NB: this request is somewhat related to my other feature request at npmjs.com should display latest GA version if current version is a prerelease
As a consumer of npm packages, I only want to install GA releases, that is, non-prereleases, via
npm install, so that I do not accidentally depend on prerelease versions of packages. If an explicit version is given (after the
@ sign following the package name),
npm install would behave as it currently does.
This would require two enhancements.
First, a new field should be added to package.json, called
versionStrategy, that allows a package publisher to indicate the version strategy in use, with enumerated values like
semver (the default?),
dotted-alphanumeric, etc. This way,
npm could determine whether a version string represents a prerelease versus a GA release.
Second, an option should be added to
npm install called
--allow-prereleases, along with its opposite,
--allow-prereleases is the default, in order to preserve backward compatibility (but see note below). In the event that a package has published only prereleases, the explicit or implied version is
--no-allow-prereleases is given,
npm install would fail, indicating that
--allow-prereleases should be provided in order to allow the dependence on the prereleased package.
This request explicitly does not prevent the installation of transitive dependencies that are at a prerelease level, although that would be a nice addition. Perhaps, as part of this feature request, a new
npm option could be added, called
--allow-transitive-releases being the default for backward compatibility.
NOTE: in a future major release of
npm install's behavior could change in a breaking manner by changing the default to