-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The module duplication check is insufficient #1692
Comments
AFAIK npm/yarn might work as you mentioned above and they can install e.g. two versions of the engine and only one version of
With webpack, we could do it without an impact on the size of the final bundle. |
Note to self - this should work for 3rd party plugin deps too. |
Moreover, with the webpack-based checking, we should be able to distinguish the reason why the packages are duplicated: Scenario 1: Scenario 2: Scenario 3: What we can't check is: Adding two different builds on the same site. But actually we could allow adding many builds on the same page at some point as with the above check we can get rid of the runtime duplication check (?). The large benefit I see here is that in each scenario we can provide very detailed information about how to get rid of the issue since we'll know the whole user's environment and the bug category. TBH we can even collect simple anonymous data like a Maybe we should increase the priority of this issue? |
There has been no activity on this issue for the past year. We've marked it as stale and will close it in 30 days. We understand it may be relevant, so if you're interested in the solution, leave a comment or reaction under this issue. |
We've closed your issue due to inactivity over the last year. We understand that the issue may still be relevant. If so, feel free to open a new one (and link this issue to it). |
There's a case which the current check won't catch.
Background: the current check relies on a single
ckeditor5-utils/src/version
module which registers itself in the global scope and, if there's a duplicated version of this package (happens when adding plugins to an existing build or having completely missmatched versions of dependencies leading to duplicated packages innode_modules
). Thanks to that, it's able to tell that it's been loaded second time and we're able to warn the developer about this situation.However, it's not going to catch situations with conflicting versions of dependencies, but in a way which doesn't lead to a duplication of the
ckeditor5-utils
package. E.g.If your setup requires
ckeditor5-foo
andckeditor5-bar
npm/yarn will (I think) install:ckeditor5-foo@1.0.0
ckeditor5-bar@1.0.0
ckeditor5-engine@12.0.0
ckeditor5-engine@13.0.0
ckeditor5-utils@11.0.1
So, there's no duplication of
ckeditor5-utils
because two versions of the engine are happy with its never version.I'm not 100% sure that npm/yarn will be able to figure out that this is the minimal installation setup, but it's entirely possible that they do or will do that.
Therefore, a separate check, unfortunately, would need to be included in every package that we want to secure. Every plugin and many engine/UI's base modules.
However, the second option is to check this in our webpack plugin. In fact, we planned that the runtime error will be just one of the verification mechanisms. The other was supposed to warn developers even earlier, when running webpack. At that stage, it's completely possible to tell that there are two versions of the engine used.
The text was updated successfully, but these errors were encountered: