Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Semver valid range considered out-of-date #80

Open
shellscape opened this issue Sep 10, 2015 · 8 comments
Open

Semver valid range considered out-of-date #80

shellscape opened this issue Sep 10, 2015 · 8 comments

Comments

@shellscape
Copy link

We use a few ranges such like 1.x.x in a few situations very explicitly, though it's not common. When the module in question has a latest version of 1.0.5, david erroneously thinks that this is an out of date dependency.
@alanshaw
Copy link
Owner

Could you post the example module?

@shellscape
Copy link
Author

@alanshaw I could, but you won't have access, since it's part of npmjs.org's new private modules offering. package.json looks like this:

"@private-scope/common.template": "1.x.x"

I get the normal table output from david, claiming that "1.0.5" is the latest.

We do have a tagged version: "1.0.5-cdn1" - could that be causing issues?

@alanshaw
Copy link
Owner

Can you post the output from npm view @private-scope/common.template dist-tags versions time?

@shellscape
Copy link
Author

Sure thing:

dist-tags = { false: '1.0.2', latest: '1.0.5', test: '1.0.5-cdn1' }
versions =  
[ '1.0.2',
  '1.0.3-cdn2',
  '1.0.3-cdn3',
  '1.0.3',
  '1.0.4',
  '1.0.5-cdn1',
  '1.0.5' ]
time =  
{ modified: '2015-09-08T17:51:07.594Z',
  created: '2015-07-31T00:53:56.650Z',
  '1.0.2': '2015-07-31T00:53:56.650Z',
  '1.0.3': '2015-07-31T15:26:33.453Z',
  '1.0.3-cdn2': '2015-08-31T18:28:37.833Z',
  '1.0.3-cdn3': '2015-08-31T19:13:58.452Z',
  '1.0.4': '2015-09-01T13:16:41.216Z',
  '1.0.5': '2015-09-02T13:29:56.493Z',
  '1.0.5-cdn1': '2015-09-08T17:51:07.594Z' }

@alanshaw
Copy link
Owner

Any chance you can give me read access to this module temporarily so I can debug?

Also, are you using david programmatically, or on the command line? Either way, what options are you passing and what's the output?

@shellscape
Copy link
Author

We're using it programmatically with getUpdatedDependencies with no options. Let me ping the folks that the org pays to be overly concerned about security and I'll follow up. Silly, but one of those procedural things that needs doing.

@alanshaw
Copy link
Owner

I could probably mock it out but it would be way less work to just get temporary access - let me know what they say.

@shellscape
Copy link
Author

@alanshaw I got the go-ahead to add you to one of our modules, vendor.backbone. This module is exhibiting the same issue:

david isn't seeing 1.2.x as satisfying 1.2.3. here's the output from the previously requested command:

dist-tags = { false: '1.1.4', latest: '1.2.3', test: '0.9.3-1' }
versions = [ '0.9.3-1', '1.1.4', '1.2.2', '1.2.3' ]
time =  
{ modified: '2015-09-22T21:15:31.919Z',
  created: '2015-07-31T00:59:08.015Z',
  '1.1.4': '2015-07-31T00:59:08.015Z',
  '1.2.2': '2015-07-31T01:16:10.987Z',
  '1.2.3': '2015-07-31T15:26:58.118Z',
  '0.9.3-1': '2015-09-22T21:15:31.919Z' }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shellscape @alanshaw