Semver (http://semver.org/) is only a promise. And this is the nerdy showcase. :)

index.coffee

maybe = ->
  console.log 'Maybe?'

require('./semver-is-a-promise')(require('./package.json')).then(maybe)

package.json

{
  "name": "semver-is-a-promise",
  "version": "1.0.0",
  "main": "index.js",
  "author": "[email protected]",
  "license": "MIT",
  "dependencies": {
    "q": "~1.0.0",
    "bower": "~1.2.8",
    "colors": "~0.6.2"
  }
}

semver-is-a-promise.coffee

FS = require 'fs'
Q = require 'q'
util = require 'util'
require 'colors'

readFile = Q.denodeify FS.readFile

loadPackageJson = (root, name) ->
  name += '/' if name
  return readFile("#{root}/#{name}package.json").then(JSON.parse)

trustRelease = (name, version, versionSpec) ->
  deferred = Q.defer()
  # To be or not to be...
  if version is versionSpec or "~#{version}" is versionSpec # allow be ~1.0.0 === 1.0.0
    deferred.resolve 'Yes you can!'.green
  else
    deferred.resolve "Maybe? '#{versionSpec}' != '#{version}'".red
  return deferred.promise

trustPackage = (root, name = '', versionSpec) ->
  root += '/node_modules' if name
  loadPackageJson(root, name).then (packageJson) ->
    promises = []
    if versionSpec
      releasePromise = trustRelease name, packageJson.version, versionSpec
      promises.push releasePromise
      releasePromise.then (result) ->
        console.log "Trust module '#{name}'? #{result}"
    if packageJson.dependencies
      for own dependencyName, dependencyVersionSpec of packageJson.dependencies
        promises.push trustPackage "#{root}/#{name}", dependencyName, dependencyVersionSpec
    return Q.all promises

# Returning a promise resolving if you can the package
module.exports = ->
  trustPackage "."