Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

peerDependencies not honored over dependencies when both are specified #7869

Open
quantizor opened this issue Dec 27, 2023 · 0 comments
Open
Labels
bug Something isn't working bun install Something that relates to the npm-compatible client

Comments

@quantizor
Copy link

What version of Bun is running?

1.0.20

What platform is your computer?

macOS

What steps can reproduce the bug?

This bug affects npm as well, but not yarn or pnpm.

Given the following config:
Screenshot 2023-12-27 at 2 45 46 PM

The design goal of this is to provide a dependency version specified by us, but allow it to be overridden by peerDependency in client projects if their installed version is greater than ours. Looking at this RFC that was closed as completed, it seems like this is meant to work in npm. However, both versions are currently installed. Here is an example repo demonstrating the current behavior: https://github.com/quantizor/styled-components-repro

I did an analysis of other package managers like yarn and pnpm, and they both seem to honor peerDependencies as an override over dependencies if both are specified in a library being consumed by a client application.

You can see this in action for the supplied reproduction repository by following these instructions after cloning:

  1. Delete node_modules and package-lock.json
  2. Run yarn install
  3. Observe in node_modules/styled-components that no extra node_modules folder is added

What is the expected behavior?

If a package declared in both dependencies and peerDependencies, peerDependencies should "win" if a compliant higher version is installed in the client application.

What do you see instead?

postcss is installed in root node_modules and also in node_modules/styled-components/node_modules. There should only be the root version which is one patch release higher than that is specified in node_modules/styled-components/package.json.

Additional information

  1. Clone https://github.com/quantizor/styled-components-repro and cd into the directory
  2. Delete package-lock.json and node_modules
  3. Run bun install
  4. Observe that node_modules/styled-components/node_modules has a duplicated module for postcss (there is a higher version also installed at node_modules/postcss)
@quantizor quantizor added the bug Something isn't working label Dec 27, 2023
@Electroid Electroid added the bun install Something that relates to the npm-compatible client label Dec 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working bun install Something that relates to the npm-compatible client
Projects
None yet
Development

No branches or pull requests

2 participants