Validation of engine produces invalid results
rH4rtinger opened this issue · 2 comments
You are validating the engine and @types/node
compatibility in the method
Line 64 in c37ddd0
Basic setup
I have set the engine version to ^1.84.0
and the @types/version
is ^1.84.0
.
According to semvar, this means every 1.x
.
In my package-lock.json
the @types/version
is already 1.94.0
(current vscode version)
This validates as correct and I can built via vsce pack
.
Odd behaviour
Now I set the @types/version
to in my package.json
to ^1.94.0
.
Semantically speaking, nothing has changed, because 1.94.0
was already included.
But now I get the error
ERROR @types/vscode ^1.94.0 greater than engines.vscode ^1.84.0. Either upgrade engines.vscode or use an older @types/vscode version.
This makes not much sense to me, as the user can literally bypass the validation on major and minor level when using the ^
at a version and fail the validation, if the version is still the same as the one that you can bypass it.
The error you're seeing from vsce is a safety feature to prevent compatibility issues between your extension and the VS Code API. Here's why the behavior makes sense:
Compatibility Check: The engines.vscode version in your package (^1.84.0) indicates your extension is compatible with VS Code API versions starting from 1.84.0. Your @types/vscode declaration specifies the TypeScript types for the API, and when you set it to ^1.94.0, you're explicitly requiring a minimum VS Code API version of 1.94.0 for your extension.
Safety Mechanism: This version declaration mismatch can lead to your extension attempting to use API features in 1.94.0 that are not available in earlier versions (like 1.84.0), potentially causing runtime errors. vsce prevents this by enforcing that the @types/vscode version does not exceed the engines.vscode version.
Potential Issues: Users with VS Code versions between 1.84.0 and 1.93.x can still download and install your extension due to the engines.vscode range. However, since your extension uses types from 1.94.0, it might attempt to use API features that aren’t available in their versions, leading to errors or unexpected behavior.
I understand your points, but I still see this as a bug.
I can download via npm with @types/version
to ^1.84.0
any upper version, because the normal semvar rules allow me it.
That means:
in my package.json
: "@types/vscode": "^1.84.0",
in my package-lock.json
:
"node_modules/@types/vscode": {
"version": "1.93.0",
"resolved": "https://registry.npmjs.org/@types/vscode/-/vscode-1.93.0.tgz",
"integrity": "sha512-kUK6jAHSR5zY8ps42xuW89NLcBpw1kOabah7yv38J8MyiYuOHxLQBi0e7zeXbQgVefDy/mZZetqEFC+Fl5eIEQ==",
"dev": true,
"license": "MIT"
},
and in my node_modules
is also version 1.93.0
downloaded.
That means, I can use higher API features, because my local dependencies are higher than what you expect.
That means, a user with VS Code version 1.84.0 can download my extension and then might have issues with any higher API features I accidentally implemented