在 package.json 依赖值中验证 semver 版本

Question

I am getting problems like this when validating that the right version of a dependency is installed:

package with name csvtojson is not satisfied. Installed version: 0.4.5 desired version: github:Keyang/node-csvtojson#16ba2237e0bd96d6e3773e4c4d6e36c70efa620e

I am trying to use the semver package to validate a desired dependency version:

const semver = require('semver');
const satisfies = semver.satisfies(installedVersion, desiredVersion);

in package.json, we might see this:

"csvtojson": "^1.12.0"

or

"csvtojson":"github:Keyang/node-csvtojson#16ba2237e0bd96d6e3773e4c4d6e36c70efa620e"

what I want to do is determine if an installed dependency meets the version range of the desired dependency.

If the desired version is not semverish, I am willing to skip it, but I don't have a good test for that, anyone have a good idea how to skip desired versions that don't appear to be semverish?

Maybe use a regex like this:

/.*[0-9]{1,5}\.[0-9]{1,5}\.[0-9]{1,5}/

?

Answer 1

This RegExp here is validating all scenarios:

^(\d|[1-9]\d*)\.(\d|[1-9]\d*)\.(\d|[1-9]\d*)(-(0|[1-9A-Za-z-][0-9A-Za-z-]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*)(\.(0|[1-9A-Za-z-][0-9A-Za-z-]*|[0-9]*[A-Za-z-][0-9A-Za-z-]*))*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$

Source: https://brunorb.com/untangling-semver/