Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shrinkwrap dependencies and remove carrots from package.json #654

Closed
garretto opened this issue Oct 10, 2016 · 2 comments · Fixed by #655
Closed

Shrinkwrap dependencies and remove carrots from package.json #654

garretto opened this issue Oct 10, 2016 · 2 comments · Fixed by #655

Comments

@garretto
Copy link

Today eslint-plugin-react was updated and had bug - jsx-eslint/eslint-plugin-react@d0dfc07

This caused all of our builds to start failing since we npm install for every new build.

To fix this, I propose this package remove all carrots from dependency versions, e.g.
"eslint-plugin-react": "6.0.0", instead of "eslint-plugin-react": "^6.0.0", and include a shrinkwrap file - https://docs.npmjs.com/cli/shrinkwrap

We are now shrinkwrapping our dev dependencies at my company to prevent this issue in the future. But I think it'd be a good idea within this dependency as well for others.
@feross
Copy link
Member

feross commented Oct 10, 2016

Sorry your builds got broken. I do think that on the whole, having loose dependencies has been good for standard. We feel the pain acutely when semver is violated, but we don't appreciate all the times that bugs get fixed for free.

I think one improvement to the situation is to switch to ~ instead of ^. This is slightly more conservative, and would have prevented the breakage you experienced today. We use ~ already for ESLint since minor versions are more likely to introduce incompatibilities than patch versions.

feross added a commit that referenced this issue Oct 10, 2016
@feross
Dependencies: Use ~ instead of ^.
99a1d90 
Fixes: #654

I think one improvement to the situation is to switch to ~ instead of
^. This is slightly more conservative, and would have prevented the
breakage described in the above issue. We use ~ already for ESLint
since minor versions are more likely to introduce incompatibilities
than patch versions.
@feross feross mentioned this issue Oct 10, 2016
Merged
@garretto
Copy link
Author

👍 thanks for the quick response

@lock lock bot locked as resolved and limited conversation to collaborators May 10, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
The Standard Project
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dependencies: Use ~ instead of ^. standard/standard
2 participants
@feross @garretto