Semver used by most all the packages that I depend on. The problem is that (1) most of these dependencies are on ~0 and feel free to break their API any time without warning (this is what they tell me), and (2) those that don't use semver, *don't disclose any scheme at all.* It is not documented, it is unpredictable, and not future-proof. This is the problem, this wastes developer time, and is hardly a practice that should be continued, even if it was costly to change mid-course.
Locking down your versions is a good idea, but not a solution to this problem. As mentioned, I use Git submodules (you can't get much more locked-down than that). Updating twenty packages should take on the order of a minute, not half a day. On Thursday, September 20, 2012 4:17:51 PM UTC-7, Michael Schoonmaker wrote: > > I don't disagree with you insofar as using something that *looks like *semver > without *being *semver can be confusing. > > However, what I do disagree with is the attitude that we should change > *common > practice* because there is a similar-looking *standard*. Does that make > sense? It's one thing to be confusing. It's something else entirely that *the > ship has sailed*, and there are plenty of people on the deck having a > great time. > > I'm relatively new to Node (on the order of almost a year instead of > several), but I understand what npm version numbers entail, and I > understand that it's *my *package.json that describes what version of > each dependency I use. Just as two applications may use different > versioning schemes altogether, so two package developers may interpret > https://npmjs.org/doc/json.html#version differently. Therefore, it's *my > *responsibility > to: > > 1. Understand how my dependencies define versions. > 2. Lock versions down for production. > 3. Upgrade explicitly and with cause. > 4. Update my package.json accordingly. > > Schoon > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en