npm / rfcs

Public change requests/proposals & ideation
Other
730 stars 240 forks source link

[RRFC] Populate `"engines"` field during `npm init` #781

Open valadaptive opened 5 months ago

valadaptive commented 5 months ago

Motivation ("The Why")

When packages do not specify a minimum supported Node version, some people may assume that the package supports any version of Node--or at least the ones that their currently-installed version does not error out on.

This can lead to semver hazards--a maintainer may inadvertently use a JavaScript builtin (as old as Array#map or as new as Object.hasOwn) or a Node standard library feature that is not supported across all versions of Node. This could be seen as a breaking change, and hence semver-major, but it is very hard for the maintainer to notice.

In order to use features that are not supported across all releases of Node in a semver-compatible way, authors must include the "engines" field in their package.json. Currently, however, few do so--probably because it is not included by default.

Example

See current semver hazard examples:

How

Current Behaviour

npm init does not currently specify any minimum supported Node version.

Desired Behaviour

npm init should specify a reasonably recent Node version as the minimum supported one in the "engines" field, for some definition of "reasonably recent". The exact timeframe can be bikeshed over, but here are some ideas:

Unanswered Questions / Further Work?

markcellus commented 5 months ago

I havent used npm init in quite some time, but sounds like a feature that could help.

Only downside is that it requires the maintainer to actually know what versions are incompatible, which may be difficult. Incompatibility isn't always easy to determine based on syntax alone, so I'd doubt this could be 100% automated in a reliable way.

It's one of the reasons why on some projects I assume all node versions are compatible and only really update engines to exclude a version (and anything below it) when I know for sure a version is incompatible. Usually I verify incompatibility by either manual testing or as a result of bug reports 😀

valadaptive commented 5 months ago

It's one of the reasons why on some projects I assume all node versions are compatible and only really update engines to exclude a version (and anything below it) when I know for sure a version is incompatible. Usually I verify incompatibility by either manual testing or as a result of bug reports 😀

Right; the issue is that updating engines is a breaking change to some people. The idea behind automatically setting a recent engine is that people would be able to follow modern coding practices without having to worry about compat bugs. Even something like let/const is not supported in all versions of Node.

ljharb commented 5 months ago

It’s a breaking change per semver.

This is actually a really great idea, as long as there’s no default and a few examples are given in the prompt.

As for warnings and checking compliance, that’s what i made npx ls-engines for. I’d love to see that functionality built into npm.