-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] "npm publish" tags pre-versions as "latest" #7553
Comments
Some tag must always be set - what tag would you expect as an alternative? |
If not failing for pre-release builds (which would force the user to set the tag), I'd choose either:
|
failing and forcing a tag seems nice. even better is if it implemented https://npmjs.com/safe-publish-latest, and failed to implicitly publish a |
So, this behaviour, then? npm version 1.0.0
npm publish # no problem
npm version 1.0.1-alpha.1
npm publish
# npm ERR no tag set
npm publish --tag alpha # no problem
npm version 1.0.1-alpha.2
npm publish --tag latest # no problem; set implicitly
npm version 0.1.0 # assuming it's possible
npm publish
# npm ERR a newer 'latest' version is already published Another question. What should we do about this behaviour:
Should we allow this, because the developer "opted-in" to publishing pre-releases for 1.0.0 to |
If they explicitly want something to be "latest" then it would be wildly improper for npm to prevent that, but it seems reasonable to me that implicit "latest" must always be a "later" non-prerelease. (to be clear, this is something that'd have to be accepted by the npm team, and probably should be discussed in the RFC repo instead of here) |
Sounds good. It also matches the behaviour proposed in RFC 7
Thanks for the heads-up! I've drafted one here: npm/rfcs#776 |
➕ 1 on failing when not passing an explicit |
Because this is not a bug I am going to close this issue. The rfc issue is probably the best place to add more input. Personally I'm a huge fan of this idea. |
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
NOTE: This is rather a footgun than a bug
This was reported in npm/npm#13248 and has been ignored and never re-opened since, even though the problem clearly still exists. Following is the (adapted) description from the issues' original author. I have verified that this behaviour is still present.
Running
npm version premajor && npm publish
will tag the premajor version aslatest
by default. I confirmed this happens when running all pre-release options:premajor | preminor | prepatch | prerelease
.As pointed out in npm/npm#10189, there are valid reasons that authors would want to tag pre-release versions as
latest
. However, I think that this is not good default behaviour (though it is documented: "Publishing a package sets thelatest
tag to the published version unless the--tag
option is used. For example,npm publish --tag=beta
.")Semver documentation states:
Source: http://semver.org/#spec-item-9
Expected Behavior
I propose that the
latest
tag only be set if the version to be published is not a pre-release version. Or, at the very least, there should be a warning about this.Steps To Reproduce
npm version prepatch
or... preminor
or... premajor
or... prerelease
or set a pre-release version manuallynpm publish
latest
tag without any fussEnvironment
The text was updated successfully, but these errors were encountered: