Feature request: Support udd-style fragments to restrict semver ranges to update

hasundue / molt

Update dependencies the Deno way

https://jsr.io/@molt

MIT License

69 stars 5 forks source link

Feature request: Support udd-style fragments to restrict semver ranges to update #111

Closed masnagam closed 6 months ago

masnagam commented 7 months ago

Espetially, we need #=.

There is an npm package which does not work properly in deno except for a particular version of the package. We'd like to prevent such npm packages from being updated.

molt CLI has --ignore option and it allows us to specify such npm packages. Or we can write a script for such restrictions as mentioned in README.md. However, it would be great if we can specify restrictions in import declarations.

References

https://github.com/hayd/deno-udd/blob/master/README.md#semantic-versioning

masnagam commented 7 months ago

unfortunately, udd-style fragments do not work in npm specifiers... and cause errors like below:

error: Invalid package specifier 'npm:ora@7.0.1#='. Invalid version requirement. Invalid specifier version requirement. Unexpected character.
  #=
  ~

https://docs.deno.com/runtime/manual/node/npm_specifiers

hasundue commented 6 months ago

@masnagam Thanks for pointing it out. I'm not positive to support udd-style fragments, but will probably work on the npm-style fragments, which is supported by the Deno runtime.

I'm still wondering what is the best way to provide version pinning functionality without introducing our own descriptors.

hasundue commented 6 months ago

Let me close this in favor of #112