From 387fa418c98f5e8b196c87a2e611d60f2ee418f1 Mon Sep 17 00:00:00 2001 From: GDS K S Date: Wed, 6 May 2026 21:33:51 -0500 Subject: [PATCH] fix(npm): read version from package.json instead of hard-coding The release workflow runs 'npm version $tag' to bump package.json from the git tag, but install.js had its own hard-coded VERSION = '0.3.0' constant that nothing was updating. So at release time the package metadata says (e.g.) 0.4.0 while the postinstall still downloads the 0.3.0 binary archive, silently shipping an older binary to anyone running 'npm install -g stacklit'. Reading the version from ./package.json makes that release-time bump the single source of truth. No new dependency, no extra release step, and the version stays correct for pre-releases ('0.4.0-beta.1' style) since goreleaser uses the same scheme for its archive names. --- npm/install.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/npm/install.js b/npm/install.js index db849ad..74a284e 100644 --- a/npm/install.js +++ b/npm/install.js @@ -4,7 +4,11 @@ const path = require('path'); const https = require('https'); const { execFileSync } = require('child_process'); -const VERSION = '0.3.0'; +// Read the version from package.json so the npm publish workflow's +// `npm version ` bump is the single source of truth. Previously this was +// a hard-coded constant that drifted from package.json on every release, +// causing the postinstall to pull an outdated binary archive. +const VERSION = require('./package.json').version; const REPO = 'glincker/stacklit'; const PLATFORM_MAP = {