Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
version-range
Advanced tools
Check version ranges like `>=N` and `X || Y || Z` with support for Node.js, Web Browsers, Deno, and TypeScript.
Check version ranges like >=N
and X || Y || Z
with support for Node.js, Web Browsers, Deno, and TypeScript.
Range comparison of versions for the most common use cases. Fast with broad ecosystem support.
import satisfies from 'version-range'
console.log(satisfies('1.0', '>=1.0')) // true
console.log(satisfies('1.0', '1')) // true
console.log(satisfies('1.0', '1 || 2')) // true
console.log(satisfies('1.1.0', '^1.1')) // true
console.log(satisfies('1.1.0', '~1.1')) // true
console.log(satisfies('1.0.0', '5 || <=2')) // true
console.log(satisfies('1', '<=2')) // true
console.log(satisfies('1.0', '<=2')) // true
console.log(satisfies('1.0.0', '<=2')) // true
console.log(satisfies('2', '>1')) // true
console.log(satisfies('2', '>=1')) // true
console.log(satisfies('1', '>=1')) // true
console.log(satisfies('1.0', '>=1')) // true
console.log(satisfies('1.0.0', '>=1')) // true
console.log(satisfies('1', '>=1.0.0')) // true
console.log(satisfies('1.0', '>=1.0.0')) // true
console.log(satisfies('1.0.0', '>=1.0.0')) // true
console.log(satisfies('1', '^1')) // true
console.log(satisfies('1', '~1')) // false, not all 1.x versions (1.1, 1.2, etc) match 1.0.x
console.log(satisfies('1', '^1.1')) // false, not all 1.x versions (1.0) match >=1.1<2
console.log(satisfies('1', '~1.1')) // false, not all 1.x versions (1.0) match 1.1.x
console.log(satisfies('1.0.0', '^1')) // true
console.log(satisfies('1.0.0', '~1')) // true
The above results are expected, but not what the semver
package returns. The semver package has two different behaviours based on whether the version is coerced or not, alternating between expected and unexpected results. This package differs to match our actual expectations, as you can see above.
Doesn't do special handling for -releaseTag
and 0.x
versions.
npm install --save version-range
import pkg from ('version-range')
const pkg = require('version-range').default
import pkg from 'https://unpkg.com/version-range@^4.2.0/edition-deno/index.ts'
<script type="module">
import pkg from '//cdn.skypack.dev/version-range@^4.2.0'
</script>
<script type="module">
import pkg from '//unpkg.com/version-range@^4.2.0'
</script>
<script type="module">
import pkg from '//dev.jspm.io/version-range@4.2.0'
</script>
This package is published with the following editions:
version-range/source/index.ts
is TypeScript source code with Import for modulesversion-range/edition-browsers/index.js
is TypeScript compiled against ES2022 for web browsers with Import for modulesversion-range
aliases version-range/edition-es2022/index.js
version-range/edition-es2022/index.js
is TypeScript compiled against ES2022 for Node.js 8 || 10 || 12 || 14 || 16 || 18 || 20 || 21 with Require for modulesversion-range/edition-es2022-esm/index.js
is TypeScript compiled against ES2022 for Node.js 12 || 14 || 16 || 18 || 20 || 21 with Import for modulesversion-range/edition-deno/index.ts
is TypeScript source code made to be compatible with DenoDiscover the release history by heading on over to the HISTORY.md
file.
Discover how you can contribute by heading on over to the CONTRIBUTING.md
file.
These amazing people are maintaining this project:
No sponsors yet! Will you be the first?
These amazing people have contributed code to this project:
Discover how you can contribute by heading on over to the CONTRIBUTING.md
file.
Unless stated otherwise all works are:
and licensed under:
FAQs
Check version ranges like `>=N` and `X || Y || Z` with support for Node.js, Web Browsers, Deno, and TypeScript.
The npm package version-range receives a total of 59,103 weekly downloads. As such, version-range popularity was classified as popular.
We found that version-range demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.