jsonlint icon indicating copy to clipboard operation
jsonlint copied to clipboard

Published 20 hours ago verified publisher icon zaach

nomnom is deprecated

Open Rudloff opened this issue 7 years ago • 8 comments

See https://github.com/harthur/nomnom#deprecation-notice

Rudloff avatar Dec 23 '17 15:12 Rudloff

There is also this project @gerhobbelt/nomnom on npm, which it seems take over the project. So only package.json need to be updated and new version published to npm.

jcubic avatar Feb 17 '18 16:02 jcubic

Broke our builds curiously today. Anyone have a fork or alternate library to recommend?

bdefore avatar Feb 20 '18 14:02 bdefore

I'm still crossing my fingers so npm resurrects nomnom, but I'm not too hopeful...

astorije avatar Feb 21 '18 01:02 astorije

The nomnom package was no longer being maintained by the original owner. As such, we (npm) deprecated it to give users a heads up. Although you'll get a warning message to that effect, the past versions of the package all remain untouched and available. As for jsonlint, it looks like its dep on nomnom is “>= 1.2.x”, so it was picking up the v2.0.0 deprecate placeholder. We've gone ahead and removed it. I'm sorry for the frustration.

:> npm view nomnom versions
 
[ '0.1.2',
  '0.1.3',
  '0.2.0',
  '0.3.0',
  '0.4.0',
  '0.4.1',
  '0.4.2',
  '0.4.3',
  '0.4.4',
  '0.4.6',
  '0.4.8',
  '0.5.0',
  '0.6.0',
  '0.6.1',
  '1.0.0',
  '1.5.0',
  '1.5.1',
  '1.5.2',
  '1.5.3',
  '1.6.0',
  '1.6.1',
  '1.6.2',
  '1.7.0',
  '1.8.0',
  '1.8.1' ]

ehsalazar avatar Feb 21 '18 18:02 ehsalazar

ty for the detailed expalantion @ehsalazar ! cheers

j-brown avatar Feb 21 '18 18:02 j-brown

I'm sorry to hijack the thread (I don't know where else I should have asked the following), but @ehsalazar would you care to explain further the process? I have a couple of question that I cannot answer based on online docs and individual knowledge:

  1. deprecation of a package version leads to printing a warning oninstall. In this case, as I understand from your comment, npm published version 2.0.0 which only had the deprecation-README.md . Unless a package is in violation of npm's policy (e.g. malware) or creating discomfort (e.g. left-pad or the recent package-missing event), why did npm intervene and publish smth? I don't understand why npm intervened at all, but if so - it seems to have sufficed to mark all versions previously published as deprecated.

  2. no matter who published 2.0.0, another offside move was made IMO - unpublishing, which lead to scenarios like the ones referenced above for mapbox and uber. Wouldn't publishing 2.0.1 have done the job nicely? I'm asking you because, once again as per my understanding, it's npm that published 2.0.0 not the package author.

Thanks!

andreineculau avatar Feb 21 '18 21:02 andreineculau

@ehsalazar I'd like more information on this too, as yesterday we had stable builds we intended to release today. Now that build is broken upon attempting to deploy because a dependency deep in the project (referenced in our package-lock.json file) no longer has v2.0.0 published.

timclipsham avatar Feb 21 '18 22:02 timclipsham

@andreineculau action was taken only after being in communication with the previous owner.

@timclipsham if you delete your package-lock.json, run a cache clean and new install, that should link you back to v1.8.1 and should fix your dep issues.

ehsalazar avatar Feb 21 '18 23:02 ehsalazar