swagger-parser 10.1.0 is broken when used with npm < 7 or using --legacy-peer-depsSee original GitHub issue
One of the changes in last Friday’s release broke our CI. looking into it further it’s related to how the dependency on AJV@8 gets resolved.
The following error gets thrown when swagger-parser gets required:
Error: Cannot find module 'ajv/dist/core
This is because the dependency resolutions are totally screwed up:
In my case, ajv@6 is a transitive dependency in a few other places in my node_modules tree, and npm thought it was a good idea to dedupe ajv@6 where ajv@8 was an (optional) peer dependency in
ajv-draft-4. When this gets required by swagger-parser, it then tries to require ajv and fails, even though it’s immediate parent
swagger-parser has a different (explicit) ajv version…
To be honest, I took a look, and don’t see any real issue with the way you’ve configured your dependencies. This seems like entirely an annoyance with how NPM resolves things, but i’m tracking it here because it was working before the 10.1.0 release came out and added ajv@8 to the mix.
In the meantime i’l pin the version of swagger-parser to prevent users of my library from hitting the issue since i can’t force them to use newer versions of npm without a breaking change.
- Created 8 months ago
Top GitHub Comments
While it’s 100% an NPM resolution issue, It’s probably entirely “My problem” due to it being related to my project’s specific dependency graph. Looks like you didn’t even update ajv, just added it as a dependency and it ended up changing the dependency graph in a way that caused the problem. Huge PITA.
The options are essentially updating all dependencies to use ajv 8 so that it gets deduped instead of @6, or pinning swagger-parser which isn’t good.
I wonder if ajv-draft-4 marking the ajv peer dependency as optional is causing npm to behave in this way.
Will close, but hopefully this issue being around/searchable is enough to point someone in the right direction somewhere.
@julianlam Sorry, by “my problem” I mean “not necesarrily swagger-parser’s problem”.
From my limited research, it’s related to the npm version. Node 14 doesn’t come with npm 7/8 by default and these versions have the change to peer dependencies being installed by default (and some other resolution changes).
If your project is a site that you have full control over then it’s possibly simpler to update NPM. Otherwise, if you have something like a library, then it’s a lot harder to solve aside from pinning swagger-parser. Espeially if you can’t rely on a package-lock or shrinkwrap.