#846)

## Summary

The BNF grammar in `README.md` and `range.bnf` incorrectly defined `pre`
and `build` as identical rules (`parts`), but they have different
requirements per the [SemVer 2.0.0
specification](https://semver.org/#spec-item-9):

- **Prerelease identifiers**: Numeric parts must not have leading zeros
- **Build metadata**: Allows any alphanumeric string including leading
zeros

### Current behavior (correctly implemented, but BNF was wrong)

```js
semver.valid('1.2.3-00')  // null (invalid - prerelease numeric with leading zero)
semver.valid('1.2.3+00')  // '1.2.3' (valid - build metadata allows any alphanumeric)
semver.valid('1.2.3-0')   // '1.2.3-0' (valid - single zero is fine)
```

### Changes

Updates the BNF grammar to distinguish between:
- `prepart` - uses `nr` (no leading zeros) or `alphanumid` (alphanumeric
identifier)
- `buildid` - any alphanumeric string including leading zeros

Also adds an explanatory note after the BNF block to clarify the
distinction.

Fixes #665

## Test plan

- [x] Verified the implementation behavior matches the updated BNF
- [x] Confirmed alignment with [SemVer 2.0.0 spec item
9](https://semver.org/#spec-item-9)

Co-authored-by: Claude Opus 4.6 <[email protected]>

Bumps [@npmcli/template-oss](https://github.com/npm/template-oss) from
4.29.0 to 4.30.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/template-oss/releases"><code>@​npmcli/template-oss</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v4.30.0</h2>
<h2><a
href="https://github.com/npm/template-oss/compare/v4.29.0...v4.30.0">4.30.0</a>
(2026-03-19)</h2>
<h3>Features</h3>
<ul>
<li><a
href="https://github.com/npm/template-oss/commit/6bc2bc00ae7b481fcdadfff6e7178e2e294211d3"><code>6bc2bc0</code></a>
<a href="https://redirect.github.com/npm/template-oss/pull/553">#553</a>
filters items out of the release process that aren't for backports (<a
href="https://redirect.github.com/npm/template-oss/issues/553">#553</a>)
(<a
href="https://github.com/owlstronaut"><code>@​owlstronaut</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/template-oss/blob/main/CHANGELOG.md"><code>@​npmcli/template-oss</code>'s
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/template-oss/compare/v4.29.0...v4.30.0">4.30.0</a>
(2026-03-19)</h2>
<h3>Features</h3>
<ul>
<li><a
href="https://github.com/npm/template-oss/commit/6bc2bc00ae7b481fcdadfff6e7178e2e294211d3"><code>6bc2bc0</code></a>
<a href="https://redirect.github.com/npm/template-oss/pull/553">#553</a>
filters items out of the release process that aren't for backports (<a
href="https://redirect.github.com/npm/template-oss/issues/553">#553</a>)
(<a
href="https://github.com/owlstronaut"><code>@​owlstronaut</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/npm/template-oss/commit/afcb3c135cf9fd170aca4d9f1d5ea2a1d418581b"><code>afcb3c1</code></a>
chore: release 4.30.0 (<a
href="https://redirect.github.com/npm/template-oss/issues/554">#554</a>)</li>
<li><a
href="https://github.com/npm/template-oss/commit/6bc2bc00ae7b481fcdadfff6e7178e2e294211d3"><code>6bc2bc0</code></a>
feat: filters items out of the release process that aren't for backports
(<a
href="https://redirect.github.com/npm/template-oss/issues/553">#553</a>)</li>
<li>See full diff in <a
href="https://github.com/npm/template-oss/compare/v4.29.0...v4.30.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@npmcli/template-oss&package-manager=npm_and_yarn&previous-version=4.29.0&new-version=4.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: npm CLI robot <[email protected]>

Fixed typographical errors across documentation markdown files using
codespell.

<!-- What / Why -->
This PR adds a `truncate` function to allow for portions of a version
string "below" a certain level to be dropped.

<!-- Describe the request in detail. What it does and why it's being
changed. -->
The `truncate` function, as implemented in this first pass at a PR,
returns a new valid version string. The function:

1. Always removes `build` information
2. Removes pre-release information, unless a pre-release type is passed
as the `truncation`
3. Zeroes out "lower" components of the semantic version (e.g. if the
`truncation` performed is `major`, both `minor` and `patch` are zeroed)

An alternative I considered was returning strings without the valid
version guarantee; for example, `truncate('1.2.3', 'minor') === '1.2')`
instead of `1.2.0`. This is not what was specified by @isaacs in #48,
however, and seemed to be out of place for the rest of the library.

As a result, I also considered naming the function differently. One
option I considered was `floor`, which seemed conceptually correct for
`major`, `minor`, and `patch`. For `truncation = 'pre*'` however, this
did not feel right, as `truncate('1.2.3-rc1+build', 'prerelease') ===
'1.2.3-rc1'`, but since a) build metadata [_"...MUST be ignored when
determining version precedence..."_](https://semver.org/#spec-item-10),
and b) there could be a `1.2.3-rc0` that is closer to the "floor", the
name didn't seem right for that use case.

Lastly, I considered disallowing the `pre*` versions for the
`truncation` argument, and only allowing `major`, `minor`, and `patch`.
This, paired with the `floor` naming, was the most attractive
alternative to me.

## References
Related to #48

---------

Co-authored-by: Michael Smith <[email protected]>

🤖 I have created a release *beep* *boop*
---


## [7.8.0](v7.7.4...v7.8.0)
(2026-05-08)
### Features
*
[`0d0a0a2`](0d0a0a2)
[#855](#855) Add `truncate`
function (#855) (@pjohnmeyer, @owlstronaut)
### Bug Fixes
*
[`3905343`](3905343)
[#859](#859) Warn when defaulting
to --inc=patch in CLI (@pjohnmeyer)
### Documentation
*
[`c368af6`](c368af6)
[#853](#853) fix typos in
documentation (#853) (@ankitkumar572005)
*
[`37776c3`](37776c3)
[#846](#846) fix BNF grammar to
distinguish prerelease from build identifiers (#846) (@abhu85, @claude)
### Chores
*
[`9542e09`](9542e09)
[#860](#860) template-oss-apply
(@owlstronaut)
*
[`937bc2c`](937bc2c)
[#860](#860)
`[email protected]` (@owlstronaut)
*
[`6946fef`](6946fef)
[#852](#852) bump
@npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@dependabot[bot],
@npm-cli-bot)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>