Warning regarding npm versions installed today only

[Kris Kowal]

If you installed q, q-io, joey, collections, weak-map, mr, url2, or jasminum from the command line today, March 20, 2014, you may have received an unstable version from the future, Q 2, Joey 2, Collections 2, WeakMap 1.0.4, Mr 2, URL2 1.0.2, or Jasminum 2.

This problem would only affect users who used npm from the command line to install the package by name and name only. Any package installed indirectly by instructions set out in a package.json would have still installed a version conforming to the stored version predicate.

If you use npm install --save or npm install --save-dev, please be sure to use npm remove --save or npm remove --save-dev to update the package.json so the version from the future does not persist.

I have updated the latest tag for these projects so removing and reinstalling these packages should suffice.

I am trying to find a way to publish future versions to npm in a way that won’t interfere with users depending on the most recent stable versions. Today I tried npm publish --tag future, but this does not prevent the registry from slapping the "latest" tag on as well. I will try using publishConfig in package.json next, and will verify that it worked properly with jasminum project only, since it has not been officially announced.

https://github.com/npm/npm/issues/4837

https://github.com/npm/npm-www/blob/1eb7f8c15fffb69bfb6903ceade225ab9169a9fd/doc/json.html#L519

Again, my sincerest apologies if you got a bad version today.

However, I will have good news for future versions of these packages and others. They will remain in an unstable development phase for some time while I catch up on a backlog of ambitions to improve their behavior, their interfaces, and their mutual infrastructure.

Kris Kowal