Skip to content

[BUG] Install issues for package both in devDependencies and peerDependencies #3240

New issue
New issue
Open
Open
[BUG] Install issues for package both in devDependencies and peerDependencies#3240
Labels
Bugthing that needs fixingPriority 2secondary priority issueRelease 7.xwork is associated with a specific npm 7 releasews:arboristRelated to the arborist workspace
@rau8344

Description

@rau8344
rau8344
opened on May 13, 2021

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When both devDependencies and peerDependencies are specified for a package:

  1. Installing a local .tgz fails with "Invalid comparator" error.
  2. Installing a version that mismatches with peerDependencies version fails to either warn about a mismatch OR update the peerDependencies version

With just peerDependencies specified, both of the above completely replace the peerDependencies version

Scenario: Developers of a particular repository are using npm@7 (with package-lock.json committed), but CI builds (on server supporting multiple repositories) are using npm@6 with npm ci. With npm@7, peerDependencies is enough to install the package in CI environment, but with npm@6, we need devDependencies to install on CI environment.

    "devDependencies": {
        "some-package": "^1.1.0"
    },
    "peerDependencies": {
        "some-package": ">= 1.1.0"
    },

Expected Behavior

With

    "devDependencies": {
        "some-package": "^1.1.0"
    },
    "peerDependencies": {
        "some-package": ">= 1.1.0"
    },
  1. `npm install some-package-1.2.0.tgz" succeeds and updates only devDependencies version OR succeeds and updates both devDependencies and peerDependencies versions
  2. `npm install [email protected]" either fails due to peerDependencies mismatch OR succeeds and updates both devDependencies and peerDependencies versions
  3. `npm install some-package-1.0.0.tgz" either fails due to peerDependencies mismatch OR succeeds and updates both devDependencies and peerDependencies versions

Steps To Reproduce

  1. Use create-react-app to create "some-package".
  2. Set version to 1.1.0
  3. npm pack to create some-package-1.1.0.tgz
  4. Use create-react-app to create a "downstream" package.
  5. Set devDependencies and peerDependencies as shown in current behavior.
  6. npm install some-package-1.1.0.tgz. "Invalid comparator" error seen
  7. Pick some published npm package with multiple versions.
  8. Set devDependencies and peerDependencies with conflicting versions for that package.
  9. npm install No warning seen.

Environment

  • OS: Windows 10
  • Node: 16
  • npm: 7.12.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingPriority 2secondary priority issueRelease 7.xwork is associated with a specific npm 7 releasews:arboristRelated to the arborist workspace

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions