Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] npm install --force fails for peerOptional conflicts #2504

Closed
targos opened this issue Jan 18, 2021 · 5 comments · Fixed by npm/arborist#228
Closed

[BUG] npm install --force fails for peerOptional conflicts #2504

targos opened this issue Jan 18, 2021 · 5 comments · Fixed by npm/arborist#228
Labels
Bug thing that needs fixing platform:windows is Windows-specific Priority 1 high priority issue Release 7.x work is associated with a specific npm 7 release

Comments

@targos
Copy link
Contributor

targos commented Jan 18, 2021

Current Behavior:

Run npm install --force fails instead of ignoring upstream dependency conflict

Expected Behavior:

It should print a warning and continue with the installation.

Steps To Reproduce:

git clone https://github.com/targos/npm-force-peer-dep.git
cd npm-force-peer-dep
npm install --force

Output:

npm WARN using --force Recommended protections disabled.
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! Found: [email protected]
npm ERR! node_modules/typescript
npm ERR!   dev typescript@"^4.1.3" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peerOptional typescript@"^3.2.1" from [email protected]
npm ERR! node_modules/react-scripts
npm ERR!   dev react-scripts@"^4.0.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See C:\Users\Targos\AppData\Local\npm-cache\eresolve-report.txt for a full report.
npm resolution error report
# npm resolution error report

2021-01-18T07:56:28.615Z

Found: [email protected]
node_modules/typescript
  dev typescript@"^4.1.3" from the root project

Could not resolve dependency:
peerOptional typescript@"^3.2.1" from [email protected]
node_modules/react-scripts
  dev react-scripts@"^4.0.1" from the root project

Fix the upstream dependency conflict, or retry
this command with --force, or --legacy-peer-deps
to accept an incorrect (and potentially broken) dependency resolution.

Raw JSON explanation object:

{
  "code": "ERESOLVE",
  "current": {
    "name": "typescript",
    "version": "4.1.3",
    "location": "node_modules/typescript",
    "dependents": [
      {
        "type": "dev",
        "name": "typescript",
        "spec": "^4.1.3",
        "from": {
          "location": "D:\\Git\\targos\\npm-force-peer-dep"
        }
      }
    ]
  },
  "edge": {
    "type": "peerOptional",
    "name": "typescript",
    "spec": "^3.2.1",
    "error": "INVALID",
    "from": {
      "name": "react-scripts",
      "version": "4.0.1",
      "location": "node_modules/react-scripts",
      "dependents": [
        {
          "type": "dev",
          "name": "react-scripts",
          "spec": "^4.0.1",
          "from": {
            "location": "D:\\Git\\targos\\npm-force-peer-dep"
          }
        }
      ]
    }
  },
  "peerConflict": null,
  "strictPeerDeps": false,
  "force": true
}

Environment:

  • OS: Windows 10
  • Node: 15.6.0
  • npm: 7.4.3
@targos targos added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Jan 18, 2021
@targos
Copy link
Contributor Author

targos commented Jan 18, 2021

Another one:

git clone https://github.com/targos/npm-workspace-lock.git
cd npm-workspace-lock
git checkout ce69f722ac89990a05bfd8e2f22e81d7a779384a
npm install --force

@Annemike
Copy link

I have the same problem but on BigSur

@darcyclarke darcyclarke added Priority 1 high priority issue and removed Needs Triage needs review for next steps labels Feb 2, 2021
@darcyclarke darcyclarke added this to the OSS - Sprint 23 milestone Feb 2, 2021
@darcyclarke darcyclarke added the platform:windows is Windows-specific label Feb 2, 2021
@darcyclarke
Copy link
Contributor

darcyclarke commented Feb 9, 2021

@targos just tried with the latest v7 (7.5.3) & this seems to be resolved - can you try updating & let us know if you're still experiencing issues?

@jpike88
Copy link

jpike88 commented Feb 10, 2021

this is still a problem on 7.5.3 for me. switching back to v6

@isaacs
Copy link
Contributor

isaacs commented Feb 11, 2021

This is a legit problem with your dependencies. You can't use [email protected] and [email protected] in the same project, unfortunately, because [email protected] has an optional peer dependency on typescript@^3.2.1. This is corrected in [email protected] (which is why it likely worked when @darcyclarke tried it), so it should work fine now.

Nevertheless, it should be ignoring the conflict if --force is used, so that is a bug.

I'm using this package.json to reproduce (note the pinned dependency on react-scripts 4.0.1):

{
  "devDependencies": {
    "react-scripts": "4.0.1",
    "typescript": "^4.1.3"
  }
}

isaacs added a commit to npm/arborist that referenced this issue Feb 11, 2021
With a dependency graph like this:

```
root -> (a, b@1)
a -> PEEROPTIONAL(b@2)
```

We do not install the peerOptional dependency by default, so even though
`b@2` is included in the peerSet of `a`, it is not added to the tree.

Then, the `b@1` dependency is added to satisfy root's direct dependency
on it, causing the `a -> b@2` edge to become invalid.

We then try to resolve the `a -> b@2` edge, and find that we cannot
place it anywhere, causing an `ERESOLVE` error.

However, because `b@2` is no longer a part of a peerSet sourced on the
`root` node, we miss the chance to detect that it should be overridden,
resulting in an `ERESOLVE` failure even when `--force` is used.

This commit adds the check for `this[_force]` prior to crashing with
ERESOLVE, so that cases that avoid our earlier heuristics still accept
the invalid resolution when `--force` is in effect.

Fix: #226
Fix: npm/cli#2504
isaacs added a commit to npm/arborist that referenced this issue Feb 12, 2021
With a dependency graph like this:

```
root -> (a, b@1)
a -> PEEROPTIONAL(b@2)
```

We do not install the peerOptional dependency by default, so even though
`b@2` is included in the peerSet of `a`, it is not added to the tree.

Then, the `b@1` dependency is added to satisfy root's direct dependency
on it, causing the `a -> b@2` edge to become invalid.

We then try to resolve the `a -> b@2` edge, and find that we cannot
place it anywhere, causing an `ERESOLVE` error.

However, because `b@2` is no longer a part of a peerSet sourced on the
`root` node, we miss the chance to detect that it should be overridden,
resulting in an `ERESOLVE` failure even when `--force` is used.

This commit adds the check for `this[_force]` prior to crashing with
ERESOLVE, so that cases that avoid our earlier heuristics still accept
the invalid resolution when `--force` is in effect.

Fix: #226
Fix: npm/cli#2504
isaacs added a commit to npm/arborist that referenced this issue Feb 12, 2021
With a dependency graph like this:

```
root -> (a, b@1)
a -> PEEROPTIONAL(b@2)
```

We do not install the peerOptional dependency by default, so even though
`b@2` is included in the peerSet of `a`, it is not added to the tree.

Then, the `b@1` dependency is added to satisfy root's direct dependency
on it, causing the `a -> b@2` edge to become invalid.

We then try to resolve the `a -> b@2` edge, and find that we cannot
place it anywhere, causing an `ERESOLVE` error.

However, because `b@2` is no longer a part of a peerSet sourced on the
`root` node, we miss the chance to detect that it should be overridden,
resulting in an `ERESOLVE` failure even when `--force` is used.

This commit adds the check for `this[_force]` prior to crashing with
ERESOLVE, so that cases that avoid our earlier heuristics still accept
the invalid resolution when `--force` is in effect.

Fix: #226
Fix: npm/cli#2504

PR-URL: #228
Credit: @isaacs
Close: #228
Reviewed-by: @ruyadorno
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing platform:windows is Windows-specific Priority 1 high priority issue Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants