jQuery dep has problematic version in package.json

[jalooc]

This notation: "dependencies": { "jquery": ">=1.8" }, accepts also breaking versions (like 2.x, 3.x etc.), so it breaks semver security. It also creates problems when installing with yarn a package which has jquery.scrollTo as a dep:

$ yarn install --flat
yarn install v0.27.5
[1/4] Resolving packages...
info Unable to find a suitable version for "jquery", please choose one by typing one of the numbers below:
  1) "jquery@^2.2.2" which resolved to "2.2.4"
  2) "jquery@>=1.8" which resolved to "3.2.1"

geniuscarrier/webpack-boilerplate#7

[flesler]

What do you mean by breaking versions? They break scrollTo or the fact that the major version changed?

[jalooc]

The second one, that it will install potentially breaking versions.

[flesler]

Would moving it to a peerDependency solve the issue for you?

[jalooc]

Not really, the best solution is just to stick to minor version in package.json, like: "^2.2.2"

[flesler]

That would lock the plugin to only one major version at a time, which is incorrect and undesired

[jalooc]

Well, I think it is correct, because if some breaking change in major version is incompatible with your code, then you break all of you users code. But it's ofc up to you