-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] wrong results on semver.npmjs.com #729
Comments
This is a subtle one. npm itself includes the If today you were to set your dependencies like this: npm pkg set dependencies.react="^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0" And then ran $ npm view react dist-tags.latest
18.3.1 The website is showing you all the versions npm would consider given that range. I'm not sure this is the right thing to do, especially as there is no indication on the page that it is taking that into consideration, nor is it trying to tell you what npm would install. npm also includes other things like We'll leave this open to track what to do here. As of now at least you know why it's doing this. |
Since the latest tag is mutable, i think the current behavior is ideal but perhaps it could use a sentence or two of prose explanation. |
In our case it would be a |
Yes I believe that's what would happen. The (This example assumes ~/D/s/p/sub $ npm pkg set peerDependencies.react="^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0"
~/D/s/p/sub $ cd ..
~/D/s/peerdeps $ npm i ./sub --install-links=true
added 4 packages, and audited 5 packages in 1s
found 0 vulnerabilities
~/D/s/peerdeps $ npm ls react
@gar/peer-deps-test@1.0.0 /Users/wraithgar/Development/scratch/peerdeps
└─┬ @gar/sub-dep-test@1.0.0
└── react@18.3.1
~/D/s/peerdeps $ npm pkg set dependencies.react="^19.0.0-rc"
~/D/s/peerdeps $ npm i
removed 2 packages, changed 1 package, and audited 3 packages in 784ms
found 0 vulnerabilities
~/D/s/peerdeps $ npm ls react
@gar/peer-deps-test@1.0.0 /Users/wraithgar/Development/scratch/peerdeps
├─┬ @gar/sub-dep-test@1.0.0
│ └── react@19.0.0-rc-fb9a90fa48-20240614 deduped
└── react@19.0.0-rc-fb9a90fa48-20240614
|
Okay, that helps a lot - thank you :) |
Is there an existing issue for this?
Current Behavior
This is not a bug with the
semver
package, but with https://semver.npmjs.com/I couldn't find any better place to report this, so I hope I'm right here or the maintainers know where I can report this correctly.
Currently, if you go to https://semver.npmjs.com/ and search for
^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0
, it misses all React 19 RCs in the results.Expected Behavior
Irritatingly, when removing
^18.0.0
from that list, it gives a result that seems correctSteps To Reproduce
go to https://semver.npmjs.com/ and search for
^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0
Environment
Firefox
The text was updated successfully, but these errors were encountered: