shelljs Breaks SemVer for Alpha and Pre-Release Versions #390
Comments
|
@shane-walker thanks for reporting this! @ariporad and I will investigate this and see if we can fix this today. I'm seeing different output than you're seeing: Does this issue still persist for you? |
|
@nfischer It probably has something to do with them patching the CDN configuration earlier today. npm/npm#11836 (comment) We run an NPM proxy that probably has the broken 'version' cached, which would account for the error continuing for me. I'll see if we can clear out the cache but, hopefully, if we can get those versions unpublished it shouldn't happen anymore. At least not for shelljs. |
|
@shane-walker Thanks for the reply. Just to clarify, the versions that should be unpublished (because they don't match the correct semver pattern) are:
Is that correct? |
|
@nfischer yeah, those seem to be the problem children. While correct within SemVer standard, npm doesn't like them when doing strict comparisons. |
|
@shane-walker: I'm seeing the same as @nfischer: $ npm view shelljs versions
[ '0.0.1-alpha1',
'0.0.1',
'0.0.2-pre1',
'0.0.2',
'0.0.3',
'0.0.4-pre1',
'0.0.4',
'0.0.5-pre1',
'0.0.5-pre2',
'0.0.5-pre3',
'0.0.5-pre4',
'0.0.5',
'0.0.6-pre1',
'0.0.6-pre2',
'0.0.6',
'0.0.7',
'0.0.8',
'0.0.9',
'0.1.0',
'0.1.1',
'0.1.2',
'0.1.3',
'0.1.4',
'0.2.0',
'0.2.1',
'0.2.2',
'0.2.3',
'0.2.4',
'0.2.5',
'0.2.6',
'0.3.0',
'0.4.0',
'0.5.0',
'0.5.1',
'0.5.2',
'0.5.3',
'0.6.0' ] |
|
Same on http://semver.npmjs.com/. |
|
@ariporad I think it's safe to remove these, since it looks like these versions shouldn't be in use by people anyway (they're all alphas and pre releases). Normally, I would say we should deprecate, but since the existence of these might break other important packages, we should resolve this sooner rather than later. I think the packages still exist, but npm servers aren't displaying them in the list. |
|
@nfischer: Done. |
|
Ok everyone, this should be resolved now, so I'm going to close this issue. ShellJS just switched maintainers, and we'll defiantly be semver compliant going forward. Please re-open if it's still problematic. |
|
@ariporad thanks again for your prompt response and help with this! We really appreciate it. |
|
No problem! Thanks! Ari — |
|
Hey, I'm still experiencing problems with this issue. Is there something I can do on my end to prevent it from happening? |
|
@JonDuffy Could you please provide the output of |
|
sure: thanks for the quick response npm view shelljs versions |
|
@JonDuffy Could you also please provide the output of |
|
Not sure I can send that, but we do have a private NPM repo (this is the only registry shown in the output) |
|
If there's a way you can change your registry, that should resolve the issue. I can reproduce this error when I use |
|
Fixed this by removing shelljs from the private npm repo, forcing a download which does not contain the invalid versions |
npm published a change to their CDN configuration earlier today that exposed another issue with SemVer publishing via npm. As such, it would seem that shelljs is breaking some of the internet because of the alpha and pre-release versions that were published to NPM.
Would it be possible to get some of those versions unpublished and prevent future releases from breaking SemVer?
The text was updated successfully, but these errors were encountered: