These changes tweak the behavior of NPM deprecation detection again:
Background
pre-March 2023
we marked an NPM package as "Deprecated" if the latest-release had a "deprecation" message in the API.
March 2023
we changed the logic to require all releases to have a "deprecation" message for the package to be marked as "Deprecated". This was for two reasons:
we were marking packages like graphql as "Deprecated" because they publish frequent canary builds that are marked with a "deprecation" message. Whenever the latest release was a deprecated canary build and Libraries marked it "Deprecated", this gave the illusion that the package was deprecated even though it was very active.
and also the npm deprecate "This package is deprecated..." command will deprecate all the releases for a package, implying that NPM's philosophy is that "all releases deprecated == the package is deprecated"
Mar 2024
in this PR, we go back to the latest-release only for detection, but we ignore any version that's a prerelease, to handle the case of "graphql" where the latest version may be a deprecated prerelease.
Why?
despite the aforementioned npm deprecate logic, there's conflicting behavior on npmjs.com where a package page will be display as deprecated if the latest non-prerelease release is deprecated, even if the older releases aren't deprecated. For example, @types/faker:
since there's not a first-class "deprecation" for packages in NPM, we have to pick a side, and users who visit NPM will think that this example means that the package is deprecated. If Libraries doesn't mark the package as deprecated, this will lead to more confusion.
These changes tweak the behavior of NPM deprecation detection again:
Background
pre-March 2023
we marked an NPM package as "Deprecated" if the latest-release had a "deprecation" message in the API.
March 2023
we changed the logic to require all releases to have a "deprecation" message for the package to be marked as "Deprecated". This was for two reasons:
npm deprecate "This package is deprecated..."command will deprecate all the releases for a package, implying that NPM's philosophy is that "all releases deprecated == the package is deprecated"Mar 2024
in this PR, we go back to the latest-release only for detection, but we ignore any version that's a prerelease, to handle the case of "graphql" where the latest version may be a deprecated prerelease.
Why?
despite the aforementioned
npm deprecatelogic, there's conflicting behavior on npmjs.com where a package page will be display as deprecated if the latest non-prerelease release is deprecated, even if the older releases aren't deprecated. For example,@types/faker:https://www.npmjs.com/package/@types/faker
since there's not a first-class "deprecation" for packages in NPM, we have to pick a side, and users who visit NPM will think that this example means that the package is deprecated. If Libraries doesn't mark the package as deprecated, this will lead to more confusion.