Comments (10)
we had many issues opened by people using an outdated version
If you move npm
from dependencies
list to the peerDependencies
in package.json, you can enforce npm versions with that. Consumers will then get a message requiring them to use the correct npm version.
or who didn't had npm installed at all.
😕 You can't install this package without npm.
from npm.
The objective of having a dependency to npm
:
- Avoid issues related to an older version of npm being installed on the CI (for example an user encounter an issue where
prepack
was not run, which was due to an outdated npm version on their CI) - Allows us to be more consistent and predictable: we test with the same version of npm that users are going to use, so if there is a bug with a npm feature we use in the plugin then we'll now right away, without having the issue happening for any user
- Allow to test each new version of npm with GreenKeeper so we are sure a new release don't break the plugin
- Do not force Yarn (or other package manager) users to have npm installed
I tried to reproduce the problem you mentioned with npm ci
but everything works fine for me.
Here is what I did:
npm install semantic-release -D
npm install
rm -rf node_modules
npm ci
Everything is installed as expected and I have no error message. I'm using npm 6.3.0.
Do you have more details about the issue you experience with npm ci
? Did you open a bug report with npm?
from npm.
not sure if this would fit your preferred context, but i've started not depending on semantic-release
directly, but instead running it with npx
. that way it doesn't impact my package.json
or package-lock.json
. might be something to consider if it could simplify the problem away for you.
from npm.
Closing as no response was provided in almost 2 weeks.
from npm.
Sorry this fell through the cracks.... Ok to close for now.
@travi that's a great idea. Will try!
from npm.
Instead of starting a totally new issue that duplicates this, can we reopen this? I'm getting an error when running npm ci
when using node v10.16.0 (npm v6.9.0):
23:40:11 + npm ci
23:40:19 npm ERR! code ETARGET
23:40:19 npm ERR! notarget No matching version found for [email protected]
23:40:19 npm ERR! notarget In most cases you or one of your dependencies are requesting
23:40:19 npm ERR! notarget a package version that doesn't exist.
Looks like this happens because i'm using the latest stable version of npm (6.9.0), which this package should work with. npm 6.9.1 what is installed when I run npm i
, which is not yet released as a stable npm version.
To fix this, this package needs to have npm
as a peerDependency
instead of a dependency
so that the consumer's npm
version is used and there are no conflicts.
from npm.
v6.9.1 was published as latest
, but has apparently been unpublished. this is the kind of thing that happens when a version of anything is unpublished and a major reason why i personally think the registry should be fully immutable and never allow unpublishing.
find more details here: https://npm.community/t/release-npm-6-9-1/8435/3
it looks like latest is now v6.9.2. i would recommend opening a new issue or a PR to update the npm dependency
from npm.
this is the kind of thing that happens when a version of anything is unpublished and a major reason why i personally think the registry should be fully immutable and never allow unpublishing.
Yeah but this wouldn't even be an issue if the maintainers of this package just remove npm
from its dependencies
list entirely. There doesn't seem to be a reason to even have it there. Once its removed, whatever npm does wouldn't matter. :)
from npm.
We added npm as a dependency because we had many issues opened by people using an outdated version of npm or who didn't had npm installed at all.
from npm.
we had many issues opened by people using an outdated version
If you move
npm
fromdependencies
list to thepeerDependencies
in package.json, you can enforce npm versions with that. Consumers will then get a message requiring them to use the correct npm version.or who didn't had npm installed at all.
😕 You can't install this package without npm.
Technically there is always the yarn users... 😉
But we are also running into npm ci
failures (on a dockerized linux jenkins instance) on npm 6.11.3 (node 12.11.1).
Like @mkay581 my suggestion to fix it would be to use peer dependencies.
But then again, using npx
to run semantic-release
is actually a nice idea, too - I don't need to have semantic-release as a dependency then anyway. Thanks for that!
from npm.
Related Issues (20)
- pkgRoot property not working HOT 1
- Provenance support not working? HOT 1
- npm whoami failing HOT 3
- `package.json` version not updated, despite correct plugin ordering HOT 1
- Set --no-workspaces with npm version HOT 2
- Command failed with exit code 1: npm version 0.22.2 --userconfig HOT 2
- error on publishing HOT 1
- Publishing failed since update from [email protected] to [email protected] with files mentioned in .gitignore HOT 6
- Update a package.json in a sub folder
- CVE-2023-42282 HOT 1
- Support for custom package.json properties to write changelist entries
- NPM Audit Signatures issue on 11.0.3 HOT 2
- Failed step "prepare" of plugin "@semantic-release/npm" due to reading malformed path HOT 11
- ERR_INVALID_AUTH triggered by semantic-release npm despite not having this field set in checkout directory HOT 11
- semantic-release seems publishing twice and causing error. HOT 1
- Security Issue with out of date [email protected] found with SNYK HOT 3
- Array format/style is being changed HOT 3
- improve auth token resolution
- align approach for concatenating `.npmrc` files to better align with default npm behavior
- account for deprecation of `_auth` in existing `.npmrc` files
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm.