Info: NPM > 6.5.0
Closed this issue · 3 comments
Should you update the dependencies, things break if you update NPM > 6.5.0. As you have no tests, if you have a package.json
like this
{
"name": "tests",
"version": "1.0.0",
"dependencies": {
"json3": "^3.1.0"
},
"devDependencies": {
"safe-to-string-x": "1.5.0"
},
"peerDependencies": {
"jquery-ui": "*",
"safe-to-string-x": "^1 || ^2"
}
}
where safe-to-string-x
is in dev
and peer
, it fails with a semver
error from npm/lib/view
We have a dep on npm 5; so v6.5.0 shouldn’t be relevant.
Are you specifically saying that having a dep in both dev and peer crashes salita?
No, not currently a problem, but should the dependencies be updated I just wanted to make you aware that things work up to that version.
Salita
itself does not crash, so to speak, but the peer dependency for safe-to-string-x
would be shown as Package not found:
. When looking closer at npm/lib/view
, semver
throws an error internally to view
saying something like 0 is not a valid version number
. This results in Package not found:
message in Salita
.
If safe-to-string-x
was not duplicated in dev
and peer
, then all appears fine. So it would be easy to miss the problem, should you update to anything > 6.5.0
After 6.5.0 there was a major refactor in code, I don't see anything about API changes, it could be indicative of a bug in npm/lib/view
I just thought I'd share some info about something I tried.
There's no reason for salita's npm dep to ever be updated, as far as I know - it can stay on v5 forever.
Thanks for the heads up.