I’m going to assume you’re already familiar with SemVer and the NPM tilde extension. If not, get your eye holes around those links, particularly the second one.

Ever since I’ve been working on David I’ve seen a lot of version numbers for node projects. I’ve also authored a few npm packages and node projects myself. I find it hard understand why you wouldn’t use tilde to specify the versions of your dependencies. For example:

~1.0.2

This is shorthand for >= 1.0.2 < 1.1.0. It is saying: If the major or minor version increases then I need to retest my code to check it works on the new version, so don’t depend on that. Although, if there are bug fixes, I want them, and whilst I understand that a bugfix release could break my software, it isn’t meant to, so I’m willing to take the gamble.

The idea is that you’re allowing your dependencies to “self update” within a range that is safe to do so. This is really powerful and you should be using it.

I’ve seen a lot of absolute versions for dependencies, which is fine (you know who you are, you have your reasons), but I also see a lot of reckless version ranges: “>= 0.3.14″, “*”, “latest” which are just mad. How can you possibly know your code will still work as your dependencies transition between major and minor version numbers?