1.3.5), whereas the tilde ~ means the dependency will update to the latest patch version releative to 1.2.1 (e.g. The caret ^ means the dependency will automatically update to the latest minor version relative to 1.2.1 (e.g.
Recently, npm changed its default settings to automatically add dependencies like this: But as a community, I think it’s time we started being honest with ourselves about what Semver and auto-updating are actually buying us. I love the npm and Node communities, and I’ve been happily using and publishing modules for the past year or so. We wouldn’t be so worried about a breaking change in underscore 1.7.0 if thousands of projects weren’t primed to auto-update their underscore dependencies.Īs a developer, I divide my time pretty evenly between Java and JavaScript, so I may have unique perspective here. The issue is not semantic versioning, but rather the build systems we’ve created that assume and promote automatic updates based on semantic versioning – i.e. To me, though, most of this discussion is missing the point. Plus, much of the value of Semver comes from everybody collectively agreeing on it, so as with vaccines, dissenters risk being labeled as a danger to the community at large. Semver is so deeply entrenched in the Node community, that it’s hard to question it without making yourself an easy target for ridicule.
Most of the JavaScript community seems to take the side of Semver, with Dominic Tarr even offering a satirical Sentimental Versioning spec. With the recent underscore 1.7.0 brouhaha, there’s been a lot of discussion about the value of semantic versioning.
0 kommentar(er)
