-
-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unmet peer deps prevent building an SBOM #81
Comments
I am thinking of a cli switch to suppress/ignore errors from Therefore it might help to have your use case as a reproducible example somehow. |
The repo i've been using is private but I created a minimal example at https://github.com/alexthemark/example-unmet-peer-dep. If you clone that, run npm install, and run
|
Adding to the above, when I run
|
tried to install https://github.com/alexthemark/example-unmet-peer-dep got an error straight away Click to expand the error mesagenpm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve npm ERR! npm ERR! While resolving: react-dom@17.0.2 npm ERR! Found: react@18.2.0 npm ERR! node_modules/react npm ERR! react@"^18.2.0" from the root project npm ERR! peer react@">= 16.8.0" from @aws-amplify/ui-react@3.4.1 npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! 14 more (@aws-amplify/ui-react-v1, @radix-ui/react-presence, ...) npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer react@"17.0.2" from react-dom@17.0.2 npm ERR! node_modules/react-dom npm ERR! peer react-dom@">= 16.8.0" from @aws-amplify/ui-react@3.4.1 npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! peer react-dom@"^16.8 || ^17.0" from @radix-ui/react-dropdown-menu@0.1.6 npm ERR! node_modules/@aws-amplify/ui-react/node_modules/@radix-ui/react-dropdown-menu npm ERR! @radix-ui/react-dropdown-menu@"0.1.6" from @aws-amplify/ui-react@3.4.1 npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! 3 more (@radix-ui/react-menu, @radix-ui/react-portal, @aws-amplify/ui-react-v1) npm ERR! npm ERR! Conflicting peer dependency: react@17.0.2 npm ERR! node_modules/react npm ERR! peer react@"17.0.2" from react-dom@17.0.2 npm ERR! node_modules/react-dom npm ERR! peer react-dom@">= 16.8.0" from @aws-amplify/ui-react@3.4.1 npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! peer react-dom@"^16.8 || ^17.0" from @radix-ui/react-dropdown-menu@0.1.6 npm ERR! node_modules/@aws-amplify/ui-react/node_modules/@radix-ui/react-dropdown-menu npm ERR! @radix-ui/react-dropdown-menu@"0.1.6" from @aws-amplify/ui-react@3.4.1 npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! 3 more (@radix-ui/react-menu, @radix-ui/react-portal, @aws-amplify/ui-react-v1) npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force, or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! See /.../.npm/eresolve-report.txt for a full report. install via this means, that possibley a switch ala |
Yep -- that would be perfect. Obviously I wish that I didn't have unmet peer deps and |
I'm happy to contribute that flag, or wait for a fix. |
I am already on it :) |
Thank you!! My repository is now successfully building its sbom! |
Hi -- loving the Typescript rewrite here. I'm having some pretty good results running this on my monorepo, and gathering all the package data together.
However, the build is failing due to an unmet peer dependency.
npm ls
causes this failure per npm/npm#17624 and https://github.com/CycloneDX/cyclonedx-node-npm/blob/1.0-dev/src/builders.ts#L141-L150.I'm not worried about this unmet peer dependency -- I know it's just a silly library that hasn't updated its peer deps to say it supports React 18. But it causes me to be unable to generate an SBOM here. If I remove the error throwing from your package, I believe I still get an accurate SBOM, since it uses the deduped dependencies.
Is this desired behavior? Or could this be a warn in the build instead of an error that prevents building an SBOM?
The text was updated successfully, but these errors were encountered: