Discovered during: local-tarball validation of PR #1200 (combined state-backend fixes).
Symptom: Installing the squad-cli tarball with npm install -g <cli.tgz> fails with:
npm error code ETARGET
npm error notarget No matching version found for @bradygaster/squad-sdk@>=0.9.6-preview
Root cause: The squad-cli tarball declares ""@bradygaster/squad-sdk"": "">=0.9.6-preview"" as a dependency, but no such version is published on npm. Per npm semver pre-release ordering, insider < preview, so the published 0.9.6-insider.3 does NOT satisfy the range. End users cannot install the tarball through any documented path.
Real fixes (both desirable):
- Extend the release script to publish both
@bradygaster/squad-sdk and @bradygaster/squad-cli atomically so the dependency range always resolves.
- Optionally pin the SDK dependency in the CLI's
package.json to an actually-published version when packing (or widen the range to >=0.9.6-insider.3 || >=0.9.6-preview).
Workaround for validation only: pack the SDK from the source workspace and install both side-by-side: npm install -g <sdk.tgz> <cli.tgz>. This is what iteration 3 of PR #1200 validation uses.
Related: #1098 (SDK pin during publish).
Severity: Blocks any external tarball-based smoke test of insider/preview cuts. Tagged bug because the released artifact is effectively uninstallable.
Discovered during: local-tarball validation of PR #1200 (combined state-backend fixes).
Symptom: Installing the squad-cli tarball with
npm install -g <cli.tgz>fails with:Root cause: The squad-cli tarball declares
""@bradygaster/squad-sdk"": "">=0.9.6-preview""as a dependency, but no such version is published on npm. Per npm semver pre-release ordering,insider<preview, so the published0.9.6-insider.3does NOT satisfy the range. End users cannot install the tarball through any documented path.Real fixes (both desirable):
@bradygaster/squad-sdkand@bradygaster/squad-cliatomically so the dependency range always resolves.package.jsonto an actually-published version when packing (or widen the range to>=0.9.6-insider.3 || >=0.9.6-preview).Workaround for validation only: pack the SDK from the source workspace and install both side-by-side:
npm install -g <sdk.tgz> <cli.tgz>. This is what iteration 3 of PR #1200 validation uses.Related: #1098 (SDK pin during publish).
Severity: Blocks any external tarball-based smoke test of insider/preview cuts. Tagged
bugbecause the released artifact is effectively uninstallable.