Ask HN: Is it time to stop putting the version in package.json?
1 comments
The intersection of music and web dev is fun. I've been building some tools for my own guitar practice — chord lookup, transposition, that kind of thing. The Web Audio API is surprisingly capable if you want to get into synthesis.
The idea is to keep the package.json version at 0.0.0, tag your release in git (e.g., v1.2.3), and publish.
HIPP rewrites the version on the fly and appends a signed manifest to the README with a disposable key.
Is there something I haven't thought of that makes this a bad idea? It simplifies my workflow and also provides a way to prove that what's in npm is the same as what's in git for that version. It also ensures that the person who published to npm is the same as the person who made the commit tied to that version.
No dependencies on anything other than git and npm.
TL;DR
git tag v1.0.0
git push origin main --tags
npx @dk/hipp
npx @dk/hipp verify
https://www.npmjs.com/package/@dk/hipp