standard / eslint-config-standard

ESLint Config for JavaScript Standard Style

Home Page:https://standardjs.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

dependencies need to be updated (unable to resolve dependency tree)

jimblue opened this issue · comments

What version of this package are you using?
eslint-config-standard v16.0.2

What operating system, Node.js, and npm version?
node v15.14.0 and npm v7.9.0

What happened?
Since the release of eslint-plugin-promise v5.1.0 it's impossible to install npm packages:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: eslint-plugin-promise@5.1.0
npm ERR! node_modules/eslint-plugin-promise
npm ERR!   dev eslint-plugin-promise@"5.1.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer eslint-plugin-promise@"^4.2.1" from eslint-config-standard@16.0.2
npm ERR! node_modules/eslint-config-standard
npm ERR!   dev eslint-config-standard@"16.0.2" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /Users/jimblue/.cache/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/jimblue/.cache/npm/_logs/2021-04-15T20_56_15_512Z-debug.log

What did you expect to happen?
eslint-config-standard npm dependencies should be updated to fix this.

Are you willing to submit a pull request to fix this bug?
Sure if someone can merge it and create a new eslint-config-standard npm release 😄 !

same here

From what I can read it seems that you want us to upgrade eslint-plugin-promise to 5.x, is that correct?

yes, please

@LinusU ya it would be awesome ! thank you 😃

I think this needs a "step to reproduce". I just tried this with Node 16.0.0 and npm 7.10.0:

  1. mkdir test-npm7-standard
  2. cd test-npm7-standard
  3. npm init
  4. npm install -D eslint-config-standard
  5. Success ✅
Resulting package.json
{
  "name": "test-npm7-standard",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "devDependencies": {
    "eslint-config-standard": "^16.0.2"
  }
}

If I continue and then do:

  1. npm install -D eslint-plugin-promise
  2. Success ✅ eslint-plugin-promise@4.3.1 was installed
Resulting package.json
{
  "name": "test-npm7-standard",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "devDependencies": {
    "eslint-config-standard": "^16.0.2",
    "eslint-plugin-promise": "^4.3.1"
  }
}

To get all correct peer dependencies I can use the third party install-peerdeps and do:

  1. npx install-peerdeps --dev eslint-config-standard
  2. Success ✅
Resulting package.json
{
  "name": "test-npm7-standard",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "devDependencies": {
    "eslint": "^7.24.0",
    "eslint-config-standard": "^16.0.2",
    "eslint-plugin-import": "^2.22.1",
    "eslint-plugin-node": "^11.1.0",
    "eslint-plugin-promise": "^4.3.1"
  }
}

All in all: I'm not sure what is broken? I don't believe npm 7.10.0 has changed anything relevant to this and Node 16 or 15 doesn't matter.

The only thing I can think of that causes you a problem is if you installed a too new eslint-plugin-promise prior to upgrading to npm 7 and npm 7 now correctly points out that you are using an unsupported version of eslint-plugin-promise?

Then do a npx install-peerdeps --dev eslint-config-standard and you will be back in sync.

Indeed, doing npm install -D eslint-plugin-promise will install eslint-plugin-promise@4.3.1 but the current latest version is 5.1.0, might be a bug with npm, I don't really know, see the package page: https://www.npmjs.com/package/eslint-plugin-promise.

The only thing I can think of that causes you a problem is if you installed a too new eslint-plugin-promise

In my opinion, this package should support most up to date, plugins/package it is actually using, so we should; support the latest version of eslint-plugin-promise with npm@7. @voxpelli

The rules standard uses to tell whether code is correct or not is based on a ^4.2.1 version of eslint-plugin-promise.

The 5.x release of eslint-plugin-promise is a major version newer than what standard defines its rule set by, hence it can very much change the rule definitions in a way that goes against the rules intended by standard.

So standard needs to do one of two things:

  1. After vetting the 5.x release of eslint-plugin-promise, conclude that its from the perspective of standard is a non-breaking change and then do a patch-level release that extends the version range in the peer dependencies to allow both ^4.2.1 and ^5.0.0.
  2. After vetting the 5.x release of eslint-plugin-promise, conclude that its from the perspective of standard is a breaking release and then:
    1. Include it in the next major-level release of standard, adapting the breaking changes into the new definition of standard
    2. Conclude that the new version is not fit for standard and refuse the version, sticking with ^4.1.2. This would longer term mean to either try to change eslint-plugin-promise to be fit for standard again, find an alternative to eslint-plugin-promise or fork eslint-plugin-promise.

In this specific case, as outlined in #183, the conclusion should be 1. and the PR there should highlight that and be possible to release as a patch-version.

But – crucially – there is nothing in a new major version of any peer dependency of standard that standard necessarily needs to accept. They are all merely implementations of the linting rules that standard defines.

Lastly:

This issue claims:

Since the release of eslint-plugin-promise v5.1.0 it's impossible to install npm packages:

That is simply not true. As long as one installs the correct peer dependencies for eslint-config-standard it works correctly.

Also, if one disagrees with npm 7 and their enforcement of peer dependencies and wants it to work like the old days, then one can always use npm install --legacy-peer-deps to have it work like npm 6.

If you use a service such as Dependabot, it consistently tells us to bump eslint-plugin-promise to v5.1.0, it is only after explicitly updating to v5.1.0 that issues are encountered. Doing a clean install of eslint-config-standard will not cause problems, only updating versions of peer dependencies.

Updating to v5.1.0 causes phantom installation errors on a clean install or upgrade, but not npm install if node_modules already exists. It is only causing problems when it is manually installed above the current major in eslint-config-standard in the package.json that it leads to resolution errors.

Yes, it needs proper time to be updated and confirm that everything is still working as intended or if it needs to be scheduled as a major or minor patch, which is what is happening in #183 as far as I can tell. I believe this was to get that ball rolling for sure and make sure everyone is on the same page searching for this error, not for sudden changes overnight. This package is distributed through npm, it cannot be expected that everyone will use legacy options and outdated versions. They may not exist in the future, either. Legacy tends to become a legacy. This issue was made to bring attention to the problem so it can be known and worked on resolving it. The new version resolution is going to change everything going forward and make not keeping up to date all the more problematic for developers.

It is impossible to install eslint-config-standard or upgrade your dependency tree, unless you are using outdated versions or bypassing the new intended installation method.

Looking at the flip side, if someone tried to use a horribly outdated version of node and npm, they would be told to upgrade as it is out of your supported versions. If you are outdated? We get told to use legacy package manager flags or versions. At least that is how I interpreted it.

Hey @LinusU !

From what I can read it seems that you want us to upgrade eslint-plugin-promise to 5.x, is that correct?

Any change to release a new version of eslint-config-standard 🙂 ?

Yep, it could be cool if we could merge #183 and release a new minor version! 😄

With yarn install I see a warning:

warning " > eslint-config-standard@16.0.2" has incorrect peer dependency "eslint-plugin-promise@^4.2.1".

I have 5.1.0 installed as peer dependency

@JustFly1984 Fix by swapping to the correct current peer dependency, unless that causes you some other issue:

yarn add eslint-plugin-promise@^4.2.1

Closed as #186