[BUG] Multiple related packages install fail due to wrong peerDependencies resolution

[cyrilletuzi]

Reopening #3083, given that npm/arborist#266 and npm/arborist#272 didn't fix the issue.

Current Behavior:

When having multiple packages relying on each others having the exact same version, trying to update them all via npm install fails when there is another package which loosely rely on them via "peerDependencies": "^x.x.x", due to npm7 erroneous resolution.

Real world example: Angular core packages are supposed to be installed with the exact same version, so for example @angular/common@11.2.9 has "peerDependencies": { "angular/core": "11.2.9" } (note the exact version).

Until now everything is fine. You can update all versions to 11.2.10 in package.json, run npm install and it works.

But now add another package which relies on one of the core packages, for example @angular-devkit/build-angular@11.2.9 has a "peerDependencies": { "@angular/compiler-cli": "^11.0.0 || ^12.0.0-next" }.

Now if you update all versions to 11.2.10 in package.json and run npm install, it fails.

Expected Behavior:

npm install should work, as versions are correct and peerDependencies are respected.

Steps To Reproduce:

Working:

1. mkdir npmissue
2. cd npmissue
3. npm init -y
4. npm install @angular/common@11.2.9 @angular/compiler@11.2.9 @angular/core@11.2.9 @angular/platform-browser@11.2.9 @angular/platform-browser-dynamic@11.2.9 -E
5. npm install @angular/compiler-cli@11.2.9 -D -E
6. Search/replace 11.2.9 > 11.2.10 in package.json
7. npm install: OK

Failing:

1. Previous steps from 1 to 5 (included)
2. npm install @angular-devkit/build-angular@0.1102.9 -D -E
3. Search/replace 11.2.9 > 11.2.10 and 0.1102.9 > 0.1102.10 in package.json
4. npm install: fails with peerDependencies errors

npm log

Found: @angular/common@11.2.9
node_modules/@angular/common
  @angular/common@"11.2.10" from the root project
  peer @angular/common@"11.2.9" from @angular/platform-browser@11.2.9
  node_modules/@angular/platform-browser
    @angular/platform-browser@"11.2.10" from the root project
    peer @angular/platform-browser@"11.2.9" from @angular/platform-browser-dynamic@11.2.9
    node_modules/@angular/platform-browser-dynamic
      @angular/platform-browser-dynamic@"11.2.10" from the root project
  peer @angular/common@"11.2.9" from @angular/platform-browser-dynamic@11.2.9
  node_modules/@angular/platform-browser-dynamic
    @angular/platform-browser-dynamic@"11.2.10" from the root project

Could not resolve dependency:
@angular/common@"11.2.10" from the root project

Conflicting peer dependency: @angular/core@11.2.10
node_modules/@angular/core
  peer @angular/core@"11.2.10" from @angular/common@11.2.10
  node_modules/@angular/common
    @angular/common@"11.2.10" from the root project

Fix the upstream dependency conflict, or retry
this command with --force, or --legacy-peer-deps
to accept an incorrect (and potentially broken) dependency resolution.

Environment:

• OS: macOS 11.2.3
• Node: 14.16.1
• npm: 7.11.2

Additional information:

This issue was raised because it causes issues in automatic dependencies update tools like Renovate, which are doing exactly what I described: updating the package.json and then doing a npm install.

See renovatebot/renovate#9561 for the Renovate issue, and cyrilletuzi/angular-async-local-storage#628 for a real world example, with npm logs.

Additional debug info:

Doing rm -rf node_modules && rm package-lock.json, then npm install works without errors or warnings.

Or doing npm install --force, then npm install has no more errors.

Meaning the peerDependencies are indeed respected and it should work in the first place. Seems like the presence of package-lock.json and/or node_modules results in an issue in correct dependencies resolution.

[nlf]

i'm not able to reproduce this as npm install @angular-devkit/build-angular@11 -D -E fails due to no matching versions, and indeed there is no published version of that package with a semver major of 11.

without that package installed i had no issues with following the rest of your steps. i'm not sure how that command is installing anything for you at all, do you have a separate registry configured?

[cyrilletuzi]

@nlf Sorry, it was just an error in the reproduction step. This package has a different version management indeed, I have updated the initial message with the correct instructions.

[nlf]

no problem! that got the reproduction working, thanks for making it clear 👍

[talsi]

hi,
any news about upcoming fix fir this bug?

[cyrilletuzi]

Closing this issue as it's now resolved (tested with npm 7.20.3, but I think it was already fixed since a few minor versions).

[talsi]

@cyrilletuzi it still happens to me using 7.24.2

[e1himself]

I still have this issue with npm v8.1.4

Steps to reproduce

mkdir peer-dependency-conflict-demo
cd peer-dependency-conflict-demo
npm add react@^16.9.0
npm add react-bootstrap@=0.32.4

Expected Behavior

NPM installs the requested package, knowing that the current installed version of react is compatible with its peer requirements ("react": "16.14.0" satisfies ^0.14.9 || >=15.3.0).

Actual Behavior

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: undefined@undefined
npm ERR! Found: react@16.14.0
npm ERR! node_modules/react
npm ERR!   react@"^16.14.0" from the root project
npm ERR!   peer react@"^0.14.9 || >=15.3.0" from react-bootstrap@0.32.4
npm ERR!   node_modules/react-bootstrap
npm ERR!     react-bootstrap@"=0.32.4" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"17.0.2" from react-dom@17.0.2
npm ERR! node_modules/react-dom
npm ERR!   peer react-dom@"^0.14.9 || >=15.3.0" from react-bootstrap@0.32.4
npm ERR!   node_modules/react-bootstrap
npm ERR!     react-bootstrap@"=0.32.4" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /home/ivan/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/ivan/.npm/_logs/2021-11-17T15_45_03_518Z-debug.log

UPD: I was not sure if it's the same issue, or a different one. Filed a new ticket: #4104.