-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
peerDependencies not honored over dependencies when both are specified #7869
Labels
Comments
Electroid
added
the
bun install
Something that relates to the npm-compatible client
label
Dec 27, 2023
This was referenced May 23, 2024
This was referenced Jun 1, 2024
This was referenced Aug 22, 2024
This was referenced Aug 29, 2024
This was referenced Sep 5, 2024
This was referenced Sep 25, 2024
This was referenced Oct 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
What version of Bun is running?
1.0.20
What platform is your computer?
macOS
What steps can reproduce the bug?
This bug affects npm as well, but not yarn or pnpm.
Given the following config:
The design goal of this is to provide a dependency version specified by us, but allow it to be overridden by peerDependency in client projects if their installed version is greater than ours. Looking at this RFC that was closed as completed, it seems like this is meant to work in npm. However, both versions are currently installed. Here is an example repo demonstrating the current behavior: https://github.com/quantizor/styled-components-repro
I did an analysis of other package managers like yarn and pnpm, and they both seem to honor
peerDependencies
as an override overdependencies
if both are specified in a library being consumed by a client application.You can see this in action for the supplied reproduction repository by following these instructions after cloning:
node_modules
andpackage-lock.json
yarn install
node_modules/styled-components
that no extranode_modules
folder is addedWhat is the expected behavior?
If a package declared in both
dependencies
andpeerDependencies
,peerDependencies
should "win" if a compliant higher version is installed in the client application.What do you see instead?
postcss
is installed in rootnode_modules
and also innode_modules/styled-components/node_modules
. There should only be the root version which is one patch release higher than that is specified innode_modules/styled-components/package.json
.Additional information
cd
into the directorypackage-lock.json
andnode_modules
bun install
node_modules/styled-components/node_modules
has a duplicated module forpostcss
(there is a higher version also installed atnode_modules/postcss
)The text was updated successfully, but these errors were encountered: