Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
compare-versions
Advanced tools
Compare semver version strings to find greater, equal or lesser.
The compare-versions npm package is used to compare and sort semantic version numbers. It provides a simple API for comparing version strings in 'major.minor.patch' format, and it can be used in various environments such as Node.js, browsers, and as a command-line tool.
Compare versions
Compares two semantic version numbers and returns -1, 0, or 1 if the first version is less than, equal to, or greater than the second version, respectively.
const compareVersions = require('compare-versions');
console.log(compareVersions('1.2.3', '4.11.6')); // -1
Check if a version satisfies a range
Determines if a version satisfies a given range. It returns true if the version meets the criteria of the range, false otherwise.
const compareVersions = require('compare-versions');
console.log(compareVersions.satisfies('1.2.3', '>=1.0.0')); // true
Sort an array of versions
Sorts an array of semantic version numbers in ascending order.
const compareVersions = require('compare-versions');
const versions = ['1.2.3', '4.11.6', '2.0.0'];
versions.sort(compareVersions);
console.log(versions); // ['1.2.3', '2.0.0', '4.11.6']
semver is a popular package that provides a wide range of functions for manipulating and comparing semantic versions. It is more feature-rich than compare-versions, offering functions like coercion, ranges, and prerelease comparisons.
node-version-compare is another package for comparing version numbers. It is less popular and has a simpler API compared to compare-versions, focusing mainly on the comparison of version strings without additional features like range checking.
Compare semver version strings to find greater, equal or lesser. Runs in the browser as well as Node.js/React Native etc. Has no dependencies and is tiny.
Supports the full semver specification including versions with different number of digits like 1.0.0
, 1.0
, 1
and pre-releases like 1.0.0-alpha
. Additionally supports the following variations:
1.0.x
or 1.0.*
.25.0.1364.126
.v
is ignored, e.g. v1.0
is interpreted as 1.0
.1.01.1
is interpreted as 1.1.1
.1.2.7 || >=1.2.9 <2.0.0
$ npm install compare-versions
Note: Starting from v5 the main export is now named like so: import { compareVersions } from 'compare-versions'
.
Note: Starting from v4 this library includes a ESM version which will automatically be selected by your bundler (webpack, parcel etc). The CJS/UMD version is lib/umd/index.js
and the new ESM version is lib/esm/index.js
.
Will return 1
if first version is greater, 0
if versions are equal, and -1
if the second version is greater:
import { compareVersions } from 'compare-versions';
compareVersions('11.1.1', '10.0.0'); // 1
compareVersions('10.0.0', '10.0.0'); // 0
compareVersions('10.0.0', '11.1.1'); // -1
Can also be used for sorting:
const versions = [
'1.5.19',
'1.2.3',
'1.5.5'
]
const sorted = versions.sort(compareVersions);
/*
[
'1.2.3',
'1.5.5',
'1.5.19'
]
*/
The alternative compare
function accepts an operator which will be more familiar to humans:
import { compare } from 'compare-versions';
compare('10.1.8', '10.0.4', '>'); // true
compare('10.0.1', '10.0.1', '='); // true
compare('10.1.1', '10.2.2', '<'); // true
compare('10.1.1', '10.2.2', '<='); // true
compare('10.1.1', '10.2.2', '>='); // false
The satisfies
function accepts a range to compare, compatible with npm package versioning:
import { satisfies } from 'compare-versions';
satisfies('10.0.1', '~10.0.0'); // true
satisfies('10.1.0', '~10.0.0'); // false
satisfies('10.1.2', '^10.0.0'); // true
satisfies('11.0.0', '^10.0.0'); // false
satisfies('10.1.8', '>10.0.4'); // true
satisfies('10.0.1', '=10.0.1'); // true
satisfies('10.1.1', '<10.2.2'); // true
satisfies('10.1.1', '<=10.2.2'); // true
satisfies('10.1.1', '>=10.2.2'); // false
satisfies('1.4.6', '1.2.7 || >=1.2.9 <2.0.0'); // true
satisfies('1.2.8', '1.2.7 || >=1.2.9 <2.0.0'); // false
satisfies('1.5.1', '1.2.3 - 2.3.4'); // true
satisfies('2.3.5', '1.2.3 - 2.3.4'); // false
Applies the same rules used comparing version numbers and returns a boolean:
import { validate } from 'compare-versions';
validate('1.0.0-rc.1'); // true
validate('1.0-rc.1'); // false
validate('foo'); // false
Validate version numbers strictly according to semver.org; 3 integers, no wildcards, no leading zero or "v" etc:
import { validateStrict } from 'compare-versions';
validate('1.0.0'); // true
validate('1.0.0-rc.1'); // true
validate('1.0'); // false
validate('1.x'); // false
validate('v1.02'); // false
If included directly in the browser, the functions above are available on the global window under the compareVersions
object:
<script src=https://unpkg.com/compare-versions/lib/umd/index.js></script>
<script>
const { compareVersions, compare, satisfies, validate } = window.compareVersions
console.log(compareVersions('11.0.0', '10.0.0'))
console.log(compare('11.0.0', '10.0.0', '>'))
console.log(satisfies('1.2.0', '^1.0.0'))
console.log(validate('11.0.0'))
console.log(validateStrict('11.0.0'))
</script>
6.1.1 - 2024-07-13
.js
extension to imports.FAQs
Compare semver version strings to find greater, equal or lesser.
The npm package compare-versions receives a total of 4,721,417 weekly downloads. As such, compare-versions popularity was classified as popular.
We found that compare-versions demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.