Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Peer dependency invalid version requirement #325

Closed
lil5 opened this issue Nov 3, 2023 · 1 comment
Closed

Peer dependency invalid version requirement #325

lil5 opened this issue Nov 3, 2023 · 1 comment

Comments

@lil5
Copy link

lil5 commented Nov 3, 2023

What version of @tailwindcss/typography are you using?

v0.5.8

What version of Node.js are you using?

v20.5.0

What browser are you using?

n/a

What operating system are you using?

macOS

Reproduction repository

https://semver.npmjs.com/

Describe your issue

  1. Go to https://semver.npmjs.com/
  2. Set the package name to @tailwindcss/typography
  3. and version range to >=3.0.0 || insiders (as defined here)

Expected

A valid range

Actual result

✕ Invalid range. View [syntax examples](https://semver.npmjs.com/#syntax-examples)

Notes

This breaks npm updates, here is an example using npm-check-updates

npm-check-updates --peer --target minor   
Checking /Users/lil5/Projects/clothingloop/clothing-loop/frontend/package.json
[====================] 51/51 100%
[====================] 38/38 100%

 @tailwindcss/typography              ^0.5.8  →   ^0.5.10
 autoprefixer                       ^10.4.13  →  ^10.4.16

Ignored incompatible updates (peer dependencies):

 tailwindcss  ^3.3.0  →  ^3.3.5  reason: @tailwindcss/typography requires >=3.0.0 || insiders

Run ncu --peer --target minor -u to upgrade package.json
@lil5 lil5 mentioned this issue Nov 3, 2023
Closed
@thecrypticace
Copy link
Contributor

Hey so this is not invalid and is a problem with npm-check-updates and incorrect assumptions about version strings accepted by NPM.

During installation Arborist (NPM's dep management tool):

  1. Builds the tree of to-be-installed packages
  2. During that process calls #buildDeps -> #nodeFromSpec -> #fetchManifest
  3. Ultimately resulting in a call to something similar to this (pacote being the package downloader NPM uses):
await pacote.manifest({
  name: "tailwindcss",
  rawSpec: "^3.0 || insiders"
})

This calls into the registry which resolves the version to v3.3.5 as of this writing.

If you pass through just insiders (equivalent to "tailwindcss": "insiders"):

await pacote.manifest({
  name: "tailwindcss",
  rawSpec: "insiders"
})

Then it picks up the package manifest for latest insiders build and uses it to resolve dependencies. All this to say, this isn't invalid. NPM handles this, does so intentionally, and you can see this behavior when using something like npm outdated with these version strings. While semver is used to pick up package versions — it is not the only thing in use but it's not well documented. This is probably why npm-check-updates considers it invalid.

@lil5 lil5 mentioned this issue Nov 4, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove insiders in peerDependencies lil5/tailwindcss-typography
2 participants
@thecrypticace @lil5