Open neilstuartcraig opened 9 years ago
so essentially... make sure that all dependencies and devDependencies are declared with sensible semver strings rather than lazy ones?
Yes, that's one side - but to make sure also that you correctly increment the relevant major/minor/patch component of your package version number. Needs both sides of the coin to be correct.
The licenses thing is critical too - of you want anyone to use your package!
Cheers
there is already a check in place for licensing. There's not really a way to statically check that a version is updated. So there's already a check to ensure that the version is semver.
Does that cover those cases?
Hi
Just replying to your message on Twitter yesterday (in my TZ).
So I was referring to my #1 issue with some (thankfully a minority) not being semver (http://semver.org/) compliant (despite claiming to be). This would usually manifest most often in publishing of updates under say a patch release - this can cause serious breakage for packages which depend on the offending package.
Also a problem from time to time is package authors door a bad job of their dependency versioning, most often what I see is users requiring a package with a version of "*". Clearly this is a bad idea as a major release in the dependency could easily break the integration/usage.
Does that explain in the level of detail you need?
Another issue which springs to mind is people not stating a license for their software. This means that for example, at work, I basically can't use the package as it has no terms of usage.
Cheers