qstash-js
qstash-js copied to clipboard
upstash
Published package.json version string contains 'v' prefix
While I think it is technically allowed, it seems uncommon. Here's a project I'm working on with lots of dependencies—upstash is the only package with the prefix:
$ $ find node_modules -name package.json | wc -l
2720
$ grep -R --include package.json '"version": "v' node_modules | wc -l
1
$ grep -R --include package.json '"version": "v' node_modules
node_modules/@upstash/qstash/package.json: "version": "v2.2.0",
It appears to be confusing the npm outdated command:
$ npm outdated
Package Current Wanted Latest Location Depended by
@upstash/qstash v2.2.0 2.2.0 2.2.0 node_modules/@upstash/qstash ---
I think it's happening because your release script sets the version based on the release ref name:
https://github.com/upstash/sdk-qstash-ts/blob/4b93fa1dc5b60616de78257f6c2f3bd324c5145e/.github/workflows/release.yml#L16-L17
Then substitutes that version directly into the package.json:
https://github.com/upstash/sdk-qstash-ts/blob/4b93fa1dc5b60616de78257f6c2f3bd324c5145e/.github/workflows/release.yml#L44-L45
So it should be an easy fix!
I understand the issue, but the funny thing is outdated doesn't show up for me when im using the latest version. Unless you specifically install @upstash/[email protected], because latest will point to @upstash/qstash@latest -> @upstash/[email protected]. By the way I still agree we can omit the v, but this issue shouldn't affect you. We do this for all the repos we have(convention started long time before I joined).
Strange that you can't reproduce the issue—it happens consistently for me even after uninstalling the library, then reinstalling with either @upstash/qstash@latest or @upstash/[email protected]!
$ npm remove @upstash/qstash && npm install @upstash/[email protected] && npm outdated
removed 3 packages, and audited 1133 packages in 927ms
248 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
added 3 packages, and audited 1136 packages in 926ms
249 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
Package Current Wanted Latest Location Depended by
@upstash/qstash v2.2.0 2.2.0 2.2.0 node_modules/@upstash/qstash -
latest does indeed point to 2.2.0, but I think the problem is coming from the fact that the version entry in the package.json on disk doesn't match that:
$ curl -s https://registry.npmjs.org/@upstash/qstash | jq '.["dist-tags"].latest'
"2.2.0"
$ jq .version node_modules/@upstash/qstash/package.json
"v2.2.0"
Perhaps it changed in a recent version of npm; I'm still using 9.8.1.
Anyway, thanks for offering to make the change! ❤️
Ahhh, you know what maybe thats on npm. I mostly use pnpm or bun nowadays let me test with npm and get back to you.
> npm remove @upstash/qstash && npm install @upstash/qstash@latest && npm outdated
removed 2 packages, and audited 6 packages in 527ms
found 0 vulnerabilities
added 2 packages, and audited 8 packages in 2s
1 package is looking for funding
run `npm fund` for details
Well, it didn't reproduce on my end.
npm -v > 9.8.1 node -v > v18.18.0