问题
Im trying to figure out how npm versioning works because im getting stuck on two invalid packages. Ref my other question. The module i need, serialport, get these packages invalid, "readable-stream" and "string_decoder". Serialport have downloaded this version:
readable-stream@1.0.27-1
Serialports dependency is
"readable-stream": "~1.0.2"
Readable-streams available versions are:
....
'1.0.26',
'1.0.27-1',
'1.0.31',
....
Which explains why 1.0.27-1 is picked. Because of the tilde and ~1.0.2, meaning that these three numbers have to exist in each version. Ref Jakob Mattsson´s simple article
readable-stream downloads
string_decoder@0.10.25-1
readable-stream again depends on
"string_decoder": "~0.10.x"
And string_decoders available versions are
....
'0.10.24',
'0.10.25-1',
'0.10.25',
'0.10.31',
'0.11.10-1'
....
How come that version is downloaded? Ref the article again, tilde means that it has to has 0.10 in the version number, and x is whatever exists?
Why is not string_decoder@0.10.31 chosen?
I believe my problem in question is related to prereleases that this extra dash is called. Im trying to gather facts to maybe seem if dependencies can get updated.
回答1:
I recieved an answere on github, issue answer, thought i would share it with the rest who might wonder:
semver range checking is done semantically, not lexically, so 1.0.31 should match with npm@2:
% semver -r '~1.0.2' 1.0.26 1.0.27-1 1.0.31 1.0.26 1.0.31 I suspect that the behavior you're seeing is due to a bundledDependency included in the package tarball.
See Node app fails to run because of prerelease for a more detailed answer too why this happens.
来源:https://stackoverflow.com/questions/27628153/npm-versioning-how-does-this-edge-case-work