Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow patch-level range for auth0-js dep #1014

Closed
lexaurin opened this issue May 28, 2017 · 4 comments
Closed

Allow patch-level range for auth0-js dep #1014

lexaurin opened this issue May 28, 2017 · 4 comments

Comments

@lexaurin
Copy link
Contributor

Please allow patch-level range for auth0-js dep in package.js

Imagine you're using both auth0-js and auth0-lock in your project. npm installs packages as you expect:

awesome-project
├── auth0-js@8.6.0 
└── auth0-lock@10.16.0

but when you update auth0-js to the latest patch version it got duped:

awesome-project
├── auth0-js@8.6.1 
└─┬ auth0-lock@10.16.0 
  └─┬ auth0-js@8.6.0 
    └── qs@6.4.0

it's quite annoying and does not respect npm versioning best practices, but who cares right? Unless you really need the latest patched version and not two versions, one of them not patched.

PR will follow
@lexaurin lexaurin mentioned this issue May 28, 2017
Merged
@luisrudge
Copy link
Contributor

but there's no actual duplication, right? I mean.. npm3+ dedupes automatically, no?

@lexaurin
Copy link
Contributor Author

There is. NPM3 dedups only what is semver-valid for all dependencies. auth0-js@8.6.1 is not valid for 8.6.0 rule in auth0-lock so no dedup happen.

@luisrudge
Copy link
Contributor

Makes sense! Thanks for the PR 🎉

@lexaurin
Copy link
Contributor Author

Thanks for merging 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lexaurin @luisrudge