Vue: a csp compliant install via package.json results in a non compliant release
Installing vue@csp via package.json always results in the non csp compliant release.
If it's a limitation of NPM then a hint in the documentation would be helpful.
Vue.js version
1.0.24-csp
Steps to reproduce
initial install of vue@csp:
$ npm install vue@csp --save-dev
[email protected] node_modules/vue
└── [email protected] ([email protected], [email protected])
$ npm ls --depth=0
[email protected] /tmp/foo
└── [email protected]
Everything looks good.
Now remove vue from node_modules to force a fresh install via the entry in package.json:
$ npm remove vue
unbuild [email protected]
$ npm install
[email protected] node_modules/vue
└── [email protected] ([email protected], [email protected])
$ npm ls --depth=0
[email protected] /tmp/foo
└── [email protected]
Note: the version in package.json didn't change
$ grep vue package.json
"vue": "^1.0.24-csp"
$ npm --version
2.15.1
What is Expected?
If package.json contains a reference to the csp compliant release
'npm install' must not install the non compliant release
What is actually happening?
'npm install' results in the non compliant release
pmorjan
>All comments
This is not an issue with vue, it is an issue with the way semver does versioning
1.0.24 is a higher version number then 1.0.24-csp and the ^ at the begging of the version tells npm that you want the latest 1.0.x
you can fix this by changing the version number in the package.json to "vue": "1.0.24-csp"
note there is no ^
thattomperson
on 23 May 2016
Related issues
seemsindie
·
3Comments
6pm
·
3Comments
loki0609
·
3Comments
fergaldoyle
·
3Comments
wufeng87
·
3Comments
Most helpful comment
This is not an issue with vue, it is an issue with the way semver does versioning
1.0.24 is a higher version number then 1.0.24-csp and the
^at the begging of the version tells npm that you want the latest 1.0.xyou can fix this by changing the version number in the package.json to
"vue": "1.0.24-csp"note there is no
^