npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm ls and install does not seem to respect minor and patch version range in the peer dependencies

What I Wanted to Do

I have dependencies that have peer dependencies whose semantic version range matches what I already have at the root level packages. For instance,

When running npm ls, at the very bottom of the output, I am seeing the following errors, which are by the way appear as warnings when using npm install:

Let’s take the @angular/animations@^7.2.14 as an example here from the screenshot above. I am now looking at my own package.json file and I am seeing the following package with the versions:

"dependencies": {
    "@angular-devkit/build-angular": "^0.13.8",
    "@angular/animations": "^7.2.4",
    "@angular/cdk": "^7.3.1",
    "@angular/common": "^7.2.4",
    "@angular/compiler": "^7.2.4",
    "@angular/core": "^7.2.4",
    "@angular/forms": "^7.2.4",
    "@angular/material": "^7.3.1",
    "@angular/platform-browser": "^7.2.4",
    "@angular/platform-browser-dynamic": "^7.2.4",
    "@angular/router": "^7.2.4",

As you would say @angular/animations@^7.2.4 is compatible with @angular/animations@^7.2.14 by the semantic version spec due to the leading ^ minor/patch version match.

I was not expecting these errors. Not sure if this choice is intentional, but ideally this should not be throwing any errors or warnings. Otherwise, how would the semantic versions be useful in the peerDependencies of package.json?

What Happened Instead

I am getting warnings during npm install and errors during npm ls.

Platform Info

Happens both on Windows 10 and MacOS High Mojave.

$ npm --versions

{ 'operations-dashboard': '0.1.0',
  npm: '6.12.0',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '35.1',
  http_parser: '2.8.0',
  icu: '64.2',
  modules: '64',
  napi: '4',
  nghttp2: '1.34.0',
  node: '10.16.0',
  openssl: '1.1.1b',
  tz: '2019a',
  unicode: '12.1',
  uv: '1.28.0',
  v8: '',
  zlib: '1.2.11' }

$ node -p process.platform

Perhaps your direct dependency is still installing an old incompatible version because you have not updated your dependencies and package-lock.json lists an older version.

What does this show?

npm ls '@angular/animations'

While @angular/animations@^7.2.4 is compatible with any version installed by @angular/animations@^7.2.14, the converse is not true. @angular/animations@^7.2.10 satisfies the older semver but not the newer one.

You are right. How did I miss it? As you said, the peer dependency requires a higher version than the direct dependency we have. Thanks for your time to answer!

Oh, I know what confused me. I treated the version numbers like we treat floating point numbers such $14.4 being more than $14.14…