search

aboutcode-org / univers

Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!
32 stars 9 forks source link

Properly handle the pre-release versions in VersionRange #130

Open keshav-space opened 9 months ago

keshav-space commented 9 months ago

The current univers VersionRange includes the pre-release versions. While this behavior is desirable when dealing with version ranges in a security advisory, it is not appropriate for the version range present in package manifests.

Scenario:

Consider the following release versions for an npm package: 1.0.0, 1.2.0, 2.0.0-rc.1, 2.0.0, 2.1.0, and 3.0.0

Desired Behavior:

pombredanne commented 1 month ago

Merging duplicate:

It would be useful to detect if a version is a prerelease, beta, rc and similar. This can then be used when doing version tests to exclude some prerelease optionally