New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removing typings for previously existing libraries breaks compilation of dependent packages #62793
Comments
If anyone looks for a workaround: pinning a specific version: |
* fix: error TS2688: Cannot find type definition file for keyv DefinitelyTyped/DefinitelyTyped#62793 (comment) * Update package.json
This indeed causes issues. For example electron/rebuild#1037 and electron-userland/electron-builder#7211 (the same thing reported to two packages) Combining wildcard version dependenices (depending on The way I see it this repository did two things wrong that caused this:
Proposed fixCurrently there are "fixes" proposed, where programs that only has
Extra note: No need to keep the code around in this repo just because it's left published on npm. That's what git is for. |
@faern 100% agree. I only proposed a workaround earlier, but this certainly needs a proper fix from DefinitelyTyped team by producing some changes to publishing infrastructure (for example, disallowing I initially missed the But because of I'll update the issue comment to include all of these points. |
sorry just catching up on this. i do believe all the above, but im confused since cacheable-request didn't have a package.json. you can see that in #62102. even way back to the original #32682, there's no dependencies specified. im gonna guess that DT does some magic in these cases where there are implicit dependencies (i.e. the fact it imports from keyv but doesn't declare it explicitly), and that magic will add solutionreverting the keyv removal is not the right thing to do here. if anything, we should:
have opened #63097 |
@faern i added all of the points into the original issue. It seems from the number of linked issues that this is a pretty widespread breakage. It's also really not limited to one package. I linked a similar issue to this one - #62111 (there might be more that's harder to find? I'll investigate later). And @43081j's fix, while helping with the current problem, will do nothing to fix the underlying issue. Maybe someone knows who of the DT maintainers can help with mitigating the root problem and avoiding the breakages in the future? I'm not really familiar with local infrastructure, so i wouldn't know who to tag. Also, i removed a reference to the specific package (as i've now confirmed that there have been other breakages), and i mostly care about this being fixed for all of us (and not happening again), not fixing this particular problem for me (else i would've put this into discussions). |
every linked issue is caused by the same thing, but you are right they're not entirely cacheable-request (one is about responselike). responselike was originally removed but then reverted because this same problem occurred. a package depended on it implicitly, so had
the overall issue is one of process/reviewing i think: if we remove a package from DT, and there are any dependents which are implict (so they specify i feel like there's not much we can do about that, though. maybe one of:
|
What's the rationale behind publishing stub packages in the first place? They are by definition semver breaking 😢 and can cause issues like this. I don't see any upside of it.
This seems like a pretty crazy system as it effectively says any version at all will work. Effectively locking the dependency from ever doing a major release with a breaking API. Both practices lead to breakages down the line. The publishing of stub packages are just a faster way to get there.
It's definitely a process issue. But not a review issue. If you stopped publishing "removals" of packages this would not happen.
This is good, if you do it with caret notation. Say the latest version of the dependency is I'm new to npm, but coming from crates.io this seems extremely dangerous. There you are 1) not allowed to publish packages with |
The initial issue suspected the stub package was a patch version, it wasn't. It gets published as the version of the source package which first ships types (which you'd hope is at least a minor bump if the source maintainers are following semver, usually its actually major). You could argue this should always be a major bump rather than hoping the source package gets it right. DT publishes a stub package so we're able to mark it as deprecated i think.
yes i agree, the one thing to come out of this IMO should be that dependencies must be explicit. Or if thats too drastic, infer the latest version and use that as a range (with |
i did a quick script to check for type definitions with implicit dependencies, there's a lot... so not too sure what the solution is there. if we had a rule of "all dependencies must be explicit", we'd have a huge task ahead it seems. e.g. take a random one, |
@43081j - my proposal was to bring back the current We will then take the project and move to a breaking change as of |
The keyv types were never the problem (or removal of them). cacheable-request was the culprit. It was removed some time ago and had an implicit wildcard dependency. I'm reintroducing that in a pr here so I can add an explicit dependency, then I'll remove it again. At that point everything for that particular case will be fine and resolved. However this is a wider issue now so still needs discussion. @jaredwray if there's still some concerns would you mind discussing with me in #63097 so we can keep this one about the general problem? |
But why remove the code? It can be a patch release with just the metadata changed to deprecated. |
not something i know. i can only guess its because the DT maintainers want to publish a readme to explain why it has been deprecated at least. @sandersn or @andrewbranch will know in case either of you take a look at this, think the summary is:
edit: @faern i kinda get it. the stub DT package actually specifies the source package as a dependency. with the intention of pulling that in if you install the types package i imagine. |
I tried reading through the issue and there is too much for me to understand here. Can you help me get started by answering a few questions:
The reason I ask is that The reason that the stubs work the way that they do is that
|
Only cacheable request was broken. Nothing else really broke since everything else had a sensible dependency semver range. I think the tldr of what happened is this:
This meant that people still using the old (since removed) cacheable request types would pull down the new stub package of keyv's types in some situations (not sure exactly which). Because the version constraint on it was Their old code would be using the old keyv which doesn't ship types. So it would break because of this Also sorry the issue has been difficult to follow. Didn't help that two issues were going on at once until recently in here. |
Yep, matches the sequence I found when investigating this error with the @types/pino packages.
|
😭 I too am responsible for removing those but couldn't have really known about the wildcard dependencies since they weren't in DT. We can fix it @RyanThomas73 just the same, by republishing pino's types with explicit dependencies then removing it. But yeah this has happened twice now so would be good to come up with a solution to avoid it in future. Requiring explicit dependencies makes sense to me but would be a huge change |
#62741 removed typings for
@types/keyv
library, replacing them with a readme file that suggests not using this package. This was released as a minor version, due to how automatics behind figuring out a new version work as of right now.This causes errors like "Cannot find type definition type for keyv" in compilation for packages that are dependent on @types/keyv -
That is to the issue in typescript - microsoft/TypeScript#27956, which basically requires a
@types
package having index.d.ts to not break compilation.Removing this library altogether would be good, but not possible due to it being the transitive dependency for my package.
IMO, this change breaks semver and such updates should be released as major version in the future.
The other part of the problem is
@types/cacheable-request
package, that had (before it was also removed from this repo)"@types/keyv": "*"
in dependencies.It means that:
*
matches any major version)@types/keyv
implementation changed and a major version was released. No package can realistically guarantee backwards compatibility for all future versions up to infinity. That's what semver is for.Proposed short-term fix:
@types/cacheable-request
as a patch version, with correct dependencies -"@types/keyv": "^3.0.0"
and some specific major versions in place of other wildcards.Proposed long-term fix - do either one or both of these:
*
in dependencies of@types
packages, and always publish the "removed" package as a major versionSimiliar issues (caused by the same root problem):
The text was updated successfully, but these errors were encountered: