python-semanticversion icon indicating copy to clipboard operation
python-semanticversion copied to clipboard

Published 20 hours ago verified publisher icon rbarrois

Support NPM verison ">=" following by a whitespace

Open larytet opened this issue 3 years ago • 9 comments

For example >= 1.4.0 < 2 Apparently there are ~30K packages in the NPM which dependencies lists have versions with a white space.

Also support for latest

I see also (illegal?) ~2.2.0rc More outlandish examples: ^v2.7.4, > =3.10, ~>1.4.1, ~ 2.0.0, ^0.20.0 && >=0.20.0, ^00.5.1 In the package @ansyn/core 0.2.82.4

larytet avatar Jan 21 '22 11:01 larytet

Hey! That's an interesting suggestion; however, the specification at https://github.com/npm/node-semver#range-grammar does not allow that form:

primitive  ::= ( '<' | '>' | '>=' | '<=' | '=' ) partial
partial    ::= xr ( '.' xr ( '.' xr qualifier ? )? )?
xr         ::= 'x' | 'X' | '*' | nr
nr         ::= '0' | ['1'-'9'] ( ['0'-'9'] ) *

Would you have any pointer to the semver docs explaining how those invalid forms are to be handled? Otherwise, this could be implemented as a .coerce() form, or a lax=True / strict=False option to the NpmSpec constructor...

rbarrois avatar Feb 06 '22 18:02 rbarrois

Also, please note that this is the same topic as discussed in #115 and in node-semver at https://github.com/npm/node-semver/issues/392

rbarrois avatar Feb 06 '22 19:02 rbarrois

@rbarrois

Would you have any pointer to the semver docs explaining how those invalid forms are to be handled? Otherwise, this could be implemented as a .coerce() form, or a lax=True / strict=False option to the NpmSpec constructor...

My preference would be to accept that node-semver documented specs are incomplete and that the only correct spec is the JS code? What do you think?

pombredanne avatar May 18 '22 08:05 pombredanne

I have a workaround. I clean the versions where I can, ignore version in some cases. 100% accuracy (accuracy is defined by interoperability with NPM install) is not critical in my use case.

larytet avatar May 18 '22 09:05 larytet

@larytet re:

I have a workaround. I clean the versions where I can, ignore version in some cases. 100% accuracy (accuracy is defined by interoperability with NPM install) is not critical in my use case.

Thanks! this helps.

I guess we will need this in https://github.com/nexB/univers/blob/6ad300ea515f99ffaae8b6a160724c32f027b5c0/src/univers/version_range.py#L226 for correctness so @larytet is there some code we can stole from you for this? :innocent:

@TG1999 @sbs2001 @Hritik14 FYI

pombredanne avatar May 18 '22 10:05 pombredanne

This is a proprietary code. There is not anything complex. I remove whitespaces, I apply a few simple regex. Please keep in mind that there is less ~3% packages (if my memory serves) with non complying versions. I left the project and I can't check it now. I think that after a few iterations I have ended up with "translation" of NPM version to Maven version, and using maven class for all versions.

@eranbrodet

larytet avatar May 18 '22 18:05 larytet

Any news regarding this ticket? I've encountered the same error when trying to parse jquery dependency jquery-ui version in jquery-ui/package.json file (with and without the whitespace):

"dependencies": {
	"jquery": ">=1.8.0 <4.0.0"
},

  >>> Spec(">=1.8.0 <4.0.0")
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 1196, in __init__
      super(LegacySpec, self).__init__(expression)
    File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 618, in __init__
      self.clause = self._parse_to_clause(expression)
    File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 1014, in _parse_to_clause
      return cls.Parser.parse(expression)
    File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 1034, in parse
      raise ValueError("Invalid simple block %r" % block)
  ValueError: Invalid simple block '>=1.8.0 <4.0.0'

>>> Spec(">=1.8.0<4.0.0")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 1196, in __init__
    super(LegacySpec, self).__init__(expression)
  File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 618, in __init__
    self.clause = self._parse_to_clause(expression)
  File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 1014, in _parse_to_clause
    return cls.Parser.parse(expression)
  File "/Users/ktal/git/infinimetrics/.venv/lib/python3.8/site-packages/semantic_version/base.py", line 1034, in parse
    raise ValueError("Invalid simple block %r" % block)
ValueError: Invalid simple block '>=1.8.0<4.0.0'

SpecialK118 avatar Dec 13 '23 15:12 SpecialK118

@SpecialK118 The upstream discussion in https://github.com/npm/node-semver/issues/392 hasn't had any movement.

I would like to decide this based on an explicit documented behaviour on NPM end, but couldn't find any. Could you help me with finding such a guideline, or official example stating that this behaviour is supposed to be accepted (and not just accidentally supported by the implementation)?

rbarrois avatar Dec 14 '23 13:12 rbarrois

@rbarrois It looks like I can workaround this issue by using NpmSpec instead of Spec, which is able to parse this format.

SpecialK118 avatar Dec 25 '23 12:12 SpecialK118