Harden dependency versions

Question

Harden dependency versions

kumavis opened this issue 11 years ago · comments

Loose dependency versions via ~ can unwittingly introduce problems. I have experienced this in another project. Lets harden the dep versions.

Solution: Remove all tildes in the package.json file. Also should clean your node_modules after modifying the package.json to ensure that you have matching deps.

to refresh node_modules:

rm -rf node_modules
npm install

kumavis commented 11 years ago

👍

kumavis · Answer 1 · Fri Nov 01 2013 07:00:16 GMT+0800 (China Standard Time)

@knod Actually, instead of just removing the tildes, lets move the versions up to the current. If a dependency has a tilde, remove it and use just the version number shown below.

aabb-3d@0.0.0
brfs@0.0.8
browserify@2.35.0
duplex-emitter@0.1.10
ecstatic@0.3.0
extend@1.2.1
grunt@0.4.1
grunt-browserify@1.2.9
grunt-chauffeur@0.4.4
grunt-contrib-clean@0.5.0
grunt-contrib-copy@0.4.1
grunt-contrib-watch@0.5.3
grunt-ejs@0.1.0
grunt-sass@0.6.1
level@0.16.0
level-sublevel@5.1.1
minecraft-skin@0.1.2
painterly-textures@0.0.3
spatial-trigger@0.0.0
voxel@0.3.1
voxel-client@1.0.0
voxel-engine@0.18.4
voxel-highlight@0.0.9
voxel-level@2.1.0
voxel-server@1.0.0
walkietalkie@1.0.0
websocket-stream@0.0.5
ws@0.4.30

knod · Answer 2 · Fri Nov 01 2013 08:31:23 GMT+0800 (China Standard Time)

Two of the dependancies listed here aren't in package.json, browserify@2.35.0 and voxel-engine@0.18.4
Also, there are github addresses in there that I assume I shouldn't do anything to.
P.S. Can I alphabetize them?

kumavis · Answer 3 · Sat Nov 02 2013 07:09:52 GMT+0800 (China Standard Time)

@knod Correct on the first note, they are fine as is. 2nd note, they should remain git dependencies.
Thirdly, you should restrain yourself from alphabetizing for two reasons:

Changing versions and alphabetizing in the same commit makes it harder to tell what changed when you review the commit. If this was necessary, you would make the two changes as separate commits.
There is an endless amount of work to be done, often the hard part is keeping yourself from engineering and perfecting things that have a low pay-off. But if you want to, you can if you follow No. 1

kumavis · Answer 4 · Sat Nov 02 2013 07:10:57 GMT+0800 (China Standard Time)

Ideally commits should make one small change, or introduce one small feature. This makes it easy to undue changes that had negative side effects we discovered later.

knod · Answer 5 · Sat Nov 02 2013 09:47:41 GMT+0800 (China Standard Time)

That all makes sense, will do, two separate pushes. The alphabetizing will be super easy as it can be done automatically. I'll make sure it's all kosher before pushing that one though.

knod · Answer 6 · Sat Nov 02 2013 22:36:22 GMT+0800 (China Standard Time)

I attempted to make a pull request. Haven't done it before, so I'm not quite sure I've done it correctly.