#2.4.1 '2.4.1'
jasmine#2.5.0 '2.5.0'
jasmine#2.5.1 '2.5.1'
jasmine#2.5.2 '2.5.2'
jasmine#2.5.3 '2.5.3'
Let’s say I am using version 2.4.0 of jasmine, which version of #types/jasmine should I pick? Because even if I use the latest of both, 2.5.46 does not match with 2.5.3.
Another example would be node itself, there are basically 6.0 or 7.0 versions in #types, and typings has only the ones shown below, being 6.0 reported as obsolete. So, what version of node are those typings actually tied to?
typings view dt~node --versions
TAG VERSION DESCRIPTION COMPILER LOCATION
UPDATED
7.0.0+20170322231424 7.0.0 github:DefinitelyTyped/DefinitelyTyped/node/index.d.ts#a4a912a0cd1849fa7df0e5d909c8625fba04e49d 2017-03-22T23:14:24.000Z
6.0.0+20161121110008 6.0.0 github:DefinitelyTyped/DefinitelyTyped/node/node.d.ts#fb7fbd28b477f5e239467e69397ed020d92817e7 2016-11-21T11:00:08.000Z
Thanks
The major and minor versions of the DefinitelyTyped packages are supposed to correspond to the major and minor versions of the package they are types for. The patch version increments whenever the .d.ts file changes for other reasons. Because the minor version shouldn't represent breaking changes, in theory, you can use the highest 2.x.y definition file available for a 2.a.b.c library.
But now the caveats begin.
The header in the definition file may not have changed at the right time
Library authors do not necessarily follow semver*
The definition file may not be 100% correct at any given point, in either direction (i.e. listing a 2.6 feature under a 2.5 version, or failing to list a 2.4 in function in the 2.5 file)
* In fact, no one does
A detailed explanation can be found in official docs FAQ: How do Definitely Typed package versions relate to versions of the corresponding library?
The npm package for NW.js (package name "nw") has versions like this:
0.16.0-beta2sdk, 0.16.0-beta1sdk, 0.15.4, 0.15.4-sdk, 0.15.3, 0.15.3-sdk, 0.15.2, 0.15.2-sdk,...
I am currently using nw as a dependency in my package.json manifest, and I was wondering what version I need to specify to get "the latest version that ends with -sdk".
I have tried things like '*-sdk' and '0.x-sdk' but that didn't quite work as intended. I had a look at the syntax for semantic versioning but couldn't immediately find something for tags like this.
Anyone know if this can be done via semantic versioning syntax?
Thanks
You can add "latest" as the value in the packages.json file with the key being any package that you want to install like:
{
"package_name": "latest"
}
I have dependencies in package.json like so:
<packageName1>: ^0.1.0,
<packageName2>: <url>,
<packageName3>: 5.1.0
Is there any way to check that "^0.1.0" and "5.1.0" are correct, but "< url >" is incorrect semver?
I used semver npm package but haven't seen any functionality to do so.
When referencing package by its url, you cannot specify any version; even if you do so, npm will ignore this.
Of course, you can do this manually: it's easy to read your package.json, parse out the semver constraint, get the version of your dependency (by reading its package.json) and finally using node-semver lib (or similar) to ensure, that the installed version is within range specified.
I used semver.validRange method instead of semver.valid
Im trying to figure out how npm versioning works because im getting stuck on two invalid packages. Ref my other question. The module i need, serialport, get these packages invalid, "readable-stream" and "string_decoder". Serialport have downloaded this version:
readable-stream#1.0.27-1
Serialports dependency is
"readable-stream": "~1.0.2"
Readable-streams available versions are:
....
'1.0.26',
'1.0.27-1',
'1.0.31',
....
Which explains why 1.0.27-1 is picked. Because of the tilde and ~1.0.2, meaning that these three numbers have to exist in each version. Ref Jakob Mattsson´s simple article
readable-stream downloads
string_decoder#0.10.25-1
readable-stream again depends on
"string_decoder": "~0.10.x"
And string_decoders available versions are
....
'0.10.24',
'0.10.25-1',
'0.10.25',
'0.10.31',
'0.11.10-1'
....
How come that version is downloaded? Ref the article again, tilde means that it has to has 0.10 in the version number, and x is whatever exists?
Why is not string_decoder#0.10.31 chosen?
I believe my problem in question is related to prereleases that this extra dash is called. Im trying to gather facts to maybe seem if dependencies can get updated.
I recieved an answere on github, issue answer, thought i would share it with the rest who might wonder:
semver range checking is done semantically, not lexically, so 1.0.31 should match with npm#2:
% semver -r '~1.0.2' 1.0.26 1.0.27-1 1.0.31 1.0.26 1.0.31 I suspect that the behavior you're seeing is due to a bundledDependency included in the package tarball.
See Node app fails to run because of prerelease for a more detailed answer too why this happens.