npm version issue

[dlong500]

At the moment, npm is wanting to install version 1.3.2 of jsreport-phantom-pdf despite the fact that I don't see any evidence in this repo of a 1.3.2 version existing (or any evidence of changes over the past couple weeks).

Can you clarify what is going on?

[bjrmatos]

doing a quick npm view jsreport-phantom-pdf version gives me the latest correct version: 1.3.1 and doing a fresh npm install jsreport-phantom-pdf also.

How did you found that behaviour? can you give me the steps to reproduce it?

[pofider]

I released 1.3.2 with next tag because of testing new feature. I didn't commit it yet, but I suppose there is no problem. You should get always the 1.3.1 if you do npm install jsreport-phantom-pdf as well if you have "jsreport-phantom-pdf": "^1.3.1" in package.json. Or am I wrong?

[dlong500]

I'll have to do some testing, but I think that the latest tag may only be used for initially installing a package when there are no relevant dependency settings in package.json and to populate the "latest" column in npm outdated. After a package is already installed I believe npm uses semantic versioning based on the settings in package.json to determine what gets installed.

So a depedency setting like "jsreport-phantom-pdf": "^1.0.3" will match 1.3.2 as a wanted upgrade. I think what is necessary for testing versions is to append something like "beta" to the version, so it could be 1.3.2-beta or 1.3.2-rc1.

My npm outdated results looks like:

Package Current Wanted Latest jsreport-phantom-pdf 1.3.1 1.3.2 1.3.1

[pofider]

Thank you for your comments.

I've ensured that if you have "jsreport-phantom-pdf": "^1.0.3" in your config, that:

1. npm outdated shows as the latest 1.3.1 and as wanted 1.3.2
2. npm install installs 1.3.1 (always, even repeated)
3. npm updade installs 1.3.2

The point 3 is very disappointing for me. I think it should respect the latest tag, but didn't find any mention or documentation for its behavior regarding tags.

I'll gladly append some string to the version if it prevents npm update from doing to me unexpected installs.

@bjrmatos - what is your opinion on this?

FYI I don't use npm update at all, I prefer to use npm-check-updates. Much more transparent what it does.

[bjrmatos]

@pofider i didn't noticed that you were using npm's @next tags.. i agree with @dlong500 that pre-releases should be tagged with -rc* or -beta just to be very clear about the real intention. 😄

[pofider]

Thank you for comments. I'll append something to the version and make sure to do it always when pre-releasing.

[pofider]

Closing this now. Thank you for your advice. I'm now more clearly marking pre-release versions with beta postfix.