Package versioning and relation to git

[43081j]

Just a question around versions and tags.

Your last tag is 3.4.1, and yet in NPM we are at 3.4.3.

Meanwhile, the package.json in git is in fact at 3.4.1. It seems any audit-related version bumps simply don't make it into the git tags or the package.json.

Similarly, the dependencies currently in your package.json (3.4.1) don't match up with whats in npm (3.4.3).

I came across this because not too long ago svgo downsized their dependency tree. In master, you use this new smaller version. In npm you do not, you use the old larger one still. and yet the published package is meant to be newer, and somehow goes backwards..

On a related side note, where does 4.x come from? is master 4.x? as that does seem to have the matching package versions.

[ankon]

For the record: At least 3.4.3 is was created by republishing the package as per 8e761d1#commitcomment-41533857

[stale]

This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

[ankon]

This is only stale in the sense that the maintainers haven't yet reacted.

From the point of someone managing dependencies and policies related to which dependencies are acceptable this is still a huge issue.