Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

html-webpack-plugin should be a peer dependency, or not directly require()'d

See original GitHub issue

As it happens; webpack-subresource-integrity makes a require('html-webpack-plugin') call, but doesn’t list it anywhere in its dependencies (not even as a peer dependency).

While it works on most installs at the moment, it’s only by accident, and package managers offer no guarantee that this will hold true much longer; in fact, it breaks now with Plug’n’Play and likely with pnpm as well.

Adding webpack-subresource-integrity as a peer dependency would have the unfortunate side effect that users would get a warning, but that’s a separate (non-blocking, I hope, since it’s purely visual) problem that should be solved on the package managers side 🙂

Issue Analytics

State:
Created 5 years ago
Comments:12

Top GitHub Comments

1reaction

arcaniscommented, Oct 3, 2018

No, PnP doesn’t make static analysis on the code itself, only on the dependencies reported in the package.json files. Our goal isn’t to automatically install things you require, but rather to leverage the Yarn cache to fulfill all projects on the machine at once (instead of copying them around).

So the error thrown is at runtime - we inject a hook in the environment that replaces part of the Node resolution (the one that locates the “right” node_modules directory) by a resolution based on static resolution tables generated by yarn install. When this resolver sees a require that’s not part of the tables (because Yarn wasn’t aware of the connection), it throws. This ensures that packages can only access their direct dependencies rather than relying on the hoisting (hence solving cases of “works on my computer”).

0reactions

edmorleycommented, Oct 4, 2018

I’ll think more about it, but the main issue is to find an API that would work regardless of the package manager

I’ve filed yarnpkg/yarn#6487 to continue exploring this, since I can think of several projects where the same issue will come up.

Top Results From Across the Web

How can someone deal with webpack versions issues

npm WARN webpack-manifest-plugin@2.2.0 requires a peer of webpack@2 || 3 || 4 but none is installed. You must install peer dependencies yourself ...

html-webpack-plugin - npm

Simplifies creation of HTML files to serve your webpack bundles. Latest version: 5.5.0, last published: a year ago.

html-webpack-plugin | Yarn - Package Manager

Fast, reliable, and secure dependency management.

A Beginner's Guide to Webpack - SitePoint

Learn the core concepts to help you get started with webpack, the popular static module bundler. We'll help you understand how webpack works ......

node_modules/html-webpack-plugin/CHANGELOG.md · master

The summary can be found in the release blog post. Bug Fixes. Add dependencies from the child compilation to the main compilation (27c3e72);...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

html-webpack-plugin should be a peer dependency, or not directly require()'d

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

webpack-subresource-integrity overwrites integrity values on explicitly set externals

Question: How to integrate it in webpack.config.js file?