Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

EHOIST_ROOT_VERSION warning hoisting question

See original GitHub issue

A general question about the warning EHOIST_ROOT_VERSION. Given the log information below, does this mean foo would be duplicated in the leaf package or is lerna smart enough to know it satisfies semver and is ok to be hoisted?

04:23:43 lerna WARN EHOIST_ROOT_VERSION The repository root depends on foo@~0.0.10, which differs from the more common foo@0.0.x.

I ask because later on in my logs I see the following message as well:

04:23:43 lerna WARN EHOIST_PKG_VERSION "bar" package depends on foo@0.0.x, which differs from the hoisted foo@~0.0.10.

According to semver both 0.0.x and ~0.0.10 should resolve to the same version and hoisted appropriately. Is my assumption incorrect?

lerna.json

{
  "lerna": "2.0.0-rc.4",
  "version": "independent"
}

Context

Your Environment

Executable	Version
`lerna --version`	2.0.0-rc.5
`npm --version`	5.0.0
`node --version`	v8.0.0

OS	Version
NAME	VERSION
macOS Sierra	10.12.5

Issue Analytics

State:
Created 6 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

evocateurcommented, Aug 31, 2017

I get annoyed by those messages too, but I agree with @ricky that it’s better to be explicit. Especially when hoisting from a root node_modules that is governed by a lockfile (yarn.lock, package-lock.json, or npm-shrinkwrap.json), you really need to be explicit.

I have been noodling about adding a lerna hoist subcommand that would streamline some of these operations, similar to how yarn workspaces goes about things (but always from the root, not the package directory directly).

1reaction

rickycommented, Jun 9, 2017

While bootstrap uses semvar.satisfies when looking up local packages for the internal dependency graph, it otherwise just uses the version string to group like dependencies.

So, hoisting common versions turns out to be a straight string comparison on the values in package.json files. Whether this is a feature or a bug is question for the original authors. My guess is that someone felt that semvar matching under-the-hood was a more complex solution than simply putting the onus on the end users to manually synchronize their package dependencies.

Is the recommended approach to avoid the duplication by being as generic as possible when declaring dependencies? For example, “react”: “15” instead of “react”: “^15.0.0”.

IMO, what’s necessary is to be as consistent as possible, rather than as generic as possible. For example, if you have two packages that truly depend on “react”: “^15.0.0”, then make sure they’re declared w/ the same string (always “react”: “^15.0.0”, and not “react”: “15.x.x” or “react”: “^15.1.0” in some packages). This may require a little manual intervention when using npm install --save and how much of a PITA that is obviously scales linearly with the number of packages in your project…