Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RRFC] Allow packages to declare a schema for what kind of versioning system it uses (Allow use of non-SemVer) #794

Open
Nixinova opened this issue Jul 24, 2024 · 2 comments

Comments

@Nixinova
Copy link

Moved from nodejs/node#54016

What is the problem this feature will solve?

Many popular projects do not use SemVer. Take Microsoft/TypeScript (microsoft/TypeScript#14116) or jashkenas's packages (jashkenas/underscore#1684). These package maintainers do not follow the implicit contract of using SemVer, sometimes due to fundamental opposition to SemVer itself (https://gist.github.com/jashkenas/cbd2b088e20279ae2c8e).
This leads to friction among users:

I'm concerned that not following semver is creating unnecessary friction for TypeScript consumers who are opted in to having their builds broken whenever TypeScript releases a minor version as npm locks down to only major versions by default.
microsoft/TypeScript#14116 (comment)

The obvious solution is just to go "not npn's problem - they should be using Semver!" - but that's not going to happen.
We as package consumers are stuck with having to be aware that many critical packages do not follow the expected semantics of SemVer.

What is the feature you are proposing to solve the problem?

Therefore, npm should have a built-in solution for allowing package maintainers to decouple themselves from SemVer.

My proposal is to have an entry in package.json that defines what Versioning schema the package shall use.

I have a drafted schema definition file (schema.json) that defines aspects such segment types, ordering, and which digit increments represent breaking changes.
The default position of package.json would obviously be the use of SemVer, which I have a drafted schema for (semver.schema.json).
These drafted schemas could be adapted and maintained by npm to allow an official API for package maintainers to create their own versioning schemas to use in their projects.

This versioning schema would then be checked when installing a version from a range declared in the package.json (like package@^2.3.0), where the semantics for ^ are "the highest non-breaking version after or including 2.3.0", with what counts as "non-breaking" defined by the provided schema.

Real world example:

If Microsoft declares that for their typescript package, both the first and second digits represent breaking changes (declared using an in-house versioning schema linked to from package.json) -- then installing ^5.2 would not install version 5.5.2 (as expected from SemVer semantics), but only install the highest non-breaking version (which would be something like 5.2.3).

What alternatives have you considered?

"Just use SemVer", but this is not a realistic outcome as us consumers have no way of forcing maintainers like Microsoft to switch from their 'marketing versioning' to use SemVer.


This is similar in reason to this stale/unseen proposal npm/npm#19231 but goes quite further beyond by allowing the entire semantics of a version to be user-defined instead of just saying which digit is the breaking digit.
Having this functionality be more complicated than just setting a string is better as it would discourage usage of non-semver versioning - this proposal is for package managers that really, really, really don't want to use semver for some reason or another.

@reggi
Copy link

reggi commented Dec 5, 2024

I think semver is such an integral and highly coupled part of npm, especially around dist-tags, tarball names, packuments, and API endpoints, that I don't see a future where the versioning system is abstracted in any way for npm. I don't truly understand the need here either. Just because semver encourages a specific practice, it's ultimately up to package authors to abide by those rules in a way that benefits their users. You could throw it out the window and never properly address breaking changes; you could use major and minor versions and not patches. I don't understand why you would, but maintainers can.

@Nixinova
Copy link
Author

Nixinova commented Dec 7, 2024

Fair enough

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants