Ever since I’ve been working on David I’ve seen a lot of version numbers for node projects. I’ve also authored a few npm packages and node projects myself. I find it hard understand why you wouldn’t use tilde to specify the versions of your dependencies. For example:
This is shorthand for >= 1.0.2 < 1.1.0. It is saying: If the major or minor version increases then I need to retest my code to check it works on the new version, so don’t depend on that. Although, if there are bug fixes, I want them, and whilst I understand that a bugfix release could break my software, it isn’t meant to, so I’m willing to take the gamble.
The idea is that you’re allowing your dependencies to “self update” within a range that is safe to do so. This is really powerful and you should be using it.
I’ve seen a lot of absolute versions for dependencies, which is fine (you know who you are, you have your reasons), but I also see a lot of reckless version ranges: “>= 0.3.14″, “*”, “latest” which are just mad. How can you possibly know your code will still work as your dependencies transition between major and minor version numbers?