Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
compare-versions
Advanced tools
Compare semver version strings to find greater, equal or lesser.
The compare-versions npm package is used to compare and sort semantic version numbers. It provides a simple API for comparing version strings in 'major.minor.patch' format, and it can be used in various environments such as Node.js, browsers, and as a command-line tool.
Compare versions
Compares two semantic version numbers and returns -1, 0, or 1 if the first version is less than, equal to, or greater than the second version, respectively.
const compareVersions = require('compare-versions');
console.log(compareVersions('1.2.3', '4.11.6')); // -1
Check if a version satisfies a range
Determines if a version satisfies a given range. It returns true if the version meets the criteria of the range, false otherwise.
const compareVersions = require('compare-versions');
console.log(compareVersions.satisfies('1.2.3', '>=1.0.0')); // true
Sort an array of versions
Sorts an array of semantic version numbers in ascending order.
const compareVersions = require('compare-versions');
const versions = ['1.2.3', '4.11.6', '2.0.0'];
versions.sort(compareVersions);
console.log(versions); // ['1.2.3', '2.0.0', '4.11.6']
semver is a popular package that provides a wide range of functions for manipulating and comparing semantic versions. It is more feature-rich than compare-versions, offering functions like coercion, ranges, and prerelease comparisons.
node-version-compare is another package for comparing version numbers. It is less popular and has a simpler API compared to compare-versions, focusing mainly on the comparison of version strings without additional features like range checking.
Compare semver version strings to find greater, equal or lesser. Runs in the browser as well as Node.js/React Native etc. Has no dependencies and is tiny.
Supports the full semver specification including versions with different number of digits like 1.0.0
, 1.0
, 1
and pre-releases like 1.0.0-alpha
. Additionally supports the following variations:
1.0.x
or 1.0.*
.25.0.1364.126
.v
is ignored, e.g. v1.0
is interpreted as 1.0
.1.01.1
is interpreted as 1.1.1
.1.2.7 || >=1.2.9 <2.0.0
$ npm install compare-versions
Note: Starting from v5 the main export is now named like so: import { compareVersions } from 'compare-versions'
.
Note: Starting from v4 this library includes a ESM version which will automatically be selected by your bundler (webpack, parcel etc). The CJS/UMD version is lib/umd/index.js
and the new ESM version is lib/esm/index.js
.
Will return 1
if first version is greater, 0
if versions are equal, and -1
if the second version is greater:
import { compareVersions } from 'compare-versions';
compareVersions('11.1.1', '10.0.0'); // 1
compareVersions('10.0.0', '10.0.0'); // 0
compareVersions('10.0.0', '11.1.1'); // -1
Can also be used for sorting:
const versions = [
'1.5.19',
'1.2.3',
'1.5.5'
]
const sorted = versions.sort(compareVersions);
/*
[
'1.2.3',
'1.5.5',
'1.5.19'
]
*/
The alternative compare
function accepts an operator which will be more familiar to humans:
import { compare } from 'compare-versions';
compare('10.1.8', '10.0.4', '>'); // true
compare('10.0.1', '10.0.1', '='); // true
compare('10.1.1', '10.2.2', '<'); // true
compare('10.1.1', '10.2.2', '<='); // true
compare('10.1.1', '10.2.2', '>='); // false
The satisfies
function accepts a range to compare, compatible with npm package versioning:
import { satisfies } from 'compare-versions';
satisfies('10.0.1', '~10.0.0'); // true
satisfies('10.1.0', '~10.0.0'); // false
satisfies('10.1.2', '^10.0.0'); // true
satisfies('11.0.0', '^10.0.0'); // false
satisfies('10.1.8', '>10.0.4'); // true
satisfies('10.0.1', '=10.0.1'); // true
satisfies('10.1.1', '<10.2.2'); // true
satisfies('10.1.1', '<=10.2.2'); // true
satisfies('10.1.1', '>=10.2.2'); // false
satisfies('1.4.6', '1.2.7 || >=1.2.9 <2.0.0'); // true
satisfies('1.2.8', '1.2.7 || >=1.2.9 <2.0.0'); // false
satisfies('1.5.1', '1.2.3 - 2.3.4'); // true
satisfies('2.3.5', '1.2.3 - 2.3.4'); // false
Applies the same rules used comparing version numbers and returns a boolean:
import { validate } from 'compare-versions';
validate('1.0.0-rc.1'); // true
validate('1.0-rc.1'); // false
validate('foo'); // false
Validate version numbers strictly according to semver.org; 3 integers, no wildcards, no leading zero or "v" etc:
import { validateStrict } from 'compare-versions';
validate('1.0.0'); // true
validate('1.0.0-rc.1'); // true
validate('1.0'); // false
validate('1.x'); // false
validate('v1.02'); // false
If included directly in the browser, the functions above are available on the global window under the compareVersions
object:
<script src=https://unpkg.com/compare-versions/lib/umd/index.js></script>
<script>
const { compareVersions, compare, satisfies, validate } = window.compareVersions
console.log(compareVersions('11.0.0', '10.0.0'))
console.log(compare('11.0.0', '10.0.0', '>'))
console.log(satisfies('1.2.0', '^1.0.0'))
console.log(validate('11.0.0'))
console.log(validateStrict('11.0.0'))
</script>
6.1.1 - 2024-07-13
.js
extension to imports.FAQs
Compare semver version strings to find greater, equal or lesser.
The npm package compare-versions receives a total of 4,493,200 weekly downloads. As such, compare-versions popularity was classified as popular.
We found that compare-versions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.