I pretty much always end up adding my NPM modules peer dependencies to dev dependencies as well because I need the peer dependencies installed so I can run automated tests before building the package. This creates the problem that I might accidentally use different version number for peer and dev. I find it odd that npm and yarn do not install the peer dependencies automatically when I run npm install or the yarn command. In some cases I have found that yarn even tries to prevent me from adding the same dependency as both peer and dev dependency. I think I'm doing something wrong but I haven't been able to figure out the intended workflow. Can someone explain to me how this is supposed to work?
Related
I have a library that uses npm packages that I want as peer dependencies where the app would have to install them (eg. axios, react, react-dom). The goal is to avoid having libraries add to overall bundle size of the app.
Should I add these only under "peerDependencies" or is it okay to add it to "dependencies" as well? I thought it would be good to remove them from "dependencies" just to be sure that they don't get installed on top of what the app already has. However, if I exclude them from "dependencies" then my library tests start to fail because they are only peer dependencies and npm didn't install them.
I thought of installing them manually or adding them as devDependencies just for the purpose of running tests, but I think there has to be a better way. If I add both "dependencies" and "peerDependencies" does npm actually ignore the same dependencies in peerDepenedencies?
I have vuex#4.0.2 installed. I want to install vuex-module-decorators#latest, which has a peerDependency of vuex 3 (not >=3). I have a feeling this will work fine with vuex 4. Is there a way for me to tell npm to install this new package, without crashing due to not being able to resolve the peer dependency (since 4 != 3)? Or do I need to just create my own fork of vuex-module-decorators with an updated package.json that allows vuex >=3?
Using --legacy-peer-deps will usually allow you to install the package without meeting the peer dependency requirements. (This was the default using npm#6 so I assume you are using npm#7 if you are seeing a problem.) If that doesn't work, --force will install without regard to peer dependencies.
simply try this command
npm install --legacy-peer-deps
If you want peer dependencies to be automatically installed, add "auto-install-peers=true" to an .npmrc file at the root of your project
I have a monorepo project and I'm migrating to npm#7. Before npm workspaces, I had to publish packages to a private feed and then consume them in my app (I didn't bother with npm link shenanigans). Not ideal, but I made do.
Then npm introduced workspaces, and now I'm trying to migrate. While resolving peer dependency conflicts, I noticed that when I made changes to any package.json files, npm install would return the same errors unless I updated package versions to something that hadn't been published yet. I wasn't expecting this kind of behavior.
So how does npm determine where to search for a package first? Does npm install download packages from the registry before looking at workspaces? Is this intentional, and if so, why?
Is there a way to achieve that using npm ? Currently I do this manually, would be nice to use similar approach as with npm install --save
I found some old discussion and commits but it seems it didn't make it:
https://github.com/npm/npm/pull/3994
As far as I can tell, you can't. Just install it as a regular dependency (production or otherwise, just like the package requiring the peer dependency is installed as).
Even if you manually add the entry to peerDependencies an npm audit is going to fail to recognize the package and tell you to install it.
This kind of stinks, I'm a big fan of the separation of concerns, and keeping a list of modules that only exist so they can be absorbed by other modules is crummy.
But, it is what it is and so long as you leverage the npm commands afforded to you, I guess it's manageable.
Since 'I don't know what npm version' you can use npm i --save-peer package_name command. Works on npm 8.1.0
Can someone explain to me what it means to --save-dev and how this impacts distribution and how NPM is aware of what you're trying to do?
First, see the answer to this question, What's the difference between dependencies, devDependencies and peerDependencies.
That will explain a TON.
Second, npm will install devDependencies by default unless one of two things is true, in which case devDependencies will be skipped. These things are:
You explicitly tell npm it's production with npm install --production
You set an environment variable that npm checks, NODE_ENVIRONMENT=production
In general, if you are distributing to something like Heroku, they will have the production flag set and your devDependencies will not be installed. So only install things with the --save-dev or -D flag (both do the same thing) if it is a module used for development, such as tests/mocks/scaffolding/etc.
--save-dev is useful for dependencies such as unit testing libraries. These dependencies are not required by the application to run in production; therefore if you published your package, consumers of your package would not get these dev dependencies in their node_modules folder.
NPM doesn't necessarily know that your in dev mode, it's just a package manager that allows you to install packages into your working directory and publish your own package from said directory.