npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm version cannot set version with numeric commit hash

What I Wanted to Do

My build script updates version each times when it runs. It do it with this command: npm --no-git-tag-version version $(node bump.js)

bump.js always returns version string like this " 0.7.3-build.123-commit.296f382c"

What Happened Instead

All ok if git commit hash includes letters. But this command fails if git commit hash contains only numbers.

Reproduction Steps

$ npm --no-git-tag-version version "0.7.4-build.38-commit.06678370"

npm ERR! npm version [<newversion> | major | minor | patch | premajor | preminor | prepatch | prerelease [--preid=<prerelease-id>] | from-git]
npm ERR! (run in package dir)
npm ERR! 'npm -v' or 'npm --version' to print npm version (6.4.1)
npm ERR! 'npm view <pkg> version' to view a package's published version
npm ERR! 'npm ls' to inspect current package/dependency versions

But if change last zero to “a” it will work.

$ npm --no-git-tag-version version "0.7.4-build.38-commit.0667837a"



This problem reproduced with npm 5.8.0 and npm 6.4.1

Platform Info

$ npm --versions
{ myPetProject: '0.7.4-build.38-commit.0667837a',
  npm: '6.4.1',
  ares: '1.14.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.33.0',
  node: '10.11.0',
  openssl: '1.1.0i',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.0',
  v8: '',
  zlib: '1.2.11' }

$ node -p process.platform

That’s because 0.7.4-build.38-commit.06678370 isn’t a valid SemVer version. The part after the first hyphen is considered a pre-release version (emphasis mine):

A pre-release version MAY be denoted by appending a hyphen and a series of dot separated identifiers immediately following the patch version. Identifiers MUST comprise only ASCII alphanumerics and hyphen [0-9A-Za-z-]. Identifiers MUST NOT be empty. Numeric identifiers MUST NOT include leading zeroes. […]

Because replacing the zero with an a makes it a non-numeric identifier, that does work.

It would be preferable to instead use build metadata, which doesn’t have any limitations on identifiers other than generally allowed characters, and it also isn’t considered when determining version precedence. Example: 0.7.4+build.38-commit.06678370. However, npm simply strips that part from the version, so that may not work for your use case.

Thank you. Solution with plus is not suitable for my case. But I will be check commit version for leading zeroes.

Moving this to #support. The semver spec is tremendously stable, and you’d want to make your case to the spec authors and on to get it changed. npm itself can’t (and, tbh, won’t) change it.

Looking back, 0.7.4-build-38.commit-06678370 works and is more correct. The pre-release version consists of dot separated identifiers, so they would be build-38 and commit-06678370. Instead, in the previous syntax the identifiers are build, 38-commit and 06678370.