Npm packages pre-release versions
This document represents an architecture decision record (ADR) and has been mirrored from the ADR section in our Shopware 6 repository. You can find the original version here
A pre-release package version is a version followed by a hyphen and an alphanumeric string.
Imagine the following scenario:
- An imaginary package is marked as insecure with version 1.8.7
- The issue is fixed with 2.0.0
- We use version
- Any pre-release package version like
1.9.0-alpha1is interpreted as
Why is this problematic?
The insecurity introduced with version
1.8.7 would never get reported to us by npm, unless we switch to a none pre-release version.
Using pre-release package versions is prohibited. This will be checked via a npm
Bug fix releases only available as a preview in a pre-release package can't be used.