Hacker News: xDmytri

Ask HN: Is it time to stop putting the version in package.json?

xDmytri — Sun, 05 Apr 2026 14:49:30 +0000

I made a tool called `hipp` to eliminate 'chore: version bump' commits for npm packages, and I included simple content integrity as a bonus.

The idea is to keep the package.json version at 0.0.0, tag your release in git (e.g., v1.2.3), and publish.

HIPP rewrites the version on the fly and appends a signed manifest to the README with a disposable key.

Is there something I haven't thought of that makes this a bad idea? It simplifies my workflow and also provides a way to prove that what's in npm is the same as what's in git for that version. It also ensures that the person who published to npm is the same as the person who made the commit tied to that version.

No dependencies on anything other than git and npm.

TL;DR

git tag v1.0.0

git push origin main --tags

npx @dk/hipp

npx @dk/hipp verify

https://www.npmjs.com/package/@dk/hipp

Comments URL: https://news.ycombinator.com/item?id=47650019

Points: 1

# Comments: 0

New comment by xDmytri in "No More Free Work from Marak: Pay Me or Fork This"

xDmytri — Mon, 09 Nov 2020 22:35:39 +0000

For the most part the PPL is intended for consumer information commodities, this could be software, but not captial information comodities like server software or programming languages, but rather books, movies, video games, end-user consumer desktop top software, etc.

For capital information goods I recommend the GPL, or even BSD style licenses depending on what it is and who is making it and what their plan is.

New comment by xDmytri in "No More Free Work from Marak: Pay Me or Fork This"

xDmytri — Mon, 09 Nov 2020 13:51:17 +0000

Hey, original author of the Peer Production license here.

AMA

New comment by xDmytri in "Continuous Everything as Code"

xDmytri — Fri, 29 May 2020 15:04:07 +0000

Hey, I'm the author, I like romantic poetry and long walks on the beach, if you have any questions or a list of demands, let me know.