question-mark

Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

swagger-parser 10.1.0 is broken when used with npm < 7 or using --legacy-peer-deps

See original GitHub issue

Issue Description

One of the changes in last Friday’s release broke our CI. looking into it further it’s related to how the dependency on AJV@8 gets resolved.

The following error gets thrown when swagger-parser gets required:

Error: Cannot find module 'ajv/dist/core

This is because the dependency resolutions are totally screwed up:

image

In my case, ajv@6 is a transitive dependency in a few other places in my node_modules tree, and npm thought it was a good idea to dedupe ajv@6 where ajv@8 was an (optional) peer dependency in ajv-draft-4. When this gets required by swagger-parser, it then tries to require ajv and fails, even though it’s immediate parent swagger-parser has a different (explicit) ajv version…

To be honest, I took a look, and don’t see any real issue with the way you’ve configured your dependencies. This seems like entirely an annoyance with how NPM resolves things, but i’m tracking it here because it was working before the 10.1.0 release came out and added ajv@8 to the mix.

In the meantime i’l pin the version of swagger-parser to prevent users of my library from hitting the issue since i can’t force them to use newer versions of npm without a breaking change.

Issue Analytics

  • State:closed
  • Created 8 months ago
  • Comments:7

github_iconTop GitHub Comments

2reactions
alasdairhurstcommented, May 16, 2022

While it’s 100% an NPM resolution issue, It’s probably entirely “My problem” due to it being related to my project’s specific dependency graph. Looks like you didn’t even update ajv, just added it as a dependency and it ended up changing the dependency graph in a way that caused the problem. Huge PITA.

The options are essentially updating all dependencies to use ajv 8 so that it gets deduped instead of @6, or pinning swagger-parser which isn’t good.

I wonder if ajv-draft-4 marking the ajv peer dependency as optional is causing npm to behave in this way.

Will close, but hopefully this issue being around/searchable is enough to point someone in the right direction somewhere.

1reaction
alasdairhurstcommented, May 16, 2022

@julianlam Sorry, by “my problem” I mean “not necesarrily swagger-parser’s problem”.

From my limited research, it’s related to the npm version. Node 14 doesn’t come with npm 7/8 by default and these versions have the change to peer dependencies being installed by default (and some other resolution changes).

If your project is a site that you have full control over then it’s possibly simpler to update NPM. Otherwise, if you have something like a library, then it’s a lot harder to solve aside from pinning swagger-parser. Espeially if you can’t rely on a package-lock or shrinkwrap.

Read more comments on GitHub >

github_iconTop Results From Across the Web

npm warning: requires a peer of openapi-types@>=7 but none ...
How do I fix this warning? Why is openapi-types not installed automatically with the correct version? npm WARN @apidevtools/swagger-parser@10.0.
Read more >
npm: When to use `--force` and `--legacy-peer-deps`
Fix the upstream dependency conflict, or retry this command with --force, or --legacy-peer-deps to accept an incorrect (and potentially broken) ...
Read more >
@apidevtools/swagger-parser - npm
Swagger 2.0 and OpenAPI 3.0 parser and validator for Node and browsers. Latest version: 10.1.0, last published: 7 months ago. Start using ......
Read more >
npm 7 is now generally available! - The GitHub Blog
After much anticipation, the npm CLI version 7 is now generally available! In addition to new features and some breaking changes, ...
Read more >
npm err! code eresolve npm err! eresolve could not resolve ...
this command with --force or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! Open side panel.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found