Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Publishing order should take peerDependencies into account

See original GitHub issue

Currently the package graph ordering is defined in https://github.com/lerna/lerna/blob/bd799499c843c7b3c3e61386fa32ddc6e89bebc9/core/package-graph/index.js#L68 and only takes dependencies into account, and not peerDependencies. This means it is possible to publish a module with a peerDependency on a specific version that you are publishing at the same time, and the version with the peerDependency may be published before the version that it depends on.

Expected Behavior

Ideally the version ranges in the peerDependencies should be validated, and if the range is only satisfied by the version you are just about to publish, it should publish it later, after the dependency is publishes.

Context

Just noticed on Babel that @babel/cli was being published before @babel/core which means there is a period (which on this publish was about 4.5 minutes, since we publish a LOT of packages), where the CLI depends on a non-existent version of @babel/core because during our beta phase we’re using specific non-range peerDependencies. That gets extra dangerous once you take caching registry mirrors into account.

Your Environment

Executable Version
lerna --version 2.0.0
npm --version VERSION
yarn --version 1.6
node --version 6.12.3

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:9
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
padraig-meaneycommented, Jun 16, 2019

@evocateur that sounds great to me. I may have some free bandwidth in the next 2 weeks to put together a PR for this.

1reaction
evocateurcommented, Jun 15, 2019

@sparebytes Yes, it is a best practice with npm packages (regardless of monorepo or not) to specify devDependencies for every member of peerDependencies.

@padraig-meaney I agree it’s unfortunate that proper peer+dev deps aren’t taken into account in lerna publish order. I would be open to a --graph-type flag whose value defaults to the current argument ("dependencies"), but with an optional "all" value that achieves what you’re looking for.

(as much as it’s tempting to automatically include devDependencies in the topological order if local peer + dev deps are detected, I feel that’s a bit too magical at this point)

# equivalent to current behavior
npx lerna publish --graph-type dependencies

# adds devDependencies to the package graph, thus influencing the topological sort
npx lerna publish --graph-type all

Configured in lerna.json:

{
  "command": {
    "publish": {
      "graphType": "all"
    }
  },
  "packages": [
    "packages/*"
  ],
  "version": "independent"
}

I’d be very interested in flipping the default in the next major, always adding devDependencies to the package graph for lerna publish (which is the default for literally every other command that topologically sorts the package graph, such as lerna exec and lerna run). There’s enough logging when circularity is encountered, and we could suggest --graph-type=dependencies as a (possible) fix for it.

Reopening to track the work.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Understanding Peer Dependencies in JavaScript
When to use peerDependencies? ... Peer dependencies really come into play when you're developing code that will be used by others, such as...
Read more >
Understanding Dev, Peer, and Regular Dependencies
peerDependencies are dependencies that your app relies on but expects another package to provide. peerDependencies are a crucial tool in ...
Read more >
Understanding and organizing dependencies in node packages
When adding packages to your project, there are three main routes to take: dependencies , devDependencies , and peerDependencies . Here's how I ......
Read more >
Difference between dependencies, devDependencies and ...
peerDependencies are not automatically installed. You need to manually modify your package.json file in order to add a Peer Dependency.
Read more >
An In-Depth Explanation of package.json's Dependencies
For peer dependencies, npm install will throw an error if they do not exist in the final product. However, for external dependencies, the...
Read more >

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Ability to opt of of using `npm ci`

Next page

lerna publish --independent triggering publish also for packages that haven't changed