verifyPackageTree() errors when wrong version dependency is installed in any parent directory
See original GitHub issueIs this a bug report?
Yes
Did you try recovering your dependencies?
No. This issue presents an argument that there may be a bug in the verifyPackageTree.js logic added in the next
branch.
Which terms did you search for in User Guide?
version
, dependenc
. This does not appear to be documented (and since it is internal, maybe it shouldn’t be). There is discussion regarding documenting some of the packages related to this in issue in issue #4137 (suggested by @Timer here).
Environment
$ node -v
v8.9.4
$ npm -v
5.7.1
$ yarn --version
1.5.1
Running on macOS 10.13.2
.
Steps to Reproduce
I created a reproduction project here: https://github.com/newoga/create-react-app-issue-4167
The project is a simple node package that depends on a version of jest
that is incompatible with create-react-app@2.0.0-next.47d2d941
. The project also contains a directory (cra-app
) that was generated by create-react-app
. The react-scripts
dependency in that sub-project has been updated to 2.0.0-next.47d2d941
.
git clone https://github.com/newoga/create-react-app-issue-4167
cd create-react-app-issue-4167
yarn
yarn run
Expected Behavior
From a user perspective, the yarn run
command should not error and the application should start. The user did not manually install an incompatible version of jest
in the create-react-app
generated project. The version of jest
in the generated project’s node_modules
is the correct version and parent directories should not have an impact.
From a technical perspective, the verifyPackageTree.js
logic should see that the cra-app
project contains the correctly installed version of jest
and stop checking parent directories. Parent directories should only be traversed if jest
is not installed.
Actual Behavior
An error occurs because parent directory depends on a version of jest
that is incompatible with the version of jest
that create-react-app
generated project depends on.
Reproducible Demo
https://github.com/newoga/create-react-app-issue-4167
Edit: Updated the issue number on the links.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:23
- Comments:27 (7 by maintainers)
Top GitHub Comments
@Timer I don’t fully understand the concern with hoisting based on your example here, assuming I am not misunderstanding how yarn’s hoisting works.
I recreated the example in a new branch. You were right that since
webpack@3
is required more thanwebpack@4
,webpack@3
is hoisted to the root directory. However,webpack@4
is still installed “locally” in thenode_modules
directory for the one package/workspace that depends on it.Based on this hoisting behavior,
create-react-app
should not need to traverse and validate versions of the dependencies in all parent directories. It should only need to validate versions for the first occurrence of each dependency when traversing up the directory hierarchy (in order to mimic node’s package resolution behavior).Let me know if I’m misunderstanding the problem we are trying to avoid/protect end users from.
Edit: tl;dr; Are we sure we cannot (1) Trust
yarn
to hoist dependencies properly in a way that does not impactcreate-react-app
, and (2) ChangeverifyPackageTree()
validation logic to only validate the dependencies that would actually be resolved by node’s package resolution logic?I agree we can make this smarter – maybe we can try to detect when in a workspace/monorepo and bail out once we hit the root of the workspace.