Version for dependencies patched by vendor #425

New Issue

Closed

opened 2026-02-17 12:04:13 -06:00 by GiteaMirror · 9 comments

GiteaMirror commented 2026-02-17 12:04:13 -06:00

Owner

Copy Link

Originally created by @sjackman on GitHub (Jul 13, 2020).

I have forked a dependency to make a fix on my fork, and that patched version is a dependency of my other project. What should the version number of this patched dependency be? The upstream version is 1.2.3. I suggest that my patched version is 1.2.3.sjackman.0, and the next patched version would be 1.2.3.sjackman.1. Thoughts?

Originally created by @sjackman on GitHub (Jul 13, 2020). I have forked a dependency to make a fix on my fork, and that patched version is a dependency of my other project. What should the version number of this patched dependency be? The upstream version is `1.2.3`. I suggest that my patched version is `1.2.3.sjackman.0`, and the next patched version would be `1.2.3.sjackman.1`. Thoughts?

GiteaMirror closed this issue 2026-02-17 12:04:13 -06:00

GiteaMirror commented 2026-02-17 12:04:14 -06:00

Author

Owner

Copy Link

@ljharb commented on GitHub (Jul 13, 2020):

A fork is a different project that should have a different name, and thus has no required relationship to the original project's version number.

@ljharb commented on GitHub (Jul 13, 2020): A fork is a different project that should have a different name, and thus has no required relationship to the original project's version number.

GiteaMirror commented 2026-02-17 12:04:15 -06:00

Author

Owner

Copy Link

@sjackman commented on GitHub (Jul 13, 2020):

A good suggestion. In the case of GitHub, the user/repo pair can be used: sjackman/project version 1.2.3. It would be nice if the version number of my forked project could somehow reflect the version number of the upstream project. If the upstream version is 1.2.3, I'd prefer to tag my version 1.2.3.1 rather than 1.2.4, which would be confusing when the upstream project releases their 1.2.4.

@sjackman commented on GitHub (Jul 13, 2020): A good suggestion. In the case of GitHub, the user/repo pair can be used: `sjackman/project` version `1.2.3`. It would be nice if the version number of my forked project could somehow reflect the version number of the upstream project. If the upstream version is `1.2.3`, I'd prefer to tag my version `1.2.3.1` rather than `1.2.4`, which would be confusing when the upstream project releases their `1.2.4`.

GiteaMirror commented 2026-02-17 12:04:16 -06:00

Author

Owner

Copy Link

@sjackman commented on GitHub (Jul 13, 2020):

Feel free to close this issue as beyond scope (won't fix). I wanted to know if there was an existing best practice.

@sjackman commented on GitHub (Jul 13, 2020): Feel free to close this issue as beyond scope (won't fix). I wanted to know if there was an existing best practice.

GiteaMirror commented 2026-02-17 12:04:17 -06:00

Author

Owner

Copy Link

@ljharb commented on GitHub (Jul 13, 2020):

My personal recommendation here is to use a scope - ie, @sjackman/project, and to mirror the version numbers such that for every x.y.z release of project, you release an x.y.z of @sjackman/project. This of course depends on what you're patching in - the alternative is, if your delta is a patch, yours would be x.y.z+1, if a minor, x.y+1.z, etc - that way your fork always matches "what the real one would be if it suddenly released with your change".

@ljharb commented on GitHub (Jul 13, 2020): My personal recommendation here is to use a scope - ie, `@sjackman/project`, and to mirror the version numbers such that for every `x.y.z` release of `project`, you release an `x.y.z` of `@sjackman/project`. This of course depends on what you're patching in - the alternative is, if your delta is a patch, yours would be `x.y.z+1`, if a minor, `x.y+1.z`, etc - that way your fork always matches "what the real one *would* be if it suddenly released with your change".

GiteaMirror commented 2026-02-17 12:04:18 -06:00

Author

Owner

Copy Link

@sjackman commented on GitHub (Jul 13, 2020):

Is this @ "scope" a feature of SemVer? I don't see it described at https://semver.org

If I were to tag my patched version 1.2.4, when upstream eventually tags a different version 1.2.4, when I git fetch upstream --tags, now these two tags conflict, that is to say, they point at different Git commit SHA-1. My tags will need to be different (say 1.2.3.sjackman.0) or in a different namespace (say sjackman/1.2.4) than upstream's tags. Perhaps that's what you meant by a "scope".

@sjackman commented on GitHub (Jul 13, 2020): Is this `@` "scope" a feature of SemVer? I don't see it described at https://semver.org If I were to tag my patched version `1.2.4`, when upstream eventually tags a different version `1.2.4`, when I `git fetch upstream --tags`, now these two tags conflict, that is to say, they point at different Git commit SHA-1. My tags will need to be different (say `1.2.3.sjackman.0`) or in a different namespace (say `sjackman/1.2.4`) than upstream's tags. Perhaps that's what you meant by a "scope".

GiteaMirror commented 2026-02-17 12:04:19 -06:00

Author

Owner

Copy Link

@ljharb commented on GitHub (Jul 14, 2020):

Oh, sorry, I assumed this was npm :-) disregard the scope stuff if you're not using npm.

Yes, I would assume that the versions would always point to different SHAs - your fork is a completely distinct project, that only has a conceptual link to the original. As such, commit SHAs likely will never match.

@ljharb commented on GitHub (Jul 14, 2020): Oh, sorry, I assumed this was npm :-) disregard the scope stuff if you're not using npm. Yes, I would assume that the versions would always point to different SHAs - your fork is a *completely distinct* project, that only has a _conceptual_ link to the original. As such, commit SHAs likely will never match.

GiteaMirror commented 2026-02-17 12:04:20 -06:00

Author

Owner

Copy Link

@sjackman commented on GitHub (Jul 14, 2020):

Every tag up to the point of forking will agree perfectly, so commit SHAs likely will never match is not universally true. The two projects share a common ancestry, and the conceptual link between these projects is rather important.

I do believe my question is outside the scope of SemVer though, and we're beginning to talk past each other.

@sjackman commented on GitHub (Jul 14, 2020): Every tag up to the point of forking will agree perfectly, so `commit SHAs likely will never match` is not universally true. The two projects share a common ancestry, and the conceptual link between these projects is rather important. I do believe my question is outside the scope of SemVer though, and we're beginning to talk past each other.

GiteaMirror commented 2026-02-17 12:04:21 -06:00

Author

Owner

Copy Link

@ljharb commented on GitHub (Jul 14, 2020):

I think you’re right, yes :-) in short, i think the conceptual link, while critical, belongs in prose and not in the version number.

@ljharb commented on GitHub (Jul 14, 2020): I think you’re right, yes :-) in short, i think the conceptual link, while critical, belongs in prose and not in the version number.

GiteaMirror commented 2026-02-17 12:04:21 -06:00

Author

Owner

Copy Link

@sjackman commented on GitHub (Jul 14, 2020):

Thanks for the chat, Jordan!

@sjackman commented on GitHub (Jul 14, 2020): Thanks for the chat, Jordan!

GiteaMirror referenced this issue 2026-02-17 12:19:13 -06:00

[PR #425] [CLOSED] Readme.md #799

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

isaacs/ranges

docs/README

v2.0.0

v1.0.0-rc.1

v1.0.0

v1.0.0-beta

Labels

Clear labels

bug

consensus seeking

duplicate

extend

layout

pull-request

Mirrored from GitHub Pull Request

question

RFC

spelling/grammar

staled

update

waiting for PR

won't fix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/semver#425