npm installing the latest version installs the alpha 4.x and not the stable 3.x

[giltayar]

Currently in this npm package, if a developer just does npm install selenium-webdriver they will get the 4.x.x-alpha version, which is somewhat unstable. They will get the 4 version because that version is tagged as "latest" in npm (try npm view selenium-webdriver dist-tags to see this).

I believe that until 4 is out of beta, the latest 3.x.x should be tagged as "latest", while the 4.x.x should be tagged as "beta".

I've been bitten at least three times by this problem, and it takes a while to figure out the problem. Moreover, many of our customers have been having problems because of this issue, so this is not just a theoretical issue.

[jleyba]

We use semver b/c that's what npm uses, but it's not an accurate representation of the stability of each selenium-webdriver release. Every release pushed to npm is considered the latest stable supported release that users should consume.

Given that we're using semver for npm releases, there are some significant API changes that wouldn't be appropriate to push as a 3.x release. Since the rest of the Selenium project isn't ready for 4.0, I pushed it with the alpha tag.

[giltayar]

I may have misunderstood: is 4 stable? If it is, why does it have an alpha tag?

I'm not sure what this has to do with semver. npm enables you to tag the "latest" version as something else than the last version published. This is exactly to enable beta versions that you don't want people to use until they stop being beta: so that npm install _something_ should always bring the stable version.

Currently, our customers are npm install-ing alpha versions of selenium webdriver (as I said, they are named as such: 4.0.0-alpha!) by mistake due to their (and everybody else's assumption, including mine), that

All you need to do is to npm-tag 3.6.0 as the latest version, until 4 is stable, at which point it's back to business as usual. This way, you can continue pushing versions of 4-alpha as much as you want, without impacting users that are installing selenium-webdriver for the first time.

[johnjbarton]

@jleyba says:

We use semver b/c that's what npm uses, but it's not an accurate representation of the stability of each selenium-webdriver release. Every release pushed to npm is considered the latest stable supported release that users should consume.

The fundamental problem that we users have is simple: the current release pushed to npm is not marked as a stable release.

From https://semver.org/#spec-item-9

A pre-release version MAY be denoted by appending a hyphen and a series of dot separated identifiers immediately following the patch version. Identifiers MUST comprise only ASCII alphanumerics and hyphen [0-9A-Za-z-]. Identifiers MUST NOT be empty. Numeric identifiers MUST NOT include leading zeroes. Pre-release versions have a lower precedence than the associated normal version. A pre-release version indicates that the version is unstable and might not satisfy the intended compatibility requirements as denoted by its associated normal version.

@jleyba also says:

Since the rest of the Selenium project isn't ready for 4.0, I pushed it with the alpha tag.

This is the part that does not make sense. 4.0 is released: you said it is the latest stable and supported version. Adding the alpha tag says it's not stable and supported. This oddity is just hurting JS users: we get no updates on 3.x and the 4.x story is confusing.

If the latest release is stable and supported, please release it as 4.0.0.