npm/node-semver

[BUG] pre-release versions not matched when using `||`

KotlinIsland opened this issue · 20 comments

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Here are the >=5 stable releases:
image

Here are the >=5.2.0-beta pre-releases:
image

But when put together with an ||, there are no pre-releases:
image

Supprisingly, this works correctly with >=5.1.0-beta:
image

Expected Behavior

I expect the stable 5 and the pre-release 5.2 to be listed.

Steps To Reproduce

  1. In this environment... https://semver.npmjs.com/#syntax-examples
  2. With this config... typescript, >=5 || >=5.2.0-beta
  3. Run '...' 'List Versions' button
  4. See error...

Environment

  • npm: ?
  • Node: ?
  • OS: ?
  • platform: ?

It works now...

image

When you tested it, there was no stable version >=5.2.0-beta. Now there's 5.2.2 (latest) available.

image

First, the website is determining maxVersion:

maxVersion = latest
if (!semver.satisfies(maxVersion, VersionRange)) maxVersion = null

And then uses the following for compiling the list:

(semver.satisfies(version, range) && (!maxVersion || semver.lte(version, maxVersion))

As you can see, if there exist pre-releases at the end of the version history (in your case 5.2.0-beta, 5.2.0-dev...) then "latest" (in your case 5.1.6) will not satisfy the range and the pre-releases are not included. In other words, in your case "latest" stable release was lower than the pre-releases you were looking for. Works as designed.

@mbtools So in my case, I want to support both the stable version of 5, and the current pre-releases of 5. How can I select that?

ljharb commented

@KotlinIsland ^5 || ^5.0.0-0?

^5 || ^5.0.0-0

@ljharb I want the current pre-releases, so 5.3. not the pre-releases for 5.0

ljharb commented

@KotlinIsland then you have to explicitly do ^5 || ^5.3.0-0, and you'll have to add one for each new minor (and removing the old minor would be a breaking change if this is in a peer dep). There's no way to target "the latest minor's prereleases" as a moving window.

Also please don't confuse the testsite with the functions of the semver package. They are not the same (see the additional maxVersion logic above).

Calling satisfied independently gives you the expected result:

const satisfies = require('../../functions/satisfies')

const versions = [
  ['5.0.0'],
  ['5.0.2'],
  ['5.0.3'],
  ['5.0.4'],
  ['5.1.0-beta'],
  ['5.1.0-dev.1'],
  ['5.1.0-dev.2'],
  ['5.1.3'],
  ['5.1.5'],
  ['5.1.6'],
  ['5.2.0-dev.1'],
  ['5.2.0-dev.2'],
]
versions.forEach(([version]) => {
  if (satisfies(version, '^5 || >=5.2.0-beta')) {
    console.log(version)
  }
})

Output:

5.0.0
5.0.2
5.0.3
5.0.4
5.1.3
5.1.5
5.1.6
5.2.0-dev.1
5.2.0-dev.2

Also please don't confuse the testsite with the functions of the semver package. They are not the same

What's the point of it then?

@DetachHead I called it "test site" but it's simply an app based on this package and unrelated to any tests here. So better to ask the owners of the site why they implemented "more"

I see. Where should I raise that? imo this system seems far too convoluted for simple use cases, so for the test site to behave slightly differently to the actual thing is a very big problem because it just amplifies the confusion.

All I want to do is allow any version, including prereleases, within a specified range lol, surprised that isn't possible especially when other implementations of semver support it (eg. python's poetry)

ljharb commented

npm’s does not support it; prereleases aren’t meant to be used in that way.

what's the point of prereleases if they can't be used? most of the time when i try to use a pre-release version of a dependency, i can't because i have another dependency that depends on the same package but doesn't allow prereleases

ljharb commented

To test with them, primarily - not for users to use them directly.

in an ecosystem where the thing you’re testing is a prerelease, basically the only time it’s useful is for prereleases of a major. Non-majors aren’t supposed to break anything so the caution of a prerelease is rarely warranted.

i don't necessarily want to enforce a pre-release version of a dependency onto users, i simply want to test a pre-release version of a dependency in my own project. however one of my other dependencies depends on the release version of that dependency, so it results in a dependency resolution conflict

ljharb commented

Then you’d use overrides for your testing.

IanVS commented

Where should I raise that?

I'm also wondering where the source / issue tracker of the semver calculator is. I noticed today that pre-releases are no longer included at all on the site, and I'm really curious why.

ljharb commented

There isn't one; you'd need to file an npm support ticket.

IanVS commented

Ok thanks, I opened npm/feedback#995.

close this?

erm, that discussion is completely different to this issue...

But it's all good, I've raised one myself npm/feedback#999, please upvote it so that this feature can be fixed.