ScottHamper/Cookies

0.3.1 -> 0.3.2 patch bump should have been a minor actually

Closed this issue · 5 comments

Semver is tricky: moving src/x to dist/x without a symlink is a breaking change.

Why? Because on a (published) package level, the "interface" is actually the files that others "require". You haven't changed your library's interface, but that's not the only interface.

So given you're in "before-1.0.0" mode, this should have been a minor bump, not a patch bump.

Man, I did not think about that, but it makes a lot of sense. Thanks! I've created a 0.4.0 release and removed 0.3.2.

Believe it or not, this fix was bad for me :) as now I have to revert my changes
But hopefully it's for the best, on a larger scale.

Hey Andrei,

Sorry to mess up your code base like that! I want to make sure I don't repeat this sort of situation in the future - was there a smoother way I could have implemented a fix?

Also, would you be willing to talk about your environment a little bit so I can better understand how I caused things to break?

The initial issue seems like mostly a semantic issue, but I could definitely see it breaking projects due to violating an expectation that an end-user or package manager has. What changes did you have to revert after I published 0.4.0?

Scott, consider this timeline

  1. bower install (bower.json has ~0.3.1) + reference bower_components/cookies-js/src/cookies.min.js
  2. you move src to dist, and publish 0.3.2 ->
  3. ~0.3.1 resolves to 0.3.2 and BREAKS (no file in src)

I update my code

  1. bower install (bower.json has ~0.3.2) + reference bower_components/cookies-js/dist/cookies.min.js
  2. you remove 0.3.2 and publish it as 0.4.0
  3. ~0.3.2 resolves to 0.3.1 and BREAKS (no file in dist)

So what should have happened is publish 0.3.3 with the file back in src. If you ignored Windows users, just adding a symlink in src to the new dist location would suffice.

Thanks for the quick feedback!

PS: NPM doesn't allow removing modules anymore for cases like this, but only mark as disabled or smth, and you get a warning. Once you publish, it's done. People's lives depend on it :) You can only fix the situation by issuing a patch.

Ah, gotcha! That all makes sense to me. A 0.3.3 release definitely would have made things go smoother.

Thanks so much for helping me out, and for putting up with the temporary glitches!

Also, thanks for the P.S. about NPM - I had actually totally forgotten that I needed to manually publish new releases to it, and your comment triggered me (so as far as NPM is concerned, there never was a 0.3.2! I guess that's good in the end? Ha...).

Anyways, 0.4.0 is now published to NPM.

I should really set up a couple test environments that rely on NPM and Bower to manage Cookies.js so I have the ability to catch these sorts of issues in the future. I tested installing the library fresh with Bower, but for some reason never did the same for NPM (fail). Even still, I need to be able to make sure updates work as intended, and I haven't been thorough in that regard.