Problem with Peer Dependencies and linked dependencies


(Cat Ears) #1

What I Wanted to Do

Install a local β€œfile:…” dependency with a peerDependency and run the application.

What Happened Instead

The application crashed because it could not find the peerDependency

Reproduction Steps

I created a minimal reproduction of the problem at https://github.com/CatEars/npm-peer-dependency-bug

Everything explained here already exists in the github repo

The following file structure

.
β”œβ”€β”€ A
β”‚   β”œβ”€β”€ index.js
β”‚   β”œβ”€β”€ other -> ../B
β”‚   β”œβ”€β”€ package.json
β”‚   └── PoC.sh
β”œβ”€β”€ B
β”‚   β”œβ”€β”€ index.js
β”‚   └── package.json
└── README.md

A/index.js requires B and B requires lodash. Inside B/package.json we have a peer dependency for lodash and inside A/package.json we have two dependencies, one on B, written as file:other and another on lodash (same version as in B).

$ cat PoC.sh
cd other && npm i && cd -
npm i
echo "Should not be able to run, because of lodash missing"
NODE_DEBUG=module node index.js

Running PoC.sh will result in an error where lodash does not exist. This is because the node executable will start in B and work it’s way upwards and look for node_modules without β€œbacking out of symlinks”.

Details

There was a similar issue: file:../ dependencies does not work with peerDependencies

We also ran into this problem and I created a minimal reproduction for it, for now we will try and solve it without peerDependencies.

Platform Info

$ npm --versions
{ A: '1.0.0',
  npm: '6.4.1',
  ares: '1.10.1-DEV',
  cldr: '31.0.1',
  http_parser: '2.7.0',
  icu: '59.1',
  modules: '57',
  nghttp2: '1.25.0',
  node: '8.9.4',
  openssl: '1.0.2n',
  tz: '2017b',
  unicode: '9.0',
  uv: '1.15.0',
  v8: '6.1.534.50',
  zlib: '1.2.11' }
$ node -p process.platform
linux