Open WaldoJeffers opened 11 months ago
@WaldoJeffers Thank you for noticing this. A naive question - looking at e.g. https://www.npmjs.com/package/@pulumi/aws or https://www.npmjs.com/package/@pulumi/docker - how do I see whether it has a "v" or not?
Hello @mikhailshilkov , Thanks for your reply.
That's actually not a naive question at all! It also puzzled me since the UI on npmjs.com seems to strip any potential leading v
character in the displayed version "box". Here are 2 ways to see if whether it is there or not:
you could simply install the package using npm
, in an empty repo:
mkdir test_repo && cd test_repo
npm init -f
npm install @pulumi/docker
cat node_modules/@pulumi/docker/package.json
This will print the actual content of the package.json
file in your terminal, and you should be able to have to a good look at the version
field.
Another way is to browse through the Code
tab on the package's page on npmjs.com. You should be able to find the package.json
file and inspect it directly in your browser (although the feature is marked as being in "beta" so I don't know if it's been released to 100% users at the moment). Here's a screenshot:
I really have no idea why they let users publish package with non-semver compatible versions though :/ I've definitely had my doubts and made the same mistake in the past.
Let me know how that works for you :)
What is the issue Most Node.js packages published on npm (under the
@pulumi
scope) are published with av
prefix in their version (as inv4.4.4
), which has 2 drawbacks: 1/ Although npm unexpectedly allows it, I think it's not valid, since theversion
field is supposed to follow the semver convention (which doesn't allow for a leadingv
). Source: npm documentation 2/ It confuses many tools used to report (& update) out of date dependencies. For example, in the attached screenshot, thenpm outdated
command reports Pulumi dependencies as outdated although they are not, which I think (but not 100% certain) is caused by thev
prefixsee the last 2 lines
What I would expect npm packages should be published without the leading
v
in theversion
field of thepackage.json
file ~"version": "v3.10.1"
~ =>"version": "3.10.1"
How to fix the issue I think this line:
sed -i.bak -e "s/\$${VERSION}/$(VERSION)/g" ./bin/package.json
found in the following files:is responsible for the issue, but I don't know which file should be modified The line should probably be changed to something like:
sed -i.bak -e "s/\$${VERSION}/${$(VERSION)/v/}/g" ./bin/package.json
although I'm not too sure about the syntax, so please don't take this at face value (I don't usesed
very often).Additional remarks This issue has already been identified (at least partially) because some of these packages have the following comment in their
getVersion
utility function: https://github.com/pulumi/pulumi-random/blob/18c6c96091184ed1d8d47860b6ee20b4094f0b14/sdk/nodejs/utilities.ts#L43 However, this does not seem to be used to generate the actual string in thepackage.json
file.Native Providers
Bridged Providers
Tier 1
Tier 2