Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ranges): semver group expecting ^ considers eg =9.0.0 valid #239

Open
Frederick888 opened this issue Aug 19, 2024 · 5 comments
Open

fix(ranges): semver group expecting ^ considers eg =9.0.0 valid #239

Frederick888 opened this issue Aug 19, 2024 · 5 comments
Labels
Priority: Low Status: To Do Type: Fix

Comments

@Frederick888
Copy link

Description

Perhaps I simply have some fundamental misunderstanding towards ^ in SemVer groups, but for example,

{
  "semverGroups": [
    {
      "range": "^"
    }
  ]
}

I expect this to enforce leading ^s on all dependency versions, but I can actually use exact versions?

The full example is at https://github.com/Frederick888/playground/tree/syncpack.

$ y syncpack lint
Versions
= Default Version Group ========================================================
    11 ✓ already valid
Semver Ranges
= the version property of package.json files must always be exact ==============
✓ 3 valid
= Semver Group 2 ===============================================================
✓ 8 valid
Formatting
✓ package.json
✓ packages/bar/package.json
✓ packages/foo/package.json

Help Needed

I would like to enforce leading ^ on dependency versions. Is this something that can be achieved through SemVer Groups?
@JamieMason
Copy link
Owner

What is the output of SYNCPACK_VERBOSE=true syncpack list please?

There are some things you are doing which I've never seen before:

Versions starting with =

https://github.com/Frederick888/playground/blob/54254db7d2d7a11bef07738e6d313c288f256ac9/package.json#L6C5-L6C24

Package .version properties which are themselves workspace "workspace:^"

https://github.com/Frederick888/playground/blob/54254db7d2d7a11bef07738e6d313c288f256ac9/packages/foo/package.json#L3

I suspect these are not valid(?) certainly though syncpack will not be aware of them as I've not seen that before. I'd still want to understand what syncpack does when faced with this.

@Frederick888
Copy link
Author

What is the output of SYNCPACK_VERBOSE=true syncpack list please?

$  SYNCPACK_VERBOSE=true y syncpack list
? cosmiconfig found /Users/frederick/programming/Others/playground/.syncpackrc
? config file found: {"semverGroups":[{"range":"^"}]}
? 3 package.json files found
? dependency types provided by user: []
? enabled dependency types determined to be: [{"_tag":"versionsByName","name":"dev","path":"devDependencies"},{"_tag":"name~version","name":"local","path":"version","namePath":"name"},{"_tag":"versionsByName","name":"overrides","path":"overrides"},{"_tag":"versionsByName","name":"peer","path":"peerDependencies"},{"_tag":"versionsByName","name":"pnpmOverrides","path":"pnpm.overrides"},{"_tag":"versionsByName","name":"prod","path":"dependencies"},{"_tag":"versionsByName","name":"resolutions","path":"resolutions"}]
? VersionsByNameStrategy#overrides found nothing at <package.json>.overrides
? VersionsByNameStrategy#peer found nothing at <package.json>.peerDependencies
? VersionsByNameStrategy#pnpmOverrides found nothing at <package.json>.pnpm.overrides
? VersionsByNameStrategy#resolutions found nothing at <package.json>.resolutions
? found 7 instances in <package.json>
? VersionsByNameStrategy#overrides found nothing at <packages/bar/package.json>.overrides
? VersionsByNameStrategy#peer found nothing at <packages/bar/package.json>.peerDependencies
? VersionsByNameStrategy#pnpmOverrides found nothing at <packages/bar/package.json>.pnpm.overrides
? VersionsByNameStrategy#prod found nothing at <packages/bar/package.json>.dependencies
? VersionsByNameStrategy#resolutions found nothing at <packages/bar/package.json>.resolutions
? found 3 instances in <packages/bar/package.json>
? VersionsByNameStrategy#dev found nothing at <packages/foo/package.json>.devDependencies
? VersionsByNameStrategy#overrides found nothing at <packages/foo/package.json>.overrides
? VersionsByNameStrategy#peer found nothing at <packages/foo/package.json>.peerDependencies
? VersionsByNameStrategy#pnpmOverrides found nothing at <packages/foo/package.json>.pnpm.overrides
? VersionsByNameStrategy#prod found nothing at <packages/foo/package.json>.dependencies
? VersionsByNameStrategy#resolutions found nothing at <packages/foo/package.json>.resolutions
? found 1 instances in <packages/foo/package.json>
= Default Version Group ========================================================
     1x @jest/globals: =29.7.0
     1x @playground/bar: workspace:^
     1x @playground/foo: workspace:^
     2x eslint: =9.9.0
     1x eslint-config-prettier: =9.1.0
     2x jest: =29.7.0
     1x playground: 0.0.1
     1x syncpack: =12.4.0
     1x ts-jest: =29.2.4

  What next?
- syncpack list-mismatches to see more detail about mismatching versions
- syncpack fix-mismatches to fix version mismatches automatically
- syncpack format to sort and prettify your package.json files
- syncpack update to choose updates from the npm registry
- syncpack --help for everything else

There are some things you are doing which I've never seen before:

Versions starting with =

Oh I came from some languages where 1.2.3 implies ^1.2.3, so I developed the habit of being explicit on SemVer prefixes.

It's definitely accepted by npm and yarn: https://github.com/npm/node-semver#versions

Package .version properties which are themselves workspace "workspace:^"

I actually got this from syncpack in my real project, where there were inter-dependencies between packages.

I just pushed Frederick888/playground@ad46f54 as an example:

$ SYNCPACK_VERBOSE=true y syncpack lint
? cosmiconfig found /Users/frederick/programming/Others/playground/.syncpackrc
? config file found: {"semverGroups":[{"range":"^"}],"versionGroups":[{"label":"Use workspace protocol when developing local packages","dependencies":["@playground/*"],"pinVersion":"workspace:^"}]}
? 3 package.json files found
Versions
? dependency types provided by user: []
? enabled dependency types determined to be: [{"_tag":"versionsByName","name":"dev","path":"devDependencies"},{"_tag":"name~version","name":"local","path":"version","namePath":"name"},{"_tag":"versionsByName","name":"overrides","path":"overrides"},{"_tag":"versionsByName","name":"peer","path":"peerDependencies"},{"_tag":"versionsByName","name":"pnpmOverrides","path":"pnpm.overrides"},{"_tag":"versionsByName","name":"prod","path":"dependencies"},{"_tag":"versionsByName","name":"resolutions","path":"resolutions"}]
? VersionsByNameStrategy#overrides found nothing at <package.json>.overrides
? VersionsByNameStrategy#peer found nothing at <package.json>.peerDependencies
? VersionsByNameStrategy#pnpmOverrides found nothing at <package.json>.pnpm.overrides
? VersionsByNameStrategy#resolutions found nothing at <package.json>.resolutions
? found 7 instances in <package.json>
? VersionsByNameStrategy#overrides found nothing at <packages/bar/package.json>.overrides
? VersionsByNameStrategy#peer found nothing at <packages/bar/package.json>.peerDependencies
? VersionsByNameStrategy#pnpmOverrides found nothing at <packages/bar/package.json>.pnpm.overrides
? VersionsByNameStrategy#prod found nothing at <packages/bar/package.json>.dependencies
? VersionsByNameStrategy#resolutions found nothing at <packages/bar/package.json>.resolutions
? found 3 instances in <packages/bar/package.json>
? VersionsByNameStrategy#dev found nothing at <packages/foo/package.json>.devDependencies
? VersionsByNameStrategy#overrides found nothing at <packages/foo/package.json>.overrides
? VersionsByNameStrategy#peer found nothing at <packages/foo/package.json>.peerDependencies
? VersionsByNameStrategy#pnpmOverrides found nothing at <packages/foo/package.json>.pnpm.overrides
? VersionsByNameStrategy#resolutions found nothing at <packages/foo/package.json>.resolutions
? found 2 instances in <packages/foo/package.json>
= Use workspace protocol when developing local packages ========================
✘ @playground/bar 0.0.1 → workspace:^ packages/bar/package.json > version [PinnedMismatch]
✘ @playground/foo 0.0.1 → workspace:^ packages/foo/package.json > version [PinnedMismatch]
     1 ✓ already valid
     2 ✓ can be auto-fixed
= Default Version Group ========================================================
     9 ✓ already valid
Semver Ranges
? dependency types provided by user: []
? enabled dependency types determined to be: [{"_tag":"versionsByName","name":"dev","path":"devDependencies"},{"_tag":"name~version","name":"local","path":"version","namePath":"name"},{"_tag":"versionsByName","name":"overrides","path":"overrides"},{"_tag":"versionsByName","name":"peer","path":"peerDependencies"},{"_tag":"versionsByName","name":"pnpmOverrides","path":"pnpm.overrides"},{"_tag":"versionsByName","name":"prod","path":"dependencies"},{"_tag":"versionsByName","name":"resolutions","path":"resolutions"}]
= the version property of package.json files must always be exact ==============
✓ 3 valid
= Semver Group 2 ===============================================================
✓ 9 valid
Formatting
✓ package.json
✓ packages/bar/package.json
✓ packages/foo/package.json

I used workspace:^ instead of workspace:* in dependencies cos it was what yarn workspace @playground/foo add @playground/bar used.

@JamieMason
Copy link
Owner

Thanks a lot, learned a few things there.

  1. For this one, add "dependencyTypes": ["!local"] to stop the .version properties being changed to workspace protocol.
  2. The leading = although valid (TIL), probably won't play well with syncpack until is is updated.
  3. Try it without the = but I think there is a bug, the "Semver Group 2" should not be valid, it should expect every matching version to start with ^, which it doesn't.

@Frederick888
Copy link
Author

  1. For this one, add "dependencyTypes": ["!local"] to stop the .version properties being changed to workspace protocol.

Yup worked like a charm!

  1. The leading = although valid (TIL), probably won't play well with syncpack until is is updated.

Gotcha :)

  1. Try it without the = but I think there is a bug, the "Semver Group 2" should not be valid, it should expect every matching version to start with ^, which it doesn't.

Yes without = everything worked! Thank you!

We can probably do something like semver.clean("=1.2.3") so it's valid when using a SemVer Group "range": ""? I'm not very opinionated on this one tho.

@JamieMason
Copy link
Owner

Yes without = everything worked! Thank you!

oh nice, well that's a bonus – I'll leave this open though as syncpack shouldn't be considering it as valid when there is a =.

We can probably do something like semver.clean("=1.2.3") so it's valid when using a SemVer Group "range": ""? I'm not very opinionated on this one tho.

Agree yeah, there is similar for normalising eg. latest and *.

@JamieMason JamieMason changed the title SemVer group ^ doesn't work as expected fix(ranges): semver group expecting ^ considers eg =9.0.0 valid Aug 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Low Status: To Do Type: Fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JamieMason @Frederick888