node_runtime: Respect npm release-age filters for managed npm installs (#56957) (cherry-pick to stable)#57439
Merged
Merged
Conversation
#56957) Zed-managed npm installers were resolving a concrete latest version with `npm info` and then installing `package@version`. That is brittle when users configure npm release-age filtering via `before` or `min-release-age`: npm's installer applies those rules during resolution, but our pinned install target could disagree with it, and therefore fail to install. This changes managed npm installs to install `package@latest` and let npm apply its own resolver and user config. The local latest-version lookup remains as a best-effort cache freshness check, not as the exact install target. Exact extension API installs remain unchanged because extensions explicitly request a package and version. If we want to revisit that we can. Self-Review Checklist: - [x] I've reviewed my own diff for quality, security, and reliability - [x] Unsafe blocks (if any) have justifying comments - [x] The content is consistent with the [UI/UX checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist) - [x] Tests cover the new/changed behavior - [x] Performance impact has been considered and is acceptable Closes #53611 Release Notes: - Fixed npm-backed tool installs to better respect npm release-age filters.
This was referenced May 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry-pick of #56957 to stable
Zed-managed npm installers were resolving a concrete latest version with
npm infoand then installingpackage@version. That is brittle whenusers
configure npm release-age filtering via
beforeormin-release-age:npm's
installer applies those rules during resolution, but our pinned install
target
could disagree with it, and therefore fail to install.
This changes managed npm installs to install
package@latestand letnpm apply
its own resolver and user config. The local latest-version lookup
remains as a
best-effort cache freshness check, not as the exact install target.
Exact extension API installs remain unchanged because extensions
explicitly
request a package and version. If we want to revisit that we can.
Self-Review Checklist:
checklist
Closes #53611
Release Notes:
filters.