Publishing 15.0.3 under a separate dist-tag #6738
Comments
|
I could always recommend poking the other dependencies and have them change to |
Alas, this doesn’t help in this case. |
|
@gaearon Oh wow, my bad, you're right... sigh... |
|
npm's recommendation is to use dist-tags instead of prerelease versions but frankly I think that doesn't help a lot because sometimes you want to publish an unstable version like 15.0.3-alpha.1 that won't be supported, yet want to see how it works in the wild. The next best alternative is to publish a non-prerelease version like 15.0.3, untag it as "latest", and then unpublish / deprecate 15.0.3 if it ends up being buggy. So anyway that's the situation we're in until npm changes their peerDep validation (seems unlikely) or a new npm client comes along and supports this desired behavior. |
@ide That screws over anyone depending on
From my understanding of this (which isn't perfect), I just don't see a viable solution other than npm going back and getting things right. There are ways around it but they also violate semver and may silently ignore unintended version conflicts, which goes against the entire point of having semver in teh first place. It seems obvious to me (at least) that npm should allow me to "force install" a specific module version at my own peril and force all dependencies to just accept it. But perhaps I'm missing something. |
|
Why does it screw over anyone using ^15.0.0? The dist-tag makes it opt in -- the only way you'd get 15.0.3 is by explicitly asking for that specific version. |
Perhaps I just don't understand this well enough... you're saying depending on |
|
I knew this would be a problem… 15.0.3-alpha.2 was at next but then 15.1.0-alpha.1 superseded that. Could make it Do dist-tags really help? You need all deps to use them too right? And then we can't break the semantics (Eg publish a "next-rn" and then move it to point to a new major version when that time comes) |
If all modules include that tag in the version string then they will all by definition also announce support for the latest version (or w/e) of React, even if the module hasn't been maintained since forever and obviously doesn't. That seems equally problematic, but in a different way? |
Perhaps not equally but definitely still a problem. We could probably do it with some guarantees and do something like It's still an all or nothing game though. |
@syranide Exactly, that's what removing the "latest" dist-tag achieves.
Dist-tags are separate from version strings. They're metadata on npmjs.org that control how @zpao The problem is that npm needs real versions unless every package maintainer with peerDependencies adds The solution to the root cause is for npm to fix this issue. I've thought through it a bit and I think npm's current semver behavior for peerDeps is wrong. Either they should block prerelease versions so everything has to be a real version, or someone needs to come along and write an npm client replacement, wink wink. But until that happens, the next best solution I can think of is for react-native (and other packages that use react) not to depend on prerelease versions. |
|
I don't philosophically agree with shipping seemingly "stable" versions of react that are only intended for us to try to make RN work but that we need to publish 5 times to get right. Help me understand the scope of the problem… is it packages that RN depends on or ships with? Or is it only an issue for people building apps using RN from github? If it's the latter then I propose we don't care. Published versions of RN will point at released versions of React. Maybe that goes for RCs as well. Our plan from the React side was to ship alphas so RN can get things as quickly as possible, and then shipping the alpha as a stable release and update RN so it's final version never uses an alpha. cc @facebook/react-core since we've been talking about this and perhaps there are some discussions around this I haven't been a part of |
FWIW I'm with you philosophically. It's npm's current behavior that's the issue here.
It's the latter, potentially including RCs (0.26-rc going out sometime between this Friday and Monday).
Totally agree with this. Your plan makes a lot of sense -- it's just npm's overly strict peerDep validation that causes issues when doing more comprehensive testing of To fix the core issue we need npm to fix this upstream (npm/npm#8854 -- closed, though) or for an alternative npm client to supplant npm's. |
How many people is that? I'm not sure how much I actually care to go out of our way to support a small number of people building from arbitrary points on master. Maybe we change our modus operandi for RCs though. |
|
Not a lot though awhile back almost everyone doing something serious with RN was using a fork of master. Anyway if you understandably want to wait to publish 15.0.3 we'll live. It's really npm + peerDeps making things an issue here. |
|
Let's live for a tiny bit longer. If it's unbearable then I'll step out of the way and help make this work. It just really muddies the process we have with a stable branch and how we publicize releases, so on top of my philosophical reservations, there's a bit more to figure out :) The dist-tag for alphas is doable in the mean time if you want to pursue that. |
|
Let’s close for now as I don’t see anything actionable on our side. |
React Native requires 15.0.3 which is currently published as 15.0.3-alpha.2. Installing this module leads to peerDependency warnings and errors (ex:
npm shrinkwrapactually fails) because several packages have peerDeps on react@^15.0.0 and 15.0.3-alpha.2 doesn't match.Several people including myself have raised the issue with npm but for the time being could FB publish master as 15.0.3 and use npm's dist-tag feature to tag 15.0.2 as "latest" and 15.0.3 as "next" or "at-your-own-risk"?
The text was updated successfully, but these errors were encountered: