Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A tiny (187B) utility to compare semver strings.
Compare semver strings (eg, 1.8.2
, 2.0.0-next.6
, 0.0.0-alpha-1
, etc) using the Intl.Collator
class.
Version suffixes are supported and are considered during comparison.
The output will always be 0
, 1
, or -1
, allowing semiver
to be used directly as a compare function for Array.sort()
.
This module exposes three module definitions:
dist/semiver.mjs
dist/semiver.js
dist/semiver.min.js
$ npm install --save semiver
import semiver from 'semiver';
// A === B
semiver('0.0.0', '0.0.0'); //=> 0
semiver('1.2.3', '1.2.3'); //=> 0
// A > B
semiver('2.1.0', '1.9.0'); //=> 1
semiver('1.9.1', '1.9.0'); //=> 1
semiver('10.0.0', '1.0.0'); //=> 1
semiver('10.0.0', '8.9.0'); //=> 1
semiver('1.2.3-next.10', '1.2.3-next.6'); //=> 1
semiver('2.0.0-alpha-10', '2.0.0-alpha-6'); //=> 1
semiver('2.0.0-beta.1', '2.0.0-alpha.8'); //=> 1
// A < B
semiver('1.9.0', '2.1.0'); //=> -1
semiver('1.9.0', '1.9.1'); //=> -1
semiver('1.0.0', '10.0.0'); //=> -1
semiver('8.9.0', '10.0.0'); //=> -1
semiver('1.2.3-next.6', '1.2.3-next.10'); //=> -1
semiver('2.0.0-alpha-6', '2.0.0-alpha-10'); //=> -1
semiver('2.0.0-alpha.8', '2.0.0-beta.1'); //=> -1
// Sorting
[
'4.11.6', '4.2.0',
'1.5.19', '1.5.5',
'1.0.0', '1.0.0-rc.1',
'1.2.3', '1.2.3-alpha',
'1.0.0-alpha.1', '1.0.0-alpha',
'1.0.0-beta.11', '1.0.0-beta'
].sort(semiver);
/*
[ '1.0.0-alpha',
'1.0.0-alpha.1',
'1.0.0-beta',
'1.0.0-beta.11',
'1.0.0-rc.1',
'1.0.0',
'1.2.3-alpha',
'1.2.3',
'1.5.5',
'1.5.19',
'4.2.0',
'4.11.6' ]
*/
Returns: Number
0
indicates that a
is equal to b
-1
indicates that a
is less than b
1
indicates that a
is greater than b
Type: String
The input string to compare.
Type: String
The string to compare against.
MIT © Luke Edwards
FAQs
A tiny (187B) utility to compare semver strings
The npm package semiver receives a total of 111,262 weekly downloads. As such, semiver popularity was classified as popular.
We found that semiver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.