Fix npm published version number
See original GitHub issueActual Behaviour
If you run npm audit
$ npm audit
=== npm audit security report ===
# Run npm install --save-dev serverless-dynamodb-local@1.0.2 to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Moderate β Prototype Pollution β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Package β node.extend β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Dependency of β serverless-dynamodb-local [dev] β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Path β serverless-dynamodb-local > dynamodb-localhost > rmdir > β
β β node.flow > node.extend β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β More info β https://npmjs.com/advisories/781 β
βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
It advises you to instal:
npm install --save-dev serverless-dynamodb-local@1.0.2
Expected Behaviour
It should offer to install the verson 0.2.37
as that is the latest version of the package. This is because npm registry version has 1.0.0
, 1.0.1
and 1.0.2
version published 3 years ago.
Steps to reproduce it
run npm audit
Would you like to work on the issue?
May be, it require npm publish access to fix this issue.
Potential options:
- Depricate npm releases
1.0.0
,1.0.1
and1.0.2
. - Release a new version
1.2.38
I know that option 2 is against how semver works. In this case publishing those 1.x
version has lead to this issue. However this will set things on the right track for future releases. Essentially you are doing a fake release to realign semver releases.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:8
- Comments:6
Top Results From Across the Web
About semantic versioning - npm Docs
Incrementing semantic versions in published packages ; First release, New product, Start with 1.0.0, 1.0.0 ; Backward compatible bug fixes, Patch release ......
Read more >How do I update an NPM module that I published?
To change the version number in package.json, on the command line, in the package root directory, run the following command, replacing <Β ...
Read more >How to Publish an Updated Version of an npm Package
The easiest way to update your version number is to use the handy npm version command. This will automatically update the version number...
Read more >How to Use Semantic Versioning in NPM | heynode.com
The Node Package Manager (npm) ecosystem uses Semantic Versioning, or SemVer, as the standard for version numbers. By default, when installing an npm...
Read more >How to automate versioning and publication of an npm package
Take into account that standard-version will change your version number following these guides: A git commit -m βfix: β¦
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@AshanFernando Any update on this?
This issue is effecting my team as well, any update on itβs completion?