search

elm-lang / elm-package

Command line tool to share Elm libraries
BSD 3-Clause "New" or "Revised" License
213 stars 66 forks source link

Invalid elm-package.json can be published - case sensitivity issue on package authors and names. #283

Open rupertlssmith opened 7 years ago

rupertlssmith commented 7 years ago

With reference to this issue raised against elm-github-install:

https://github.com/gdotdesign/elm-github-install/issues/41#issuecomment-324875391

I was using elm-github-install and it let me reference a dependency without getting the case correct:

"dependencies": {
        "elm-lang/core": "5.0.0 <= v < 6.0.0",
        "tsfoster/elm-heap": "2.1.0 <= v < 3.0.0"
    },

But elm-make did not like it:

Error: Your .elm/packages/ directory may be corrupted. I was led to believe that
tsfoster/elm-heap existed, but I could not find anything when I went to look up
the published versions of this package.

The reason being that the package author was spelled with the incorrect case, it should be 'TSFoster/elm-heap'.

Despite this, I was still able to publish the package with an invalid elm-package.json. This would be a frustrating experience for someone downloading this package and then finding that it does not build.

Should elm-package check that all the dependency packages reference packages already published with the author/name/version all correct before allowing a package to be published?

process-bot commented 7 years ago

Thanks for the issue! Make sure it satisfies this checklist. My human colleagues will appreciate it!

Here is what to expect next, and if anyone wants to comment, keep these things in mind.