Reproduces a false-positive in vp migrate where husky v9 is rejected when its version is declared as "latest" in package.json.
vp migrate reads the husky version from package.json devDependencies and uses semver.coerce() to parse it. When the value is a dist-tag like "latest", semver.coerce("latest") returns null, which falls back to "0.0.0" and incorrectly satisfies < 9.0.0.
// migrator.js
return semver.satisfies(semver.coerce(huskyVersion) ?? '0.0.0', '<9.0.0');
// ^^^^^^^
// "latest" coerces to null, falls back to 0.0.0The same false-positive applies to any non-semver version string: "next", "canary", "*", etc.
- Clone this repo
- Run
vp migrate - See:
Detected husky <9.0.0 — please upgrade to husky v9+ first, then re-run migration.
vp migrate should proceed. When the declared version is a dist-tag or otherwise uncoerceable, the check should either resolve the actual installed version from node_modules or treat the version as indeterminate and skip the block.
Pin the version explicitly in package.json:
"husky": "^9.1.7"semver.coerce("^9.1.7") returns 9.1.7, which correctly fails the < 9.0.0 check.