Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There should be a version of --exact that doesn't apply to peerDependencies #1128

Closed
Dru89 opened this issue Nov 20, 2017 · 4 comments
Closed

There should be a version of --exact that doesn't apply to peerDependencies #1128

Dru89 opened this issue Nov 20, 2017 · 4 comments
Labels
stale

Comments

@Dru89
Copy link

Dru89 commented Nov 20, 2017

Expected Behavior

I should be able to update peerDependencies with version ranges, even if dependencies have exact versions. This would best support the "plugin" architecture that peerDependencies seems to mostly exist for.

Reading the documentation from npm:

Trying to install another plugin with a conflicting requirement will cause an error. For this reason, make sure your plugin requirement is as broad as possible, and not to lock it down to specific patch versions.

https://docs.npmjs.com/files/package.json#peerdependencies

Current Behavior

Currently, version pinning is done with the --exact flag, and that extends to dependencies, peerDependencies, and devDependencies:

lerna/src/commands/PublishCommand.js

Lines 579 to 582 in da3e30f

// update pkg dependencies
this.updatePackageDepsObject(pkg, "dependencies", exact);
this.updatePackageDepsObject(pkg, "devDependencies", exact);
this.updatePackageDepsObject(pkg, "peerDependencies", exact);

Possible Solution

I think --exact should continue to do what it already does, so we don't have any breaking changes. But we could introduce flags like --[no-]exact-dependencies, --[no-]exact-peer-dependencies, and --[no-]exact-dev-dependencies to turn on/off specific dependencies sections.

Context

We use lerna to build a "framework" for applications, including a base package and a few plugins. This means that every application depends on a few plugins and then the base package. But with --exact, what will happen is that the peerDependencies for updated dependencies are kept in lock-step.

This seems to be against npm's recommendations for peerDependencies, and could put us in a position where two plugins can't be used at the same time, because of a strict peer dependency on the base package.
@evocateur
Copy link
Member

In #1018 we've already agreed that lerna really shouldn't be touching peerDependencies at all, since changes to the peer range (especially the bottom end) are semver-major, and often very hard to automate safely. The linked issue gets a little in the weeds toward the end, but fundamentally we shouldn't be doing anything to peerDependencies right now (or "surprise" changes, as described in #955).

@Dru89
Copy link
Author

Dru89 commented Nov 21, 2017

Oh, cool. I'm okay closing this as a duplicate and just following #1018, then. Sorry, I tried to search for this but had a harder time finding it.

@stale
Copy link

stale bot commented Dec 27, 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Dec 27, 2018
@stale stale bot closed this as completed Jan 3, 2019
@lock
Copy link

lock bot commented Apr 3, 2019

This thread has been automatically locked because there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Apr 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evocateur @Dru89