Overrides not checked with pnpm

[TxHawks]

Description

In a pnpm monorepo, I have a pnpm.overrieds field in the root package.json in order to override a an indirect dependency (a dependency of a dependency).

And then, in the same package.json devDependencies field or in one of the workspaces, is have an explicit dependency on eslint@^7.0.0.

// package.json
{
  // ...
  "devDependencies": {
    "eslint": "^7.0.0"
  },
  "pnpm:" {
    "overrides": {
      "eslint": "^8.16.0"
    }
  }
}

When I run syncpack list-mismatches, this discrepancy to be reported, but it isn't, even if I specifically add the --overrides flag.

A minimal reproduction repo is available here: https://github.com/TxHawks/syncpack-overrides-repro

Suggested Solution

Since overrides are mostly used to deal with indirect dependencies, where you have no direct control over the content of the package.json files, I'd expect list-mismatches to report this discrepancy like any other version mismatch.

Help Needed

If this is indeed a bug, I'd be happy to take a stab at this, and would appreciate pointers for where in the code to start looking at and maybe hash out the best way to do this.

[JamieMason]

Thanks for posting. I thought overrides was at .overrides and not .pnpm.overrides, if that's not the case then this is what will be wrong in syncpack.

[TxHawks]

Thanks for the quick reply. Overrides is indeed under pnpm. See here: https://pnpm.io/package_json#pnpmoverrides

[TxHawks]

Do you want me to submit a pull request? If yes, can you point me to where in the code you handle this?

[JamieMason]

Thanks @TxHawks I'm taking a look now.

[JamieMason]

I thought this would be an easy fix but now I've done it (6493a63) I realise the existing overrides property work matches the location npm uses for the same feature (https://github.com/npm/rfcs/blob/main/accepted/0036-overrides.md) even though the work in syncpack was actually intended for pnpm.

We have 2 overrides properties with the same name in different locations for different package managers. I'll need to think a while what to do, it seems like a breaking change might be needed to make "overrides" apply to pnpm, yarn, and npm overrides/resolutions together but there could be negative consequences of that – or add yet another option which applies only to pnpm overrides.

[TxHawks]

Since it's another package manager a different property location, it makes sense to me that it would be another option. --pnpm-overrides seems right, since it both makes the intention clear and mirrors the actual property structure

[JamieMason]

Thanks yeah I'd been leaning the same way.

[JamieMason]

Released in 8.0.0, let me know if you have any problems

[TxHawks]

Thanks!