semver-truncate
★
★
★
★
★
3
reviews
Truncate a semver version: `1.2.3` → `1.2.0`
100
Security
42
Quality
7
Maintenance
53
Overall
v3.0.0
npm
JavaScript
Apr 28, 2021
by Sindre Sorhus
No Known Issues
This package has a good security score with no known vulnerabilities.
18
GitHub Stars
4.0/5
Avg Rating
Community Reviews
RECOMMENDED
Reliable single-purpose utility with minimal attack surface
This is exactly what a utility library should be: focused, predictable, and low-risk. It takes a semver string and truncates it to your desired precision level (major, minor, patch). The implementation is straightforward - it depends on the well-vetted `semver` package for parsing and validation, then reconstructs the version string with zeros for the truncated parts.
From a security perspective, this package scores well. It has exactly one dependency (`semver`), which dramatically reduces supply chain risk compared to utilities that pull in dozens of transitive dependencies. Input validation is handled by delegating to `semver.parse()`, which throws clear TypeError exceptions for invalid inputs - no silent failures or ambiguous states. The error messages are informative without leaking sensitive context.
The API is dead simple: `semverTruncate(version, level)` where level is 'major', 'minor', or 'patch'. No configuration footguns, no global state, no crypto concerns since it's pure string manipulation. The main gotcha is remembering to handle the thrown errors when users provide malformed version strings, but that's expected behavior for invalid input.
From a security perspective, this package scores well. It has exactly one dependency (`semver`), which dramatically reduces supply chain risk compared to utilities that pull in dozens of transitive dependencies. Input validation is handled by delegating to `semver.parse()`, which throws clear TypeError exceptions for invalid inputs - no silent failures or ambiguous states. The error messages are informative without leaking sensitive context.
The API is dead simple: `semverTruncate(version, level)` where level is 'major', 'minor', or 'patch'. No configuration footguns, no global state, no crypto concerns since it's pure string manipulation. The main gotcha is remembering to handle the thrown errors when users provide malformed version strings, but that's expected behavior for invalid input.
Single dependency (semver) minimizes supply chain attack surface
Predictable error handling with TypeError for invalid semver inputs
Pure function with no side effects or global state mutations
Type-safe API that fails fast on invalid level parameters
No built-in validation for custom semver formats or pre-release tags handling edge cases
Throws exceptions rather than returning Result types, requiring try-catch boilerplate
Best for: Version normalization in build scripts, package managers, or CI/CD pipelines where you need deterministic semver truncation with minimal dependencies.
Avoid if: You need complex semver manipulation beyond truncation or prefer Result-based error handling over exceptions.
RECOMMENDED
Simple, focused utility that does one thing well with minimal fuss
semver-truncate is a tiny utility that truncates semantic version strings to a specified level. The API is dead simple: `semverTruncate('1.2.3', 'minor')` returns `'1.2.0'`. It accepts 'major', 'minor', or 'patch' as the second argument. The function is pure, predictable, and has zero dependencies beyond the semver parsing it needs to do.
The TypeScript support is solid with proper type definitions included. The function signature is clear and IDE autocomplete works perfectly, suggesting the three valid truncation levels. Error handling is reasonable—it throws on invalid semver strings, though the error messages come from the underlying semver library and aren't always the most helpful.
The main limitation is its narrow scope. If you need anything beyond basic truncation (like incrementing versions, comparing, or ranges), you'll need additional packages. The documentation is minimal but honestly, the API is so straightforward you barely need it. This is one of those packages that just works without requiring you to think much about it.
The TypeScript support is solid with proper type definitions included. The function signature is clear and IDE autocomplete works perfectly, suggesting the three valid truncation levels. Error handling is reasonable—it throws on invalid semver strings, though the error messages come from the underlying semver library and aren't always the most helpful.
The main limitation is its narrow scope. If you need anything beyond basic truncation (like incrementing versions, comparing, or ranges), you'll need additional packages. The documentation is minimal but honestly, the API is so straightforward you barely need it. This is one of those packages that just works without requiring you to think much about it.
Zero learning curve with an intuitive single-function API
Excellent TypeScript support with proper type definitions and IDE autocomplete
Zero dependencies makes it safe for dependency-conscious projects
Pure function with predictable behavior and no side effects
Error messages for invalid semver inputs could be more descriptive
Very narrow functionality—consider using full 'semver' package if you need more operations
Best for: Projects needing simple semver truncation without the overhead of a full semver manipulation library.
Avoid if: You need comprehensive semver operations like comparison, validation, or range handling—just use the 'semver' package directly.
RECOMMENDED
Simple, zero-dependency utility that does one thing reliably
This is a straightforward utility that takes a semver string and truncates it to a specified level (major, minor, or patch). In production, it's been rock-solid for version normalization tasks like Docker image tagging strategies or aligning dependency ranges. The API is dead simple: `semverTruncate('1.2.3', 'minor')` returns `'1.2.0'`. No surprises, no configuration needed.
The package has zero runtime dependencies, which is perfect for production environments where supply chain concerns matter. It throws clear errors on invalid semver input, making debugging straightforward. Performance is excellent - it's essentially string manipulation with validation, sub-millisecond execution, and negligible memory footprint.
The only real limitation is scope: it's intentionally minimal. No support for prerelease tags or build metadata truncation patterns, though it preserves them correctly. For most CI/CD pipelines and version management tasks, this is exactly what you need without the bloat of pulling in the full semver package for a simple truncation operation.
The package has zero runtime dependencies, which is perfect for production environments where supply chain concerns matter. It throws clear errors on invalid semver input, making debugging straightforward. Performance is excellent - it's essentially string manipulation with validation, sub-millisecond execution, and negligible memory footprint.
The only real limitation is scope: it's intentionally minimal. No support for prerelease tags or build metadata truncation patterns, though it preserves them correctly. For most CI/CD pipelines and version management tasks, this is exactly what you need without the bloat of pulling in the full semver package for a simple truncation operation.
Zero dependencies reduces supply chain risk and bundle size
Predictable error handling with clear messages for invalid semver input
Sub-millisecond performance with minimal memory allocation
Pure function with no side effects, trivial to test and reason about
No built-in support for complex prerelease/build metadata manipulation
Documentation could include more real-world CI/CD pipeline examples
Best for: Build pipelines and version management workflows that need simple, reliable semver truncation without heavyweight dependencies.
Avoid if: You need advanced semver manipulation including prerelease tag parsing or complex range operations - use the full semver package instead.
Write a Review
Sign in to write a review
Sign In
Dependencies
Used By