-
Notifications
You must be signed in to change notification settings - Fork 64
Add strictPeerDeps, override ERESOLVE if not true #136
Conversation
In the overwhelming majority of cases in the wild, a peer dependency conflict that results in an ERESOLVE can be fixed by using the `--force` flag. However, this has other side effects (causing `npm audit fix` to install semver-major fixes, blowing away file collisions, etc.) which might not be desirable. Also, since it's opt-in, it means that users have to run the install twice for something where we're _pretty_ sure what the right course of action is. Let's just make that particular override the default, and reduce most ERESOLVE errors from a crash to a warning.
I floated this patch locally and attempted to reify two known failing modules I'm a huge fan of this change, it will give the community some time to adjust and update repos. |
@isaacs does this mean that invalid peer deps will no longer fail installs? |
@ljharb it should no longer fail most of the time. It's not the same as It will WARN with that big pretty-formatted |
To be clear, when |
Yes, we'll be setting |
This is the CLI portion of npm/arborist#136
This is the CLI portion of npm/arborist#136 PR-URL: #1819 Credit: @isaacs Close: #1819 Reviewed-by: @ruyadorno
In the overwhelming majority of cases in the wild, a peer dependency
conflict that results in an ERESOLVE can be fixed by using the
--force
flag.However, this has other side effects (causing
npm audit fix
to installsemver-major fixes, blowing away file collisions, etc.) which might not
be desirable. Also, since it's opt-in, it means that users have to run
the install twice for something where we're pretty sure what the right
course of action is.
Let's just make that particular override the default, and reduce most
ERESOLVE errors from a crash to a warning.
(Also, a dumb fix for vuln, should probably pull that in regardless of where we land on this.)
cc: @MylesBorins