html-webpack-plugin should be a peer dependency, or not directly require()'d
See original GitHub issueAs it happens; webpack-subresource-integrity
makes a require('html-webpack-plugin')
call, but doesn’t list it anywhere in its dependencies (not even as a peer dependency).
While it works on most installs at the moment, it’s only by accident, and package managers offer no guarantee that this will hold true much longer; in fact, it breaks now with Plug’n’Play and likely with pnpm as well.
Adding webpack-subresource-integrity
as a peer dependency would have the unfortunate side effect that users would get a warning, but that’s a separate (non-blocking, I hope, since it’s purely visual) problem that should be solved on the package managers side 🙂
Issue Analytics
- State:
- Created 5 years ago
- Comments:12
Top Results From Across the Web
How can someone deal with webpack versions issues
npm WARN webpack-manifest-plugin@2.2.0 requires a peer of webpack@2 || 3 || 4 but none is installed. You must install peer dependencies yourself ...
Read more >html-webpack-plugin - npm
Simplifies creation of HTML files to serve your webpack bundles. Latest version: 5.5.0, last published: a year ago.
Read more >html-webpack-plugin | Yarn - Package Manager
Fast, reliable, and secure dependency management.
Read more >A Beginner's Guide to Webpack - SitePoint
Learn the core concepts to help you get started with webpack, the popular static module bundler. We'll help you understand how webpack works ......
Read more >node_modules/html-webpack-plugin/CHANGELOG.md · master
The summary can be found in the release blog post. Bug Fixes. Add dependencies from the child compilation to the main compilation (27c3e72);...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
No, PnP doesn’t make static analysis on the code itself, only on the dependencies reported in the
package.json
files. Our goal isn’t to automatically install things you require, but rather to leverage the Yarn cache to fulfill all projects on the machine at once (instead of copying them around).So the error thrown is at runtime - we inject a hook in the environment that replaces part of the Node resolution (the one that locates the “right” node_modules directory) by a resolution based on static resolution tables generated by
yarn install
. When this resolver sees a require that’s not part of the tables (because Yarn wasn’t aware of the connection), it throws. This ensures that packages can only access their direct dependencies rather than relying on the hoisting (hence solving cases of “works on my computer”).I’ve filed yarnpkg/yarn#6487 to continue exploring this, since I can think of several projects where the same issue will come up.