-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check save-prefix satisfies requested install version range #193
Conversation
729c369
to
442a88b
Compare
442a88b
to
3042e1a
Compare
I think there's probably a better way to do this, but I get that this is a problem. If the user provides a complex range, and |
I agree with @isaacs. It's better if we can just save the user-provided range in the package.json file. |
If a user installs `[email protected] <1.2.3`, and we resolve to `1.2.2`, then we should not save it as `^1.2.2`, since that would allow versions outside of the requested range. Explicit versions and tags are still saved using the savePrefix, since those are not ranges, and users can set `--save-exact` if they wish it to be saved exactly. Fix: #127 Fix: npm/cli#193 Fix: https://npm.community/t/7005
If a user installs `[email protected] <1.2.3`, and we resolve to `1.2.2`, then we should not save it as `^1.2.2`, since that would allow versions outside of the requested range. Explicit versions and tags are still saved using the savePrefix, since those are not ranges, and users can set `--save-exact` if they wish it to be saved exactly. Fix: #127 Fix: npm/cli#193 Fix: https://npm.community/t/7005
If a user installs `[email protected] <1.2.3`, and we resolve to `1.2.2`, then we should not save it as `^1.2.2`, since that would allow versions outside of the requested range. Explicit versions and tags are still saved using the savePrefix, since those are not ranges, and users can set `--save-exact` if they wish it to be saved exactly. Fix: #127 Fix: npm/cli#193 Fix: https://npm.community/t/7005 PR-URL: #145 Credit: @isaacs Close: #145 Reviewed-by: @isaacs
The bug report is also opened in npm community.
In short, the recent Angular Compiler requires older typescript packages and asks users to run
npm install typescript@">=3.1.1 <3.3"
However, after running the install command, package.json will be update to
typescript@^3.2.4
, which will still pull incompatible version, eg.'[email protected]' in other build machine. So I add some checks in computeVersionSpec to ensure adding the save-prefix^
or~
only when it satisfies requested version range.