-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Multiple related packages install fail due to wrong peerDependencies resolution #3666
Comments
I've updated npm to 7.23.0 and I am still seeing this error. Are there any updates? |
The error is still present on 7.24.2. @sarunint 's reproduction is very easy to understand once you look at the code in the repository: https://gitlab.com/sarunint/npm-dependency-bug . Here's a diagram: |
I don't know if this is the same issue, but I appear to have a peer version of "*" being expanded into "0.0.0" and then failing?
|
Thanks for the thorough repro and explanation! This is definitely a bug, since it's a case npm should be able to resolve. Another interesting thing I found when debugging this is that if I run the problematic install command with echo "@sarunint:registry=https://gitlab.com/api/v4/projects/28910102/packages/npm/" > .npmrc
# reset everything
rm -rf node_modules/ package-lock.json package.json
npm init -y
# install the end result we want directly, this works
npm install -E @sarunint/order-f-package-1@1.0.1 @sarunint/order-f-package-2@1.0.1 @sarunint/order-f-package-3@1.0.1 @sarunint/order-f-package-4@1.0.0 --loglevel silly
cp package-lock.json this-was-successful.json
# reset everything again
rm -rf node_modules/ package-lock.json package.json
npm init -y
# install all 1.0.0
npm install -E @sarunint/order-f-package-1@1.0.0 @sarunint/order-f-package-2@1.0.0 @sarunint/order-f-package-3@1.0.0 @sarunint/order-f-package-4@1.0.0 --loglevel silly
# then install packages 1,2,3@1.0.1, but with force
npm install -E @sarunint/order-f-package-1@1.0.1 @sarunint/order-f-package-2@1.0.1 @sarunint/order-f-package-3@1.0.1 --force --loglevel silly
cp package-lock.json force.json
cmp this-was-successful.json force.json
# shows 0 since files are identical
echo $? |
And another, when attempting
|
Similar for me. There's a package
|
I believe the issue I've reported here might be related too: #4104 |
angular/angular#44959 one more related issue. |
Hi, any updates on this? |
Hi there, This issue is still affecting Angular users. Can we perhaps get a status update? |
@lukekarrys did you have a chance to dig into this? It indeed affects angular and that's a lot of users. Would be nice if this was fixed. Using the npm version that ships with Node.js 16 LTS:
|
We used |
I got that error when upgrading to angular version from 11 to version 12. |
The same happens with
npm: 9.6.6 |
The same issue is happening with npm v10.5.1 often with Remix dependencies, you should be able to reproduce this in a completely empty project. Mine were at version 2.8.0, and upgrading them results in the peer dependency errors:
What is it about these dependencies that makes it so hard for npm to resolve? Additional info, if it matters:
|
Another example of this is a conflict between There's an unexpected workaround here which is to first install Repro
Output: (2024-12-26T14_45_27_618Z-debug-0.log) Environment
|
Is there an existing issue for this?
Current Behavior
Reopening #3171 (cc @cyrilletuzi)
(The content below is modified from #3171)
When having multiple packages relying on each others having the exact same version, trying to update them all via
npm install
fails when there is another package which loosely rely on them via"peerDependencies": "^x.x.x"
, due to npm7 erroneous resolution.Real world example: Angular core packages are supposed to be installed with the exact same version, so for example
@angular/common@12.1.1
has"peerDependencies": { "@angular/core": "12.1.1" }
(note the exact version).Until now everything is fine. You can update all versions to
12.2.1
inpackage.json
, runnpm install
and it works.But now add another package which relies on one of the core packages, for example@angular-devkit/build-angular@11.2.9
has a"peerDependencies": { "@angular/compiler-cli": "^11.0.0 || ^12.0.0-next" }
.Now if you update all versions to11.2.10
inpackage.json
and runnpm install
, it fails.(The striketrough text issue has been solved in
npm@7.20.3
, as stated in #3171 (comment).)This time, there are two more dependencies that become related in this, namely:
@angular/animations@12.1.1
. Similar to@angular/common@12.1.1
, this package has"peerDependencies": { "@angular/core": "12.1.1" }
ngx-clipboard@14.0.1
, which is a clipboard library for Angular. This one has the following:If you modify all
12.1.1
versions to12.2.2
and runnpm install
, I get the following error:I've created test packages to try to debug this issue, and published them to my GitLab registry.
I also discovered that the order of the package names does matter, surprisingly! As you can see with my test packages, I've dedicated
package-4
tongx-clipboard
in the above example, andpackage-{1,2,3}
to 3@angular/*
packages, with all 6 permutations (order-{a,b,c,d,e,f}
). It turns out that only permutationd
andf
does reproduce the issue.Expected Behavior
npm install
should work, as versions are correct andpeerDependencies
are respected.Steps To Reproduce
mkdir npmissue
cd npmissue
echo "@sarunint:registry=https://gitlab.com/api/v4/projects/28910102/packages/npm/" > .npmrc
npm init -y
npm install -E @sarunint/order-f-package-1@1.0.0 @sarunint/order-f-package-2@1.0.0 @sarunint/order-f-package-3@1.0.0 @sarunint/order-f-package-4@1.0.0
1.0.0
with1.0.1
for only first 3 packages.npm install
: should fail with following error:(You can try replace
order-f
with other variants. Onlyorder-d
andorder-f
will reproduce the issue.)Environment
The text was updated successfully, but these errors were encountered: