Edit - Stack Overflow

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

Rev

681

Posting here to hopefully catch people that don't quite think this through, but both ^ and ~ assumes you can trust minor and point releases from your dependencies. If you are publishing a library and want other people to trust you, DO NOT BLINDLY ACCEPT DOWNSTREAM DEPENDENCIES. A bad dot release from your dependency can cause a chain reaction upstream, and will have people knocking at YOUR door when things go pear shaped. This is another huge reason to use npm shrinkwrap on your production code.

tehfoo
– tehfoo

2015-02-09 18:33:52 +00:00
Commented Feb 9, 2015 at 18:33
69

You can also just do away with all the nonsense of npm prepending your versions with a ^ or a ~. Set this if you want to have tight control over your versions: npm config set save-prefix=''

kumarharsh
– kumarharsh

2015-07-08 06:11:58 +00:00
Commented Jul 8, 2015 at 6:11
16

@prasanthv is right: from docs.npmjs.com/misc/semver#caret-ranges-1-2-3-0-2-5-0-0-4: Caret Ranges ^1.2.3 ^0.2.5 ^0.0.4. Allows changes that do not modify the left-most non-zero digit in the [major, minor, patch] tuple. In other words, this allows patch and minor updates for versions 1.0.0 and above, patch updates for versions 0.X >=0.1.0, and no updates for versions 0.0.X.

rofrol
– rofrol

2015-10-11 16:19:27 +00:00
Commented Oct 11, 2015 at 16:19
39

@jgillich in semver when you use 0.2.x, 2 isn't a major version. That's why docs.npmjs.com used the specific words: the left-most non-zero digit. Also what about this case: ^0.0.4 means 0.0.4

rofrol
– rofrol

2015-10-12 10:14:36 +00:00
Commented Oct 12, 2015 at 10:14
19

@FagnerBrack: The specific example you provided is correct, but generally your way of thinking is wrong. An example: let's say you have package A in 3 versions: 0.0.1, 0.0.2 and 0.0.3. There is a bug in 0.0.1 so you want to have at least 0.0.2 in your package B. If you write 0.0.x you'll get 0.0.3, which is OK. But if some other package C requires both B and A and additionally has constrain "A": "<0.0.2" you'll get 0.0.1 without showing any conflict issue, which is not what you want. Using tilde ~0.0.2 should help you avoid this issue.

Maciej Sz
– Maciej Sz

2015-10-22 14:22:43 +00:00
Commented Oct 22, 2015 at 14:22

| Show 17 more comments

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »

Collectives™ on Stack Overflow