Info: NPM > 6.5.0

[Xotic750]

Should you update the dependencies, things break if you update NPM > 6.5.0. As you have no tests, if you have a package.json like this

{
  "name": "tests",
  "version": "1.0.0",
  "dependencies": {
    "json3": "^3.1.0"
  },
  "devDependencies": {
    "safe-to-string-x": "1.5.0"
  },
  "peerDependencies": {
    "jquery-ui": "*",
    "safe-to-string-x": "^1 || ^2"
  }
}

where safe-to-string-x is in devand peer, it fails with a semver error from npm/lib/view

[ljharb]

We have a dep on npm 5; so v6.5.0 shouldn’t be relevant.

Are you specifically saying that having a dep in both dev and peer crashes salita?

[Xotic750]

No, not currently a problem, but should the dependencies be updated I just wanted to make you aware that things work up to that version.

Salita itself does not crash, so to speak, but the peer dependency for safe-to-string-x would be shown as Package not found:. When looking closer at npm/lib/view, semver throws an error internally to view saying something like 0 is not a valid version number. This results in Package not found: message in Salita.

If safe-to-string-x was not duplicated in dev and peer, then all appears fine. So it would be easy to miss the problem, should you update to anything > 6.5.0

After 6.5.0 there was a major refactor in code, I don't see anything about API changes, it could be indicative of a bug in npm/lib/view I just thought I'd share some info about something I tried.

[ljharb]

There's no reason for salita's npm dep to ever be updated, as far as I know - it can stay on v5 forever.

Thanks for the heads up.