-
-
Notifications
You must be signed in to change notification settings - Fork 944
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Injected dependencies are not recopied after a workspace project is rebuilt #4407
Comments
More weirdnessAfter completing steps 1 and 2 above, try this:
Actual behavior:This time, the installation completes without any errors/warnings:
Expected behavior:If step 2 printed an error, then so should step 5. I would expect that deleting The error does not reappear unless you delete BOTH |
We were able to work around this problem by using the dependenciesMeta.*.injected feature like this: {
"name": "test-project",
"version": "0.0.0",
"dependencies": {
"@react-navigation/core": "^5.15.0",
"react": "workspace:*"
},
"dependenciesMeta": {
"react": { "inject": true }
}
} However this does not seem like a correct solution. The documentation for that feature sounds like it is written for a different problem and I didn't understand what is doing technically-- is it actually correctly satisfying the versions? And practically speaking, it would be awkward to ask every developer to remember to do this for every peer dependency. If it's a correct solution, why can't PNPM do this automatically so that the installation behavior matches people's intuitive understanding of how you satisfy a peer dependency? |
Yes, it is correct to use the injected feature in this case. |
Hmmm... this worked in my test project (from the repro steps), but it's not working in our real repo. The Whereas when I use the real NPM packages, I don't understand why |
pnpm syncs the contents of injected dependencies after running their "prepare" or "postinstall" scripts. |
@zkochan I am confused. Let's go back to my original example:
If
The |
I was able to sort of solve it by rewriting the .pnpmfile.cjs
So whereas the old /@hbo/hurley-global-policies/4.2.0_76e775d50468c213fc9eed97bf9a4978:
peerDependencies:
'@hbo/hbomax-core': ^4.0.0
'@hbo/hbomax-localization-policy': ^2.0.0
'@hbo/hbomax-localization-policy-config': ^1.0.0
dependencies:
'@hbo/hbomax-core': file:hbomax-core
'@hbo/hbomax-localization-policy': file:hbomax-localization-policy
'@hbo/hbomax-localization-policy-config': file:hbomax-localization-policy-config
transitivePeerDependencies:
- supports-color
dev: false ...the .pnpmfile.cjs hack instead produces /@hbo/hurley-global-policies/4.2.0:
dependencies:
'@hbo/hbomax-core': link:hbomax-core
'@hbo/hbomax-localization-policy': link:hbomax-localization-policy
'@hbo/hbomax-localization-policy-config': link:hbomax-localization-policy-config
transitivePeerDependencies:
- supports-color
dev: false Maybe what I'm proposing is this: When a peer dependency is satisfied using a |
I believe the best solution here would be to have some This would provide a general solution for multiple classes of problems:
This also makes monorepo builds easily distributable because building in the monorepo looks no different than building a single package in isolation with a bunch of tarballs for its dependencies. |
Update: We have put together a solution for a @g-chao has implemented a proof-of-concept prototype here: https://github.com/g-chao/pnpm-sync-prototype The mechanics are a bit tricky to ensure the command is run at the right times (including the watch mode scenario). Our plan is to implement it first for Rush workspaces, since Rush imposes stricter constraints about how Please share questions/suggestions about by commenting in this GitHub issue. Thanks! |
Update: The |
#6135 tried to add a sync to pnpm related project: https://github.com/NullVoxPopuli/pnpm-sync-dependencies-meta-injected |
@octogonz did you try pnpm-sync-dependencies-meta-injected? 😅 Wondering what feature differences there could be? |
No, we were not aware of your project. Thanks for sharing this!
Looking at the two projects, the differences seem to be:
|
We've published some docs for how & why to use https://rushjs.io/pages/advanced/injected_deps/ This summer we're rolling out this feature in TikTok's huge frontend monorepo. If it goes well, we'd like to propose to integrate the |
Maybe. -- some question: why have a All knowledge is available in the package.jsons and nothing needs to be configable. _why not use pnpm's own utilities? _ For example, here: https://github.com/NullVoxPopuli/pnpm-sync-dependencies-meta-injected/blob/main/cli/src/index.js#L6
isn't this more a concern of your wrapper/monorepo tooling, rather than pnpm-sync itself? like you could do this in a rollup closeBundle, for example -- could do the same with pnpm-sync-dependencie-meta-injected
Is this different from this config option: https://pnpm.io/npmrc#shared-workspace-lockfile Additionally, if using
what's that look like? is it different from just running the CLI? 😅 Thanks! sorry for ignorance! |
Adding |
Great questions! 🙂
This JSON file is needed because
My opinion is that their advantages depend on your situation, and ideally the tool should support both models.
We are applying this in a large monorepo with potentially hundreds of projects getting injected, so our requirements are perhaps more complex.
It's a good suggestion, as the goal is to ultimately contribute this to official PNPM. The current approach tried to minimize NPM dependencies to make it more attractive for RushJS to accept as a dependency.
No. See my explanation above. For serious use cases, the crucial requirements for this feature are something like:
So I think these considerations are central to the design of the tool, not a usage detail.
Suppose we have 1,000 packages in our monorepo:
The API report is here: pnpm-sync-lib/etc/pnpm-sync-lib.api.md For commands like For |
pnpm version: 6.32.2
The real world scenario at my work involves internal company NPM packages with a relationship like this:
A --depends-on--> B --peer-depends-on--> C
...where
A
andC
are in the monorepo, butB
is developed in a separate repo and gets installed from an Artifactory private registry. This is a common situation at a big company if most teams work in a monorepo, but we share some packages with other teams who have their own repo.Code to reproduce the issue:
This is an isolated minimal repro. I substituted
@react-navigation/core
to avoid involving private packages.pnpm install
In this repro:
test-project
depends on@react-navigation/core
@react-navigation/core
has a peer dependency on"react": "*"
test-project
also depends on"react": "workspace:*"
react
has version16.0.0
which should satisfy the peer dependencyActual behavior:
Expected behavior:
The installation should succeed. PNPM should satisfy
react@*
by creating a symlink to the local workspace package.Additional information:
node -v
prints:v14.17.4
The text was updated successfully, but these errors were encountered: