Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihxu27xuil3eigmt7tycexxa75eamasv3eb2f6xtf2ghtafpkpsym",
    "uri": "at://did:plc:jagjcwjmd4t5uvx4ozxzxmem/app.bsky.feed.post/3lgpvnhk2ytm2"
  },
  "path": "/articles/semver-ranges-for-git-hosted-npm-modules/",
  "publishedAt": "2026-06-18T04:49:21.248Z",
  "site": "https://davistobias.com",
  "tags": [
    "demo module",
    "semver ranges",
    "semver calculator"
  ],
  "textContent": "It’s pretty common for a company to have a few npm modules hosted on GitHub or BitBucket as private repositories. In this post I’ll show you how you can use semver ranges for those modules.\n\nI’ve also created a demo module which is a public repository, but not published on npm, so to install it you need to use a git reference, e.g.:\n\n\n    npm install --save git+ssh://git@bitbucket.org/saibotsivad/demo-npm-git-semver.git\n\nThe module exports a function that returns it’s own version when called, so you can make sure you’ve installed it correctly and see what version is installed:\n\n\n    const demo = require('demo-npm-git-semver')\n    console.log(demo()) // => ???\n\nThe problem here is that you don’t have any control over what version you installed! You get whatever the git server marks as the head of the default branch.\n\nThis might be fine for some applications, but for most production systems you’ll want to be able to specify versions.\n\nOne solution is to use the commit hash:\n\n\n    npm install --save git+ssh://git@bitbucket.org/saibotsivad/demo-npm-git-semver.git#1cbcec73\n\nBut what we really want is to be able to use proper semver ranges (see also this handy semver calculator), that way we can leverage the power of semver.\n\nConveniently, npm allows you to specify a semver range instead of a hash!\n\nThe magic syntax is to use `semver:$RANGE` instead of a commit hash. For example, if you wanted to specify _at least_ version 1.0.3 but use the latest 1.x.y whenever available:\n\n\n    npm install --save git+ssh://git@bitbucket.org/saibotsivad/demo-npm-git-semver.git#semver:^1.0.3\n\nIn that demo repository, the highest 1.x version that I created is 1.1.3, so that’s what will be installed:\n\n\n    const demo = require('demo-npm-git-semver')\n    console.log(demo()) // => 1.1.3\n\nThat’s all!",
  "title": "Using semver ranges for git hosted npm modules",
  "updatedAt": "2018-10-04T00:00:00.000Z"
}