[BUG] npm outdated should not include packages where the current version == wanted

[glen-84]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

When running npm outdated, I see multiple packages where the current version is exactly equal to the wanted version, and where both are greater than the latest version.

These are often pre-releases or releases that have not been tagged as the latest, but I can't think of any reason why someone would be interested in seeing this information, when they've obviously made a conscious decision to install a later version.

Example output:

Package                   Current         Wanted  Latest  Location                         Depended by
sass                      1.32.12         1.34.1  1.34.1  node_modules/sass                client@
vue                         3.1.1          3.1.1  2.6.14  node_modules/vue                 client@
vue-loader                 16.2.0         16.2.0  15.9.7  node_modules/vue-loader          client@
vue-meta            3.0.0-alpha.9  3.0.0-alpha.9   2.4.0  node_modules/vue-meta            client@
vue-router                  4.0.8          4.0.8   3.5.1  node_modules/vue-router          client@
vuetify             3.0.0-alpha.5  3.0.0-alpha.5   2.5.3  node_modules/vuetify             client@
vuex                        4.0.1          4.0.1   3.6.2  node_modules/vuex                client@
webpack-dev-server   4.0.0-beta.3   4.0.0-beta.3  3.11.2  node_modules/webpack-dev-server  client@

Only the first item in this list is useful. The rest are already up-to-date.

Expected Behavior

I expected to only see the first item in the above list. The other items are useless noise.

Steps To Reproduce

1. Install some pre-release packages, or packages not tagged as latest.
2. Run npm outdated
3. Observe these packages being listed, even though they're already up-to-date.

Environment

• OS: Windows 10
• Node: 14.17.0
• npm: 7.17.0

[ljharb]

In the vue-meta case, v2.4.1 or v2.5.0 might come out, and you’d want npm outdated to notify you of that.

[glen-84]

Why? You've already made the decision to use the next major version. Why would you care if a patch/minor in the previous major was released?

[ljharb]

In case the featured bugfix you need in the prerelease lands in the latest line, and you’d rather be in that than on a prerelease.

[glen-84]

You can't just jump between major releases like that. In my case, I chose these versions for compatibility with Vue.js 3. It's highly unlikely that a bugfix is going to motivate me to roll back to a previous major version, with all the associated changes required. Also, such important bug fixes would either not apply to the next major, or would usually be ported there.

The command is named outdated, and 3.0.0-alpha.9 is simply not outdated, it's just not tagged as latest. I think that it should be based on the version numbers, and not the tags.

It's really awkward checking for updates when you have to ignore all of these packages.

[ljharb]

It’s true the command name is inappropriate, since dates and recency have nothing to do with semver ranges.

[ljharb]

Either way, I’d say this sort of change would warrant an RFC to discuss it.

[wraithgar]

This PR started to attempt to solve that problem, but we realized we probably want a little more discussion to be sure we're solving it in the right way:

#3397

[wraithgar]

Closing in favor of #3397 which has already been discussed at least twice in RFC calls to determine how to best solve this.