Remove engines property from package.json #91
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #90 (comment)
Per npm's package.json doc, at most setting
engines
gets us a warning on install. TheengineStrict
property, which I don't think this package ever set, has been deprecated.My general thinking on version support so far has been roughly:
Checking licenses on long-dormant and "legacy" projects remains important.
Many of those projects are locked to old Node.js versions.
This is a relatively simple package, without need for many new language or core-library features, anyway.
That said, we want to reuse, not reinvent, npm's ways of interpreting and analyzing
node_modules
directories.npm has its own preferences and constraints for Node.js version support, which we're going to inherit.
Upshot: CI across LTS versions so we can catch and revert new syntax, core APIs, or dependency versions that needlessly sacrifice support for projects on old LTS versions.
I don't like the idea of having to twiddle
engines
for every release. And I'm not aware of any tools for analyzing our full production dep tree and calculating a composite supportedengines
range. In practice, we're just having users do that when they runnpm install
on whatevernode
andnpm
they have.However, in practice, I suspect most projects adopting
licensee
from scratch will be on later Node.js versions, and get away with just installing the latestlicensee
. Those diving into old projects will likely have thepackage.json
from days of yore, specifying an oldlicensee
version that worked with whatever Node.js they were using at the time. So long as we and all our dep authors make major version bumps for engine breaks, that should be fine. Alternatively, we could shipnpm-shrinkwrap.json
, but that makes perpetual bump chores, and we've done fine without it so far.