search

upstash / qstash-js

Message queue for serverless
https://docs.upstash.com/qstash
MIT License
170 stars 20 forks source link

Published package.json version string contains 'v' prefix #74

Closed hmarr closed 2 months ago

hmarr commented 1 year ago

While I think it is technically allowed, it seems uncommon. Here's a project I'm working on with lots of dependencies—upstash is the only package with the prefix:

$ $ find node_modules -name package.json | wc -l
    2720
$ grep -R --include package.json '"version": "v' node_modules | wc -l
       1
$ grep -R --include package.json '"version": "v' node_modules
node_modules/@upstash/qstash/package.json:  "version": "v2.2.0",

It appears to be confusing the npm outdated command:

$ npm outdated
Package          Current  Wanted  Latest  Location                      Depended by
@upstash/qstash   v2.2.0   2.2.0   2.2.0  node_modules/@upstash/qstash  ---

I think it's happening because your release script sets the version based on the release ref name:

https://github.com/upstash/sdk-qstash-ts/blob/4b93fa1dc5b60616de78257f6c2f3bd324c5145e/.github/workflows/release.yml#L16-L17

Then substitutes that version directly into the package.json:

https://github.com/upstash/sdk-qstash-ts/blob/4b93fa1dc5b60616de78257f6c2f3bd324c5145e/.github/workflows/release.yml#L44-L45

So it should be an easy fix!

ogzhanolguncu commented 1 year ago

I understand the issue, but the funny thing is outdated doesn't show up for me when im using the latest version. Unless you specifically install @upstash/qstash@v2.2.0, because latest will point to @upstash/qstash@latest -> @upstash/qstash@2.2.0. By the way I still agree we can omit the v, but this issue shouldn't affect you. We do this for all the repos we have(convention started long time before I joined).

hmarr commented 1 year ago

Strange that you can't reproduce the issue—it happens consistently for me even after uninstalling the library, then reinstalling with either @upstash/qstash@latest or @upstash/qstash@2.2.0!

$ npm remove @upstash/qstash && npm install @upstash/qstash@2.2.0 && npm outdated

removed 3 packages, and audited 1133 packages in 927ms

248 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

added 3 packages, and audited 1136 packages in 926ms

249 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
Package          Current  Wanted  Latest  Location                      Depended by
@upstash/qstash   v2.2.0   2.2.0   2.2.0  node_modules/@upstash/qstash  -

latest does indeed point to 2.2.0, but I think the problem is coming from the fact that the version entry in the package.json on disk doesn't match that:

$ curl -s https://registry.npmjs.org/@upstash/qstash | jq '.["dist-tags"].latest'
"2.2.0"
$ jq .version node_modules/@upstash/qstash/package.json
"v2.2.0"

Perhaps it changed in a recent version of npm; I'm still using 9.8.1.

Anyway, thanks for offering to make the change! ❤️

ogzhanolguncu commented 1 year ago

Ahhh, you know what maybe thats on npm. I mostly use pnpm or bun nowadays let me test with npm and get back to you.

ogzhanolguncu commented 1 year ago 
>  npm remove @upstash/qstash && npm install @upstash/qstash@latest  && npm outdated

removed 2 packages, and audited 6 packages in 527ms

found 0 vulnerabilities

added 2 packages, and audited 8 packages in 2s

1 package is looking for funding
  run `npm fund` for details

Well, it didn't reproduce on my end.

npm -v > 9.8.1 node -v > v18.18.0