fix(deps)!: add missing peerDependencies entries

[boneskull]

BREAKING CHANGE: Adds missing peerDependencies.

This adds peerDependencies entries for @swc/core and esbuild at the same versions specified in devDependencies.

Per the npm documentation, the contents of peerDependenciesMeta will be ignored unless those packages also appear in the peerDependencies field. For a development environment, these two optional packages will be installed anyway due to their appearance in devDependencies.

This PR contains a:

• bugfix
• new feature
• code refactor
• test update
• typo fix
• metadata update

Motivation / Use-Case

I would have expected optional peer dependencies to be installed when I wanted them to be installed

Breaking Changes

This is a breaking change for users of npm prior to v7.0.0. Prior to v7.0.0, peer dependencies are not automatically installed by default and the peerDependenciesMeta field is unrecognized.

Additional Info

Note that:

• Node.js v10.13.0 (the lowest Node.js version supported by this package) thru Node.js v14.x install npm v6.x by default
• npm v7.0.0 was released in 2020

I would suggest adding npm v7.0.0 to engines (or ideally dropping support for Node.js v10.x and 12.x), but it's a breaking change either way.

[alexander-akait]

We already have it -

terser-webpack-plugin/package.json

Line 52 in b67a22d

"peerDependenciesMeta": {

[alexander-akait]

For a development environment, these two optional packages will be installed anyway due to their appearance in devDependencies.

No

[boneskull]

For a development environment, these two optional packages will be installed anyway due to their appearance in devDependencies.

No

...what?

• The packages need to be listed in peerDependencies or they will not be installed automatically by npm@v7+.
• npm@v6 ignores this field entirely; thus peerDependenciesMeta is useless on its own.
• If omitted from peerDependenciesMeta, then the dependencies should be listed in optionalDependencies instead.
• npm install in a fresh working copy of this repo will automatically install @swc/core and esbuild, due to their presence in devDependencies.

[alexander-akait]

Sorry, no, we don't want to install extra dependencies and increase size of a package, also esbuild and @swc/core install binaries for a specific platform which can be a problem at some CI/servers

The packages need to be listed in peerDependencies or they will not be installed automatically by npm@v7+.
If omitted from peerDependenciesMeta, then the dependencies should be listed in optionalDependencies instead.
npm install in a fresh working copy of this repo will automatically install @swc/core and esbuild, due to their presence in devDependencies.

That's why they are listed in peerDependenciesMeta

npm@v6 ignores this field entirely; thus peerDependenciesMeta is useless on its own.

Don't use outdated npm

[boneskull]

@alexander-akait I mentioned npm v6 because this package purports to support Node.js v10.13.0 or newer. Node.js v10.x, v12.x, and v14.x all ship with [email protected]. If npm v6 isn't supported, it should probably be mentioned in the engines field.

But the above is moot because peerDependenciesMeta w/o corresponding entries in peerDependencies is useless on any version of npm.

I tested my change with npm v10.9.2 and npm v6.14.16; packages listed in peerDependenciesMeta with optional: true and corresponding entries in peerDependencies do not cause npm to automatically install the dependencies upon npm install—meaning that it would not impact consumers' CI nor the "weight" of this package.

Before dismissing this change, I encourage you to pull this PR and test it like so:

# this will give you a tarball as would be installed from the registry and ensures
# behavior isn't influenced by dev dependencies
npm pack # (note the path to the tarball)
mkdir -p /tmp/pr630
cd /tmp/pr630
npm install /path/to/terser-webpack-plugin-5.3.14.tgz
npm ls esbuild
npm ls @swc/core
npm ls uglify-js

You should see they are not installed. But terser-webpack-plugin's package.json is now valid. 😄

Note that webpack will be installed automatically in the newer npm, but npm v6 will print a warning.

[alexander-akait]

@alexander-akait I mentioned npm v6 because this package purports to support Node.js v10.13.0 or newer. Node.js v10.x, v12.x, and v14.x all ship with [email protected]. If npm v6 isn't supported, it should probably be mentioned in the engines field.

We have it only for compatibility with old version, not more, we don't want to make something more than just have it for CI purposes

I tested my change with npm v10.9.2 and npm v6.14.16; packages listed in peerDependenciesMeta with optional: true and corresponding entries in peerDependencies do not cause npm to automatically install the dependencies upon npm install—meaning that it would not impact consumers' CI nor the "weight" of this package.

This is because you test it using v10 there a lot of bugs with peer dependencies were fixed, there are other package managers and old versions of npm/yarn/pnpm where it doesn't work as you describe, your change is a breaking change and we don't want to change it