preview package versions clash with published package versions

[ericallam]

Here's the scenario:

• A PR is created and pkg.pr.new publishes a preview package. The version inside the package.json of the package is not updated (say, it's set to 1.0.0)
• A user Bob installs the preview package, and npm stores the pkg.pr.new specifier as the resolution of version 1.0.0 in the package-lock.json file
• Eventually the PR is merged and version 1.0.0 is published to NPM
• Bob tries to install version 1.0.0 of the package, but their lockfile will resolve version 1.0.0 to the pkg.pr.new specifier.

I think the correct way to solve this would be to update the version field in the package.json before published.

One thing to consider though is usage in a monorepo. Say the PR publishes 2 packages to pkg.pr.new, and package A depends on package B. You would also need to update the dependency version of package B inside the package.json of package A.

[Aslemammad]

hmm, interesting!

what about using -f in pnpm for instance while installing the published (and not the preview) version. Would it fix it?

cc @patak-dev might have some thoughts on this.