nodejs-packagiing improvements

T.C. Hollingsworth tchollingsworth at
Fri Mar 21 00:54:05 UTC 2014

On Wed, Mar 19, 2014 at 10:19 AM, T.C. Hollingsworth
<tchollingsworth at> wrote:
> - Support for the caret (^) operator was added to the dependency generator.
> This has been supported in npm for about a year now, but the
> dependency generator never knew about it.  It also hasn't really
> gained traction in the wild till very recently. (old npm versions that
> don't support it are slowly dying out...)
> The semantics of this new operator are described in detail here:
> Basically, ^1.2.3 is the equivalent of ">1.2.3 <2".  This is much
> better for our purposes than the "~1.2.3" form used by many packages,
> which translates to ">1.2.3 <1.3".  Undoubtedly many of us will want
> to start using it in %nodejs_fixdep for certain recalcitrant packages.
>  ;-)

Thinking about this further, perhaps we should add a --caretify option
or so to %nodejs_fixdep.

This option would change deps thusly (in npm-speak and rpm-speak, respectively):
-convert '1.2.3' deps to '^1.2.3'
    changes '==1.2.3' to '>1.2.3 <2'
-convert '~1.2.3' deps to '^1.2.3'
    changes '>=1.2.3 <1.3' to '>1.2.3 <2'
-convert '1.2.x' deps to '^1.2'
    changes '>=1.2 <1.3' to '>=1.2 <2'
-convert '1.2' deps to '^1.2'
    changes '>=1.2 <1.3' to '>=1.2 <2'
-skip '1' deps, since '^1' would be functionally equivalent
    both translate to '>=1 <2'
-skip when one of '><=' are present, since this option makes no sense
with such deps

This option would permit no packages to be passed as arguments (e.g.
just '%nodejs_fixdep --caretify'), in which case it would affect all
dependencies for which it makes sense and skip those for which it does

It would also permit a single package as an argument (e.g.
'%nodejs_fixdep --caretify async'), in which case it would only affect
that package, and error out instead of skipping packages when it is
not possible.  (e.g. it will fail the build if you try to caretify a
dependency with a '><=' in it, which is rare, but will still skip a
plain major version dep like '1' since the dependency will be
effectively equivalent if we appended a ^.)

I think this approach to fixing deps will be much nicer in a lot of
cases than what we're currently doing.  If we manually '%nodejs_fixdep
async ^1.2.3' all the time, we'll probably forget to check if the
lower bound gets higher on us, and potentially end up with
combinations of packages that don't work together.  This option would
eliminate manually specifying the version in the spec, so the lower
bound is always taken from package.json, we just adjust the upper
bound to something that makes a lot more sense for Fedora (and the
general ecosystem).

Make sense?  Would other packagers find this useful?


More information about the nodejs mailing list