Open valadaptive opened 5 months ago
I havent used npm init
in quite some time, but sounds like a feature that could help.
Only downside is that it requires the maintainer to actually know what versions are incompatible, which may be difficult. Incompatibility isn't always easy to determine based on syntax alone, so I'd doubt this could be 100% automated in a reliable way.
It's one of the reasons why on some projects I assume all node versions are compatible and only really update engines to exclude a version (and anything below it) when I know for sure a version is incompatible. Usually I verify incompatibility by either manual testing or as a result of bug reports 😀
It's one of the reasons why on some projects I assume all node versions are compatible and only really update engines to exclude a version (and anything below it) when I know for sure a version is incompatible. Usually I verify incompatibility by either manual testing or as a result of bug reports 😀
Right; the issue is that updating engines is a breaking change to some people. The idea behind automatically setting a recent engine is that people would be able to follow modern coding practices without having to worry about compat bugs. Even something like let/const is not supported in all versions of Node.
It’s a breaking change per semver.
This is actually a really great idea, as long as there’s no default and a few examples are given in the prompt.
As for warnings and checking compliance, that’s what i made npx ls-engines
for. I’d love to see that functionality built into npm.
Motivation ("The Why")
When packages do not specify a minimum supported Node version, some people may assume that the package supports any version of Node--or at least the ones that their currently-installed version does not error out on.
This can lead to semver hazards--a maintainer may inadvertently use a JavaScript builtin (as old as
Array#map
or as new asObject.hasOwn
) or a Node standard library feature that is not supported across all versions of Node. This could be seen as a breaking change, and hence semver-major, but it is very hard for the maintainer to notice.In order to use features that are not supported across all releases of Node in a semver-compatible way, authors must include the
"engines"
field in theirpackage.json
. Currently, however, few do so--probably because it is not included by default.Example
See current semver hazard examples:
How
Current Behaviour
npm init
does not currently specify any minimum supported Node version.Desired Behaviour
npm init
should specify a reasonably recent Node version as the minimum supported one in the"engines"
field, for some definition of "reasonably recent". The exact timeframe can be bikeshed over, but here are some ideas:Unanswered Questions / Further Work?
engines
field consists of machine-readable semver, should the NPM registry require anengines
bump to require a new major version number?package.json
, all of their versions must be supported. While their Node compatibility is still work-in-progress and not officially stable (AFAIK), there may come a time when they do reach parity with Node."bun"
and"deno"
fields within"engines"
? I see this as untenable, both because it is a lot to ask of maintainers and because npm would need an "official" list of all third-party runtimes.