npmjs.com should display latest GA version if current version is a prerelease

(Matthew Adams) #1

Hi all,

NB: Forum software won’t let me add more than 5 links, so I’m writing “npmjs dot com”. Also, this request is related to my other one at `npm install somePackage@latest` should be able to be told to only install GA releases.

As a consumer of packages on npmjs dot com, I’d like for npmjs dot com to display the latest GA version, if it exists, in the event that the absolute latest version indicates that it’s a prerelease, so that I know which version I should be using if I don’t want to depend on a prerelease.

Currently, npmjs.com only shows the absolute latest version, regardless of whether it’s a prerelease version or not.

This might require an enhancement to package.json to provide for a versionStrategy entry with some enumerated values like semver, maven, dotted-numeric, dotted-alphanumeric, etc, so that npmjs dot com can correctly interpret & display the version number(s).

For an example of how this might be displayed, see https://spring.io/projects/spring-framework#learn

0 Likes

(Matthew Adams) #2

I should probably add that versionStrategy ought to probably have a default value of semver.

0 Likes

(John Gee) #3

Did you realise that latest is a tag, and does not refer to time or a semver?

I think the web site may already be behaving pretty much as you suggest? Currently npm shows 6.9.0: https://www.npmjs.com/package/npm

but if you look at the releases tab you can see that the most recent release is 6.9.1-next.0

0 Likes

(Matthew Adams) #4

@shadowspawn Is that because npm's release process is using npm dist-tag somewhere along the line? If you look at one of our packages, like https://www.npmjs.com/package/@scispike/nodejs-support, the latest release is a prerelease, but we don’t use dist-tag yet. In fact, I had to search to discover the dist-tag command at all – I wasn’t even aware of it.

I still feel like the website should show both the latest GA release, as well as the next prerelease, without the developer having to do anything.

0 Likes

(John Gee) #5

This is separate from your idea, but will hopefully be helpful for avoiding latest being a prerelease version. Thanks for the example package. I have been wondering how to safely do prerelease versions myself so this was an interesting read.

See: https://docs.npmjs.com/cli/publish.html

npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>] [--otp otpcode] [--dry-run]
  • [--tag <tag>] Registers the published package with the given tag, such that npm install @ will install this version. By default, npm publish updates and npm install installs the latest tag. See npm-dist-tag for details about tags.

So I think the intended approach is to specify an appropriate tag when publishing a prerelease version.

There are some comments about possible tag names on the dist-tag page here: https://docs.npmjs.com/cli/dist-tag#purpose

And as an example using next tag like npm does, from a prerelease build folder:

npm publish --tag next .

(This does all make me wonder if npm should require extra steps to publish a prerelease version as latest, but that is a separate idea!)

0 Likes

How to properly release pre-release version so that it does not get installed unless explicitly mentioned