Read-package-json is a crucial npm package designed for reliably parsing package.json files, offering semantic understanding, default values, and validation, effectively streamlining package management. Examining versions 2.0.1 and 2.0.0 reveals subtle but important distinctions for developers.
The most significant change lies in the dependency management of graceful-fs. Version 2.0.0 accepted either version 2 or 3 of graceful-fs using the "2 || 3" syntax, offering broader compatibility. However, version 2.0.1 explicitly mandates graceful-fs version "^4.1.2". This move suggests a dependency update to leverage features or bug fixes present in the newer version 4. A developer migrating would need to ensure their project is compatible with graceful-fs ^4.1.2.
Another difference is in the devDependencies: version 2.0.0 used "tap": "^0.7.1" while 2.0.1 uses "tap": "^1.2.0". This indicates a possible update of the testing suite.
For developers using read-package-json, these updates mean a higher confidence in file system operations (via the updated graceful-fs) and better testing. However, the explicit graceful-fs dependency demands verifying compatibility within your existing project. Consider, whether the bug fixes or the new features provided by newer versions of 'tap' and 'graceful-fs' are relevant for you when deciding for upgrading from 2.0.0 to 2.0.1.
The are not vulnerabilities for the version 2.0.1 of the package read-package-json
