unmet peerDependency (but it's listed as a dependency)

i ran into this issue trying to convert a project from yarn to npm, but i’ve also seen it when starting an entirely new project from scratch. i’m running node 10.15.1 and npm 6.7.0 and when i go to install @storybook/react@^4.1.11 i’m getting an unmet peerDependency warning:

npm WARN acorn-dynamic-import@4.0.0 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

i didn’t install acorn-dynamic-import into my project, so i figured this is a transient dependency issue deeper in the tree. i looked into it and it’s webpack@4.29.3 requiring acorn-dynamic-import@^4.0.0 as a dependency, but it’s also requiring acorn@^6.0.5, so the peer dependency should be met.

but, npm never installs acorn. so…? what next?

my only other thought is that webpack is using yarn and yarn.lock, not npm.

Are there any other dependencies in those new-from-scratch projects? Also, please follow the bug template.

when i say “from-scratch,” i really do actually mean from scratch. the package.json has only one dependency listed, @storybook/react: ^4.1.11

npm --versions:

{ 'scratch-project': '0.0.0',
  npm: '6.7.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.1',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.12',
  zlib: '1.2.11' }

node -p process.platform

darwin

it seems this may be a known bug around dependency hoisting?

Thank you. I asked if it had other dependencies because 1) the report you linked got a PR that supposedly fixed the issues, and 2) I couldn’t reproduce it from scratch myself (Linux, npm 6.7.0, node 10.15.1). However, I see the PR isn’t in a full release yet, only in v6.8.0-next.0, can you try installing with npx npm@next install?

i tried npm@6.8.0-next.2, which came down with a npm install -g npm@next command, it works, if you delete node_modules and package-lock.json.

i also tried npm@6.8.0-next.0 just to be completely sure and it also works if you delete node_modules and package-lock.json

1 Like

Okay, good!

Yeah those tend to preserve hoisting structures if they’re “valid”, but I guess it doesn’t check for peerdeps in that case or something. I’d have to check, but I couldn’t even reproduce the original problem for some reason.

the fix was reverted and we’re back to square one. is there any timeline on finally resolving a bug from “shortly before npm@3”?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.