-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] npm 7 makes incorrect suggestion when encountering peer deps issues #2123
Comments
Reverting back to npm 6.14.8 solved this for me for now using |
This isn’t a bug; it’s a correct warning because your dependency graph is invalid. you have webpack 5, but v3.7.2 of webpack-dev-middleware requires webpack 4. Your choices are to downgrade to webpack 4, upgrade to a version (of available) of webpack-dev-middleware that supports webpack 5, or remove webpack-dev-middleware entirely. The message telling you to use —force is misleading, yes, because this isn’t programmatically fixable. |
@ljharb I think you misread the issue. I'm not claiming that either the failed installation or the warning message is a bug. See #2119 (comment), from which I borrowed to use as an example of an install that contains a peer dependency incompatibility. This issue is entirely about the It's not exactly clear to me what the |
I don’t think any option should suppress the warnings, but i agree that if the suggestion won’t work, it shouldn’t be phrased as if it will :-) |
Well, yeah, this is a bug. It should either not tell you to use Rather than roll back to npm v6, I'd suggest using Here's the minimal reproduction package.json file that I'm using: {
"devDependencies": {
"webpack-dev-server": "^3.11.0",
"@pmmmwh/react-refresh-webpack-plugin": "^0.4.3"
}
} |
The npm@6 behavior is "ignore peerDependencies entirely". That's what
You've found a case where we don't do the right thing (or at least, the intended thing, fraught though it may be) in the That bit where it says "recommended protections disabled", this is one of those "recommended protections". npm v7 tries to not ever give you a tree that violates the stated dependency contracts of any packages. |
Ah, that's what I had originally expected it to do! I like this behavior, because For example, if you have something like this, where {
"scripts": {
"build": "babel index.js"
},
"devDependencies": {
"@babel/cli": "^7.12.0",
"webpack-dev-server": "^3.11.0",
"webpack": "^5.0.0"
}
} Using (I understand that this is all danger zone territory, but it does help to understand the intention of |
Discovered an interesting issue with the following dependency set: ```json { "devDependencies": { "webpack-dev-server": "^3.11.0", "@pmmmwh/react-refresh-webpack-plugin": "^0.4.3" } } ``` `webpack-dev-server` here has a peerDependency on webpack v4. But, the dependencies of `@pmmmwh/react-refresh-webpack-plugin` have peer dependencies on webpack at `4 || 5`. So, a resolution _should_ be possible. Since the `@pmmmwh/react-refresh-webpack-plugin` package is alphabetically first, it loads its deps, and ends up placing webpack@5 to satisfy the dep with the latest and greatest. Then when `webpack-dev-server` gets to its eventual peer dep on webpack, it can't replace it, because `webpack@5` has a dependency on `terser-webpack-plugin@^5.0.3`, which in turn has a peer dependency on `webpack@5.4.0`. When we check to see if webpack 5 can be replaced, we find it has a dependent, and reject the replacement. But that dependent is only present as a dependency of the thing being replaced, so should not be considered. Second, while the source of the `terser-webpack-plugin` is `webpack`, it cannot be installed there, because it has peer deps that are also peer deps of webpack. So, we _must_ place it in the root node_modules, but were not attempting the "source" location overrides, because the root is not the source. This was a second issue resulting in `ERESOLVE` errors even when `--force` was applied. Fixes: #180 Fixes: npm/cli#2123
Discovered an interesting issue with the following dependency set: ```json { "devDependencies": { "webpack-dev-server": "^3.11.0", "@pmmmwh/react-refresh-webpack-plugin": "^0.4.3" } } ``` `webpack-dev-server` here has a peerDependency on webpack v4. But, the dependencies of `@pmmmwh/react-refresh-webpack-plugin` have peer dependencies on webpack at `4 || 5`. So, a resolution _should_ be possible. Since the `@pmmmwh/react-refresh-webpack-plugin` package is alphabetically first, it loads its deps, and ends up placing webpack@5 to satisfy the dep with the latest and greatest. Then when `webpack-dev-server` gets to its eventual peer dep on webpack, it can't replace it, because `webpack@5` has a dependency on `terser-webpack-plugin@^5.0.3`, which in turn has a peer dependency on `webpack@5.4.0`. When we check to see if webpack 5 can be replaced, we find it has a dependent, and reject the replacement. But that dependent is only present as a dependency of the thing being replaced, so should not be considered. Second, while the source of the `terser-webpack-plugin` is `webpack`, it cannot be installed there, because it has peer deps that are also peer deps of webpack. So, we _must_ place it in the root node_modules, but were not attempting the "source" location overrides, because the root is not the source. This was a second issue resulting in `ERESOLVE` errors even when `--force` was applied, with this dependency set: ```json { "devDependencies": { "webpack-dev-server": "^3.11.0", "webpack": "^5.0.0" } } ``` Fixes: #180 Fixes: npm/cli#2123
Discovered an interesting issue with the following dependency set: ```json { "devDependencies": { "webpack-dev-server": "^3.11.0", "@pmmmwh/react-refresh-webpack-plugin": "^0.4.3" } } ``` `webpack-dev-server` here has a peerDependency on webpack v4. But, the dependencies of `@pmmmwh/react-refresh-webpack-plugin` have peer dependencies on webpack at `4 || 5`. So, a resolution _should_ be possible. Since the `@pmmmwh/react-refresh-webpack-plugin` package is alphabetically first, it loads its deps, and ends up placing webpack@5 to satisfy the dep with the latest and greatest. Then when `webpack-dev-server` gets to its eventual peer dep on webpack, it can't replace it, because `webpack@5` has a dependency on `terser-webpack-plugin@^5.0.3`, which in turn has a peer dependency on `webpack@5.4.0`. When we check to see if webpack 5 can be replaced, we find it has a dependent, and reject the replacement. But that dependent is only present as a dependency of the thing being replaced, so should not be considered. Second, while the source of the `terser-webpack-plugin` is `webpack`, it cannot be installed there, because it has peer deps that are also peer deps of webpack. So, we _must_ place it in the root node_modules, but were not attempting the "source" location overrides, because the root is not the source. This was a second issue resulting in `ERESOLVE` errors even when `--force` was applied, with this dependency set: ```json { "devDependencies": { "webpack-dev-server": "^3.11.0", "webpack": "^5.0.0" } } ``` Fixes: #180 Fixes: npm/cli#2123 PR-URL: https://github.com/pull/182 Credit: @isaacs Close: #182 Reviewed-by: @darcyclarke
Super bro.it worked👍 |
solved the problem using this command npm install -g npm@latest Thank you kapoko |
Current Behavior:
When
npm install
fails due to peer dep incompatibilities, something like this is printed:The suggestion to "retry this command with --force" doesn't appear to work.
npm install --force
prints exactly the same output, with only the addition of:Expected Behavior:
I would expect the suggested command to work, or I would expect it not to be suggested.
Steps To Reproduce:
npm install webpack@5 webpack-dev-server@3
.npm install --force webpack@5 webpack-dev-server@3
, as suggested by the output of the first command.--force
.Environment:
The text was updated successfully, but these errors were encountered: