Npm版本控制-这种边缘情况如何工作？

Question

Im trying to figure out how npm versioning works because im getting stuck on two invalid packages. Ref my other question . The module i need, serialport, get these packages invalid, "readable-stream" and "string_decoder". Serialport have downloaded this version:

readable-stream@1.0.27-1

Serialports dependency is

"readable-stream": "~1.0.2"

Readable-streams available versions are:

....
'1.0.26',
'1.0.27-1',
'1.0.31',
....

Which explains why 1.0.27-1 is picked. Because of the tilde and ~1.0.2, meaning that these three numbers have to exist in each version. Ref Jakob Mattsson´s simple article

readable-stream downloads

string_decoder@0.10.25-1

readable-stream again depends on

"string_decoder": "~0.10.x"

And string_decoders available versions are

....
'0.10.24',
'0.10.25-1',
'0.10.25',
'0.10.31',
'0.11.10-1'
....

How come that version is downloaded? Ref the article again , tilde means that it has to has 0.10 in the version number, and x is whatever exists?

Why is not string_decoder@0.10.31 chosen?

I believe my problem in question is related to prereleases that this extra dash is called. Im trying to gather facts to maybe seem if dependencies can get updated.

Answer 1

I recieved an answere on github, issue answer , thought i would share it with the rest who might wonder:

semver range checking is done semantically, not lexically, so 1.0.31 should match with npm@2:

% semver -r '~1.0.2' 1.0.26 1.0.27-1 1.0.31 1.0.26 1.0.31 I suspect that the behavior you're seeing is due to a bundledDependency included in the package tarball.

See Node app fails to run because of prerelease for a more detailed answer too why this happens.