fix: prevent dependency version checker finding node_modules outside the project (#6892)

Author: AlessioGr

packages/payload/src/index.ts

@@ -407,7 +407,7 @@ export class BasePayload<TGeneratedTypes extends GeneratedTypes> {
           .join(', ')
 
         throw new Error(
-          `Mismatching payload dependency versions found: ${formattedVersionsWithPackageNameString}. All payload and @payloadcms/* packages must have the same version.`,
+          `Mismatching payload dependency versions found: ${formattedVersionsWithPackageNameString}. All payload and @payloadcms/* packages must have the same version. This is an error with your set-up, caused by you, not a bug in payload. Please go to your package.json and ensure all payload and @payloadcms/* packages have the same version.`,
         )
       }
     }

packages/payload/src/utilities/dependencies/getDependencies.ts

@@ -16,10 +16,14 @@
 
 import { findUp } from 'find-up'
 import { existsSync, promises as fs } from 'fs'
-import { dirname } from 'path'
+import path from 'path'
+import { fileURLToPath } from 'url'
 
 import { resolveFrom } from './resolveFrom.js'
 
+const filename = fileURLToPath(import.meta.url)
+const dirname = path.dirname(filename)
+
 export type NecessaryDependencies = {
   missing: string[]
   resolved: Map<
@@ -49,12 +53,31 @@ export async function getDependencies(
       try {
         const pkgPath = await fs.realpath(resolveFrom(baseDir, pkg))
 
-        const pkgDir = dirname(pkgPath)
+        const pkgDir = path.dirname(pkgPath)
 
         let packageJsonFilePath = null
 
-        await findUp('package.json', { type: 'file', cwd: pkgDir }).then((path) => {
-          packageJsonFilePath = path
+        const processCwd = process.cwd()
+        const payloadPkgDirname = path.resolve(dirname, '../../../') // pkg dir (outside src)
+
+        // if node_modules is in payloadPkgDirname, go to parent dir which contains node_modules
+        if (payloadPkgDirname.includes('node_modules')) {
+          payloadPkgDirname.split('node_modules').slice(0, -1)
+        }
+
+        await findUp('package.json', { type: 'file', cwd: pkgDir }).then((foundPath) => {
+          if (foundPath) {
+            const resolvedFoundPath = path.resolve(foundPath)
+            const resolvedCwd = path.resolve(processCwd)
+
+            if (
+              resolvedFoundPath.startsWith(resolvedCwd) ||
+              resolvedFoundPath.startsWith(payloadPkgDirname)
+            ) {
+              // We don't want to match node modules outside the user's project. Checking for both process.cwd and dirname is a reliable way to do this.
+              packageJsonFilePath = foundPath
+            }
+          }
         })
 
         if (packageJsonFilePath && existsSync(packageJsonFilePath)) {

packages/richtext-lexical/src/index.ts

@@ -78,7 +78,7 @@ export function lexicalEditor(props?: LexicalEditorProps): LexicalRichTextAdapte
           .join(', ')
 
         throw new Error(
-          `Mismatching lexical dependency versions found: ${formattedVersionsWithPackageNameString}. All lexical and @lexical/* packages must have the same version.`,
+          `Mismatching lexical dependency versions found: ${formattedVersionsWithPackageNameString}. All lexical and @lexical/* packages must have the same version. This is an error with your set-up, caused by you, not a bug in payload. Please go to your package.json and ensure all lexical and @lexical/* packages have the same version.`,
         )
       }
     }