search

npm / template-oss

a template package for npm CLI team development
Other
25 stars 18 forks source link

fix: Install an exact version of `@github/prettier-config` #464

Closed hashtagchris closed 2 months ago

hashtagchris commented 2 months ago

This matches what I've seen us install in practice. See https://github.com/npm/template-oss/blob/4ef5cf6be626cb5265486420634ad231832540ab/package.json#L70 and https://github.com/npm/template-oss/blob/b35bca55b28b41773aa6b936fc626bc15b40eae5/test/apply/lint.js#L50-L52

Sample postlint guidance

Instead of @github/prettier-config@*, it tells you to install @github/prettier-config@0.0.6 with the --save-exact flag.

% npm uninstall prettier && npm uninstall @github/prettier-config
...

% npm run postlint
> @npmcli/template-oss@4.23.1 postlint
> template-oss-check

Some problems were detected:

-------------------------------------------------------------------

The following required devDependencies were not found:

  prettier
  @github/prettier-config@0.0.6

To correct it: npm rm prettier @github/prettier-config && npm i prettier@* --save-dev && npm i @github/prettier-config@0.0.6 --save-dev --save-exact

-------------------------------------------------------------------

Exact version enforcement

semver range

% npm i @github/prettier-config@latest --save-dev
...

% npm pkg get devDependencies."@github/prettier-config" 
"^0.0.6"

% npm run postlint                                     

> @npmcli/template-oss@4.23.1 postlint
> template-oss-check

Some problems were detected:

-------------------------------------------------------------------

The following required devDependencies were not found:

  @github/prettier-config@0.0.6

To correct it: npm rm @github/prettier-config && npm i @github/prettier-config@0.0.6 --save-dev --save-exact

-------------------------------------------------------------------

Exact version

% npm i @github/prettier-config@0.0.6 --save-dev --save-exact
...

% npm pkg get devDependencies."@github/prettier-config"
"0.0.6"
% npm run postlint

> @npmcli/template-oss@4.23.1 postlint
> template-oss-check

%

References

Follow-up to https://github.com/npm/template-oss/pull/447

wraithgar commented 2 months ago

disregard this approval, I didn't see it was done w/ a hard config to a specific version. That's not how this is done.

hashtagchris commented 2 months ago

We usually don't bake versions into this package itself.

I see we typically don't specify versions of dependencies, not even major versions. However why is there support for exact versions in template-oss if we should never use it?

https://github.com/npm/template-oss/blob/4ef5cf6be626cb5265486420634ad231832540ab/lib/check/check-required.js#L29

https://github.com/npm/template-oss/blob/4ef5cf6be626cb5265486420634ad231832540ab/lib/check/check-required.js#L40

And why does /test/apply/lint.js test with a version of @github/prettier-config without a caret?

wraithgar commented 2 months ago

The exact version specification appears to be for template-oss itself, which takes the version from its own package.json.

It does not look like we've baked into template-oss the ability to enforce no prefixes for other dependencies. I know we'd talked about it for the linting rules packages, but I don't think it's been done.

hashtagchris commented 2 months ago

To correct it: ... npm i @github/prettier-config@0.0.6 --save-dev --save-exact

I now understand that we should avoid hardcoding versions in this repo, as its too much trouble to update them later. Ideally we'd want a way to indicate which dependencies should be installed as an exact versions, and template-oss would output something like To correct it: ... npm i @github/prettier-config@* --save-dev --save-exact.

I don't know if we'd actually want or need to migrate to a eventual newer release of @github/prettier-config, but I'll assume that's true for this or another dependency.