undefined | Better HN

0 pointsskybrian2y ago0 comments

For dependencies where you didn’t explicitly specify the exact version, taking the latest version is nondeterministic - it varies over time. Someone else who checks out your code will get different results.

I was hoping for something like Go’s minimum version dependency resolution.

A lock file does solve the immediate issue.

0 comments

3 comments · 1 top-level

lakpan2y ago· 2 in thread

> Someone else who checks out your code will get different results.

> I was hoping for something like Go’s minimum version dependency resolution.

Uh and that’s different how? The default semver range is “minimum dependency version” with an upper bound in the current major.

skybrianOP2y ago

The upper bound resolves to a different version after a new minor version is published. That’s nondeterministic. Someone else checking out your project will get different results, unless you use a lock file.

lakpan2y ago

See, you don’t know how npm works. Npm does not care about the lockfile of dependencies. “Someone checking out my project” always gets the latest version of each dependency within the semver range, until their lockfile locks a version into place.

1 more reply

j / k navigate · click thread line to collapse