-
Notifications
You must be signed in to change notification settings - Fork 3k
npm 3: No warning when peer dependency also listed as regular dependency cannot be met #9050
Comments
Would it be possible to only validate peer dependencies against top-level dependencies and issue a warning if the peer dependency is not satisfied? Then you could supply both a dependency and a peer dependency if dedupe hoist the right dependency to the top-level everything is good; otherwise you get a warning. |
@papandreou Can you make your test module's sources publicly available? I can recreate them myself of course, but it would be easier if we were working from the same thing. |
Absolutely. I cleaned it up a bit, dropped the The sources are available here: https://github.com/papandreou/peerdep Here's how I published the packages:
Like in the original description of the issue, I don't get a warning when I try to install
|
The current peerDependencies logic is: Given that Because you've ALSO set a regular dependency on I'm not convinced that this is incorrect behavior. It's a bit confusing, but I think that both providing a |
I agree that it seems like a
Hmm... My intuition says that it should care where from now that the |
Or rather, "If this module is installed anywhere in the tree, it should be at least one level above me, and its version should satisfy this spec". |
Well, I'm not opposed per se to your clarification. |
I'm gonna schedule this for next week and see how that change feels. |
Thanks a lot for looking into it :) |
Ok, I like this change. This is what output from my patch looks like: (In my example
Plus, this let me add another enhancement– if more than one module needs a peerdep, we report all of them:
|
That looks like a very good solution. |
Thanks a lot! This saves the day. Wrt. me switching back and forth between "it should be at the root level" and "it should be at least one level above me", I've been thinking about it some more, and I'm no longer as sure as I was when I wrote it. Both interpretations will work fine in our own use case, and it's not that I think "one level above me" is wrong, even if it's the most liberal of the two. My intuition simply doesn't tell me what the right arena for settling the peer dependencies should be. I think what I'm asking is -- can anyone come up with an example where the peer dependencies would have to be satisfied at the root level, ie. where the |
Never mind the last bit. My colleague @gustavnikolaj convinced me that "one level above me" is in fact the correct arena. Then the level above can specify its own peer dependency if it needs to escalate the resolution even further up the three. |
So the changes described here landed in 3.2.2, I do think this is an improvement, but while I was thinking through this I got thinking and I think looking from the perspective of the I'm going to make another ticket for changing to that behavior and I'll link it here when I do. |
See: nodejs/node#3402 |
Hi!
The unexpected.js team is currently looking into npm 3 in order to come up with a plan for how to ensure that only compatible plugins are installed into the library. We have some complex scenarios where some plugins depend on certain versions of other plugins being installed into the libary instance, and until now we have used
peerDependencies
to express those requirements. Also, we have been relying on the somewhat controversial feature that the mere presence of a peer dependency will cause the module to be installed.All in all it seems like npm 3 can lead to a much better experience for our users. The only unsolved problem for us is that scenario where a plugin requires another plugin to be installed in a specific version (range). Reading through the discussion on #6565 we were led to believe that we could achieve that by listing the second level plugin under both
dependencies
andpeerDependencies
of the plugin that needs it.As an experiment we tried publishing four packages to our private npm repo:
bogus_a
@1.0.0, listsbogus_b
@1.0.0 andbogus_c
@1.0.0 underdependencies
bogus_b
@1.0.0, listsbogus_d
@1.0.0 under bothdependencies
andpeerDependencies
bogus_c
@1.0.0, listsbogus_d
@2.0.0 under bothdependencies
andpeerDependencies
bogus_d
@1.0.0 and @2.0.0We expected that installing
bogus_a
@1.0.0 would cause a warning because both of thebogus_d
peer dependencies cannot be fulfilled at the same time. However, it seems like the peer dependency is ignored in this case:The multistage/dedupe process does exactly the right thing, as it cannot install a
bogus_d
at the top level that would be satisfied by both1.0.0
and2.0.0
-- but there's no warning about the peer dependencies not being met.Would it be possible to get that warning?
The text was updated successfully, but these errors were encountered: