90% of all the releases I do of my modules are for bug fixes. Staying up to date, for the most part, means being *more* stable, not less.
The difference between Apache releases and the node ecosystem is that we have roughly 1000x the level of engagement around publishing and releasing. It would be a mistake to think about them the same way or try to leverage any process or learnings from one project to another. We have a pretty active use of semver, API breaks rarely happen in point releases. But, this is a community, it's best to follow the authors of your modules and grow some level of trust over time. The more you invest in the community (people) part of the ecosystem the easier this all the gets. We really do need better tools for updating all the deps in all my modules, it is currently exhausting and a lot of manual work. -Mikeal On Aug 14, 2013, at 10:06AM, Benjamin Pasero <[email protected]> wrote: > With Apache I feel there is a process around releases and I expect a higher > quality from official Apache libraries compared to some little node module > that I found somewhere and is not maintained for months and even buggy. > > As for not updating unless needed: The longer you wait to update the more > changes will come in. So if a security fix is coming in 3 major releases > later, you have a lot more work to catch up. > > And yes, its odd that some versions of packages are no longer available > through NPM at some point in time... > > On Wednesday, August 14, 2013 6:25:30 PM UTC+2, Mark Hahn wrote: > > Are people just updating to latest modules without reviewing the changes? > > I never upgrade unless I find a bug or need a new feature. Things are more > stable that way. > > On Wed, Aug 14, 2013 at 2:54 AM, Brian Lalor <[email protected]> wrote: > On Aug 14, 2013, at 2:18 AM, Benjamin Pasero <[email protected]> wrote: > > > I am actually missing good old Apache style libraries I guess from my Java > > times. > > How is npm any different in this regard? With Java projects, presumably > you're using a sane dependency management system like Maven or Ivy that takes > care of resolving transitive dependencies. You still list out the > dependencies *your* project has (in pom.xml or package.json) and the > dependency resolution mechanism takes care of pulling in the rest. You still > have to be aware of the changes being introduced by the dependency chain, > except that with npm a transitive dependency will only impact the library > that required it (thanks to the snazzy nested node_modules folders). > > -- > Brian Lalor > [email protected] > http://github.com/blalor > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
