Towards Sustainable Versioning

[DamonOehlman]

Over the last week a lot of my background thoughts have been consumed thinking about versioning software, and more specifically software packages (i.e. a unit of software that may be consumed / interfaced with to create other software packages or applications). I have read various discussions (see further reading) that have influenced my thinking and I have come to the conclusion that section 4 of the current semver specification is broken. It reads:

Major version zero (0.y.z) is for initial development. Anything may change at any time. The public API should not be considered stable.

This is something that I have most definitely embraced as a developer, and have felt to be very freeing. Nothing feels quite as wonderful as being cocooned away in that 0.x space, free from the responsibilities of the world. Sure, you might upset the odd person when you break stuff because they decided to go and use your software in a production system, but hey thats not your fault it's 0.x software right? The only problem being is that the community is sending mixed messages, and we are using 0.x software all over the place and claiming that it's ready for primetime. This ranges from node itself, to some of the most highly depended on node modules out there, yes async I'm looking at you.

The interesting thing from the perspective of node at least, is that I never really refer to it in any kind of pre 1.0 capacity, ever. If I'm talking to fellow devs who are writing applications in node we will often compare notes around what we are using in production. Almost always, the 0. prefix is dropped conversationally, and we are simply calling it "node 8" or "node 10". I'm sure this isn't everyone's experience, but I don't imagine I'm alone. This being the case, it already shows that some of us at least are already disgregarding the initial 0 from the node version and treating the most meaningful number we can latch onto in the version string as the major version.

Rightly or wrongly, by overemphasing point 4 of the semver spec we have turned what was intended to encapsulate MAJOR.MINOR.PATCH into USELESS.MAJOR.MINOR. Oops.

I suspect this is exactly why @rvagg called me out when I initially included those magically version ranges matches when I first published slimver. Nice work Rod.

I don't think that's the only problem created by section 4 of the spec though, as I also believe it robs us as developers from doing an significant refactoring of our products beyond the 1.0 release. Rather than being able to appropriately react to long standing mistakes in a product with a revolutionary change, we are locked into a cycle of disruption where packge wilbur is the new improved version of bob.

I'm not sure what the solution is, but we certainly can't stay where we are. If we do, then we only have a future of package@2-beta74 to look forward to. Yes, I'm looking at you this time handlebars. Here are some options that I've been throwing around in my head:

• We adopt a model similar to node where an odd numbered release means dragons, where an even numbered release is all unicorns and rainbows.

• We educate people that version numbers have no bearing on product stability, just that moving from one major version to another means you should expect things to break. I believe this has been what @dominictarr, @Raynos and others have been fighting for. Stability is indicated through a stability measure, see also dominictarr/stability.

  If we do adopt this approach then we also need to step up our game in terms of using npm tag to provide some isolation for developing our new versions of packages. Consider the dist-tags of collections vs handlebars for instance. I'd probably even suggest a renaming of latest to main or something like that too...

Anyway, I feel a lot better for getting that off my chest. If you have an opinion, feel free to chime in :)

[Raynos]

We adopt a model similar to node where an odd numbered release means dragons, where an even numbered release is all unicorns and rainbows.

This feels un-needed for small modules.

There's no reason to have "unstable" versions when scope of a project is small. If you need something to be unstable for a long time then your writing a big thing and should stop doing that.

When I work on big things I've actually been doing in a meta wrapper approach, i.e. a big module is just a union of 10 small modules, when i update one of the small modules from v1 -> v2 or v2 -> v3 I then update the meta wrapper from v5 -> v6.

This approach has also been working great for hapi, cc @eranhammer

[Raynos]

Stability is indicated through a stability measure, see also dominictarr/stability.

:+1: for this, this is really important. I need to go back through my 300 modules and add it to each one :( I might just spend a saturday doing that.

[Raynos]

in terms of using npm tag to provide some isolation for developing our new versions of packages.

if something is unstable, just don't publish it. There's nothing wrong with installing unstable things from git links.

If you've just finished a really big change, it's recommended you publish a new major version then run npm tag {{module}}@{{old version}} latest to get the special semantics of npm i my-thing will not install the new version yet.

This use case is a REAL edge case so using npm tag manually for it is fine.

[dominictarr]

you can also do npm publish --tag dev and it will tag with dev and not with latest.