[BUG] `npm` sometimes unexpected overrides peer dependencies, resulting in an invalid tree
G-Rath opened this issue Β· comments
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
In some cases when attempting to upgrade packages that involve peer dependencies that conflict instead of erroring npm
will decide to override peer dependencies (which is emitted as a warning), resulting in a tree that will then error when running npm install
afterwards:
npm-peer-check on ξ main is π¦ v1.0.0 via ξ v20.11.0 took 3s
β― npx npm@latest i @vitejs/plugin-legacy@latest
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: npm-peer-check@1.0.0
npm error Found: vite@3.2.10
npm error node_modules/vite
npm error vite@"^3.2.10" from the root project
npm error
npm error Could not resolve dependency:
npm error peer vite@"^5.0.0" from @vitejs/plugin-legacy@5.4.0
npm error node_modules/@vitejs/plugin-legacy
npm error @vitejs/plugin-legacy@"5.4.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/jones/.npm/_logs/2024-05-11T00_04_00_251Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/jones/.npm/_logs/2024-05-11T00_04_00_251Z-debug-0.log
npm-peer-check on ξ main is π¦ v1.0.0 via ξ v20.11.0
β― npx npm@latest i vite@latest
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: npm-peer-check@1.0.0
npm warn Found: vite@3.2.10
npm warn node_modules/vite
npm warn peer vite@"^3.0.0" from @vitejs/plugin-legacy@2.3.1
npm warn node_modules/@vitejs/plugin-legacy
npm warn @vitejs/plugin-legacy@"^2.3.1" from the root project
npm warn 1 more (the root project)
npm warn
npm warn Could not resolve dependency:
npm warn peer vite@"^3.0.0" from @vitejs/plugin-legacy@2.3.1
npm warn node_modules/@vitejs/plugin-legacy
npm warn @vitejs/plugin-legacy@"^2.3.1" from the root project
added 3 packages, removed 7 packages, and changed 3 packages in 594ms
npm-peer-check on ξ main [!] is π¦ v1.0.0 via ξ v20.11.0
β― npx npm@latest i
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @vitejs/plugin-legacy@2.3.1
npm error Found: vite@5.2.11
npm error node_modules/vite
npm error vite@"^5.2.11" from the root project
npm error
npm error Could not resolve dependency:
npm error peer vite@"^3.0.0" from @vitejs/plugin-legacy@2.3.1
npm error node_modules/@vitejs/plugin-legacy
npm error @vitejs/plugin-legacy@"^2.3.1" from the root project
npm error
npm error Conflicting peer dependency: vite@3.2.10
npm error node_modules/vite
npm error peer vite@"^3.0.0" from @vitejs/plugin-legacy@2.3.1
npm error node_modules/@vitejs/plugin-legacy
npm error @vitejs/plugin-legacy@"^2.3.1" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/jones/.npm/_logs/2024-05-11T00_04_24_665Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/jones/.npm/_logs/2024-05-11T00_04_24_665Z-debug-0.log
I've had this happen from time-to-time over the last couple of years, but only just gotten around to submitting a bug report - I think generally I've seen this happen with packages like @typescript-eslint
, jest
, and webpack
, though I don't have a reproduction involving them right now.
Expected Behavior
I expect npm
to explode upfront rather than generate a tree it knows will be invalid, unless I provide --legacy-peer-deps
Steps To Reproduce
# 1. setup steps
npm init -y && npm i vite@3 @vitejs/plugin-legacy@2
# 2. refuses to install due to conflicting peer dependencies (which is the correct behaviour)
npm i @vitejs/plugin-legacy@latest
# 3. warns about overriding peer dependencies, but finishes "successfully"
npm i vite@latest # or vite@4
# 4. explodes due to conflicting peer dependencies
npm i
Environment
- npm: v10.5.1 and reproduced with
npx npm@latest
too (v10.7.0 at time of writing) - Node.js: v20.11.0
- OS Name: Ubuntu
- System Model Name: ummm
- npm config:
β― npm config ls
; "user" config from /home/jones/.npmrc
audit = false
fund = false
; node bin location = /home/jones/.nodenv/versions/20.11.0/bin/node
; node version = v20.11.0
; npm local prefix = /home/jones/workspace/projects-scrap/npm-peer-check
; npm version = 10.5.1
; cwd = /home/jones/workspace/projects-scrap/npm-peer-check
; HOME = /home/jones
; Run `npm config ls -l` to show all defaults.
β― npm config ls -l | grep peer
legacy-peer-deps = false
save-peer = false
strict-peer-deps = false
fwiw I also seem to sometimes get a hang when attempting to upgrade/install vite-based dependencies - I don't have enough to decide its worth an official bug report myself, but if someone wants me to anyway I can; it seems sometimes when installing vitest
or vite@latest
, and that it gets stuck around/after "idealTree"
(actually that could be because of #7491)