I know with npm
, caret and tilder and some logical operators can be used to specify version ranges. This post explains a bit on how this works.
The problem now is I find it hard to rectify the use of version ranges with the idea of having reproducible builds.
I mean version ranges for dependencies means that you are not specifying a requirement for a particular version but a range of version, which might change between builds (ie a patch release of a dependency was released between the last and current build).
Reproducible build seeks to remove variability in environment ensuring that every repeated build would always be the same.
From where I stand, these two ideas are in conflict with each other, hence my question here: perhaps someone can help me understand how it is ever possible to have reproducible builds with version ranges when using npm
Go to Source
Author: Finlay Weber