-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Inconsistent dependancies versions for sub-dependancies due to deduplication #5202
Comments
And since you already have How would npm know any differently? There is nothing in the setup of that tree that would inform npm that anything is wrong. |
Because this way it leads to a situations where:
You're suddenly using two different versions of Since |
That may seem intuitive to this situation but that doesn't always translate to it always being the most correct choice. A decision like this (to change how npm dedupes/hoists) needs to go through the rfc process. I would recommend opening either an RFC or an RRFC so that can be evaluated. Here is one that is currently being actively discussed that is related to this issue, namely a way to inform npm of what packages have these sorts of conflicts. That may be relevant, or you may feel that this is a totally separate issue. Closing this as a cli issue as the cli is currently working as designed. Again, please feel free to bring this up through the rfc process. |
I've check the linked existing RFC, and I believe it's not directly related to the issue described. I will gladly open and RFC for this change. Thank you for the suggestion. Before we move on to that, I think it needs to be said that the npm's dedupe seems like optimization, unless I'm mistaken. |
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Consider the following scenario (also available at https://github.com/gplopes/npm-dedupe-peer-deps for repro).
The
npm install
will produce following node_modules structure:@graphql-tools/schema
uses the wronggraphql
version from the root project (main-app
).The version of
graphql
for@graphql-tools/schema
should be decided by the actual consumer of@graphql-tools/schema
, which in this case isproject-a
, notmain-app
.Expected Behavior
npm install
should produce following node_modules stucture:Deduplication should consider the version of
graphql
installed inproject-a
to be the required version for its dependancies defininggraphql
as peer dependancy, like@graphql-tools/schema
in this scenario.Alternatively, sub dependancies with peer dependancies defined should not be deduped at all for version safety.
Steps To Reproduce
npm i
.node_modules
folder where@graphql-tools/schema
and@graphql-tools/stitch
are deduped to the root node_modules.Environment
The text was updated successfully, but these errors were encountered: