We Keep Coding

How to check pnpm strict-peer-dependencies (ERR_PNPM_PEER_DEP_ISSUES) when "Lockfile is up to date"?

When I add dependency without it's peerDependency in empty project by editing package.json like:
{
"name": "pnpmtest",
"devDependencies": {
"eslint-plugin-jsx-a11y": "^6.6.0"
}
}
and then run
pnpm install
Command will output error ERR_PNPM_PEER_DEP_ISSUES
devDependencies:
+ eslint-plugin-jsx-a11y 6.6.1
 ERR_PNPM_PEER_DEP_ISSUES  Unmet peer dependencies
.
└─┬ eslint-plugin-jsx-a11y 6.6.1
└── ✕ missing peer eslint#"^3 || ^4 || ^5 || ^6 || ^7 || ^8"
Peer dependencies that should be installed:
eslint#"^3 || ^4 || ^5 || ^6 || ^7 || ^8"
Above command output 1 exit code.
echo $?
1
This error is perfectly fine since my project is missing eslint. This is desired output.
My problem starts in CI environment where I would also like to see this error after pnpm install and break CI pipeline. Currently when I remove node_modules and run above install once again (this is simulation what is happening in CI) I do not see error and command output code 0.
→ rm -rf node_modules
→ pnpm install
Lockfile is up to date, resolution step is skipped
Packages: +56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Packages are hard linked from the content-addressable store to the virtual store.
Content-addressable store is at: /Users/mjanaszek/Library/pnpm/store/v3
Virtual store is at: node_modules/.pnpm
Progress: resolved 56, reused 56, downloaded 0, added 56, done
devDependencies:
+ eslint-plugin-jsx-a11y 6.6.1
→ echo $?
0
How to check in CI environment (when "Lockfile is up to date") if my dependencies contains some ERR_PNPM_PEER_DEP_ISSUES?

You can check the status of the packages by running pnpm ls --json.
If you don't want pnpm to fail on peer dependency issues, set the "strict-peer-dependencies" setting to "false".
pnpm up --config.strict-peer-dependencies=false
I hope it would be helpful.

kotlin/js cant run develpment run

i can't run a freshly created kotlin react project when i try to i get see below error en cant use it
> Task :kotlinNpmInstall
warning workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > untitled1 > webpack-dev-server > sockjs > uuid#3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
warning workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > untitled1 > webpack-dev-server > url > querystring#0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-react-router-dom-js-ir > react-router-dom#5.3.0" has unmet peer dependency "react#>=15".
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-styled-js-ir > styled-components#5.3.3" has unmet peer dependency "react#>= 16.8.0".
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-styled-js-ir > styled-components#5.3.3" has unmet peer dependency "react-dom#>= 16.8.0".
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-styled-js-ir > styled-components#5.3.3" has unmet peer dependency "react-is#>= 16.8.0".
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-react-redux-js-ir > react-redux#7.2.6" has unmet peer dependency "react#^16.8.3 || ^17".
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-react-dom-js-ir > react-dom#17.0.2" has unmet peer dependency "react#17.0.2".
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-react-router-dom-js-ir > react-router-dom > react-router#5.2.1" has unmet peer dependency "react#>=15".
warning "workspace-aggregator-c22f0aa7-62f6-4cd1-b73e-254168ec2f14 > kotlin-wrappers-kotlin-react-router-dom-js-ir > react-router-dom > react-router > mini-create-react-context#0.4.1" has unmet peer dependency "react#^0.14.0 || ^15.0.0 || ^16.0.0 || ^17.0.0".
error An unexpected error occurred: "EISDIR: illegal operation on a directory, symlink 'D:\\projects\\kotlin\\untitled1\\build\\js\\packages_imported\\kotlin-test-js-runner\\1.5.31' -> 'D:\\projects\\kotlin\\untitled1\\build\\js\\node_modules\\kotlin-test-js-runner'".
FAILURE: Build failed with an exception.

yarn install warning "xxx > xxx > xxx" has incorrect peer dependency "xxx"

When I run yarn install, the command line output is as follows:
warning "#umijs/preset-react > #umijs/plugin-dva > dva#2.6.0-beta.22" has incorrect peer dependency "react#^16.8.4".
warning "#umijs/preset-react > #umijs/plugin-dva > dva#2.6.0-beta.22" has incorrect peer dependency "react-dom#^16.8.4".
warning "#umijs/preset-react > #umijs/plugin-dva > dva-loading#3.0.22" has unmet peer dependency "dva-core#^1.1.0 | ^1.5.0-0 | ^1.6.0-0".
warning "#umijs/preset-react > #umijs/plugin-locale > react-intl#3.12.1" has incorrect peer dependency "react#^16.3.0".
warning "#umijs/preset-react > #umijs/plugin-request > #ahooksjs/use-request#2.8.3" has incorrect peer dependency "react#^16.8.6".
My yarn version is 1.22.10.

This mean's there is some error with the dependencies warned about, but this shouldn't stop yarn from moving forward, to fix this you would have to upgrade yarn, running the command below you upgrade yarn:
yarn upgrade --latest
When yarn is fully updated, reinstall the dependencies using the same yarn install.

npx create-react-app not showing latest bump to webpack-dev-server 3.11.0

This is my first SO question, so apologies for the lengthy amount of code. I'm trying to start a new project with create-react-app. I ran the following command:
npx create-react-app jam-box --use-npm
because I want to use npm instead of yarn, and everything works, the project boilerplate is created. But there's a security vulnerability with one of the dependencies of react-scripts:
[Angie # ~/jam-box](master)
$ npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-scripts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-scripts > webpack-dev-server > yargs > yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1500 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 922235 scanned packages
1 vulnerability requires manual review. See the full report for details.
[Angie # ~/jam-box](master)
$
I tried to run npm audit fix, but that didn't work. I went to both the webpack-dev-server github and the create-react-app github and it looked like they were already addressing this security issue, and as of two days ago, the issue was fixed and merged into the create-react-app master.
When running npm i react-scripts#latest inside my project:
[Angie # ~/jam-box](master)
$ npm i react-scripts#latest
npm WARN deprecated fsevents#1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated core-js#2.6.11: core-js#<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js#3.
npm WARN sass-loader#8.0.2 requires a peer of node-sass#^4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN sass-loader#8.0.2 requires a peer of sass#^1.3.0 but none is installed. You must install peer dependencies yourself.
npm WARN sass-loader#8.0.2 requires a peer of fibers#>= 3.1.0 but none is installed. You must install peer dependencies yourself.
npm WARN tsutils#3.17.1 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
+ react-scripts#3.4.1
updated 1 package and audited 922235 packages in 46.013s
2 packages are looking for funding
run `npm fund` for details
found 1 low severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
I was having this problem for days and was waiting to see if they would resolve it before trying to create a new create-react-app project. But today when I tried again to run npx create-react-app jam-box --use-npm, the security vulnerability was still there. I even tried running npm install react-scripts#latest and the vulnerability was still there. When I looked at my package-lock.json it says that react-scripts still was using the previous version of webpack-dev-server instead of the latest bump to 3.11.0. I don't know why when I run npx create-react-app that this isn't reflecting the latest master branch of create-react-app. I just want to run create-react-app to the latest version, any help would be appreciated.
npx create-react-app jam-box --use-npm
npx: installed 98 in 9.648s
Creating a new React app in /Users/Angie/jam-box.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...
> fsevents#1.2.13 install /Users/Angie/jam-box/node_modules/jest-haste-map/node_modules/fsevents
> node install.js
SOLINK_MODULE(target) Release/.node
CXX(target) Release/obj.target/fse/fsevents.o
SOLINK_MODULE(target) Release/fse.node
> fsevents#1.2.13 install /Users/Angie/jam-box/node_modules/watchpack/node_modules/fsevents
> node install.js
SOLINK_MODULE(target) Release/.node
CXX(target) Release/obj.target/fse/fsevents.o
SOLINK_MODULE(target) Release/fse.node
> fsevents#1.2.13 install /Users/Angie/jam-box/node_modules/webpack-dev-server/node_modules/fsevents
> node install.js
SOLINK_MODULE(target) Release/.node
CXX(target) Release/obj.target/fse/fsevents.o
SOLINK_MODULE(target) Release/fse.node
> core-js#2.6.11 postinstall /Users/Angie/jam-box/node_modules/babel-runtime/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"
> core-js#3.6.5 postinstall /Users/Angie/jam-box/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"
> core-js-pure#3.6.5 postinstall /Users/Angie/jam-box/node_modules/core-js-pure
> node -e "try{require('./postinstall')}catch(e){}"
+ cra-template#1.0.3
+ react-scripts#3.4.1
+ react#16.13.1
+ react-dom#16.13.1
added 1620 packages from 760 contributors and audited 922030 packages in 107.471s
59 packages are looking for funding
run `npm fund` for details
found 1 low severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
Initialized a git repository.
Installing template dependencies using npm...
npm WARN tsutils#3.17.1 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
+ #testing-library/jest-dom#4.2.4
+ #testing-library/react#9.5.0
+ #testing-library/user-event#7.2.1
added 36 packages from 56 contributors and audited 922236 packages in 19.35s
59 packages are looking for funding
run `npm fund` for details
found 1 low severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
Removing template package using npm...
npm WARN tsutils#3.17.1 requires a peer of typescript#>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
removed 1 package and audited 922235 packages in 12.693s
59 packages are looking for funding
run `npm fund` for details
found 1 low severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
Created git commit.
Success! Created jam-box at /Users/Angie/jam-box
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!
We suggest that you begin by typing:
cd jam-box
npm start
Happy hacking!

I've been chasing down this vulnerability hoping to fix it, too!
My understanding is that react-scripts hasn't updated their dependencies to point to webpack-dev-server 3.11.0. Since webpack-dev-server is a dependency of react-scripts, react-scripts needs to update this in their codebase. It's not something we can change in our dependencies.
As you pointed out, webpack-dev-server updated their dependency on yargs to deal with the "security vulnerability in yargs-parser (#2566) (41d1d0c)" (webpack-dev-server release notes: https://github.com/webpack/webpack-dev-server/releases).
But react-scripts (which is maintained and used by create-react-app https://github.com/facebook/create-react-app/tree/master/packages/react-scripts) has not yet updated their dependency on webpack-dev-server to use the new 3.11.0 version.
I think this can be brought up to them as a concern asking them to update their dependency on weback-dev-server to point to the newest one which will resolve a security vulnerability, but I am not sure how this is done exactly, to be honest.

cannot build react native project after react-native-git-upgrade

I tried to upgrade react-native from 0.49.3 to 0.55.3. I followed the official [guide][1] and when I ran react-native-git-upgrade, I got the following log:
git-upgrade info Check for updates
git-upgrade info Using yarn 1.5.1
git-upgrade info Read package.json files
git-upgrade info Check declared version
git-upgrade info Check matching versions
git-upgrade info Check React peer dependency
git-upgrade info Check that Git is installed
git-upgrade info Get information from NPM registry
git-upgrade info Upgrading to React Native 0.55.3, React 16.3.1
git-upgrade info Setup temporary working directory
git-upgrade info Configure Git environment
git-upgrade info Init Git repository
git-upgrade info Add all files to commit
git-upgrade info Commit current project sources
git-upgrade info Create a tag before updating sources
git-upgrade info Generate old version template
git-upgrade info Add updated files to commit
git-upgrade info Commit old version template
git-upgrade info Install the new version
warning " > react-native-maps#0.20.1" has incorrect peer dependency "react#16.0.0".
warning " > react-native-maps#0.20.1" has incorrect peer dependency "react-native#0.51.0".
warning " > #storybook/addon-storyshots#3.2.13" has unmet peer dependency "#storybook/addons#^3.2.13".
warning " > #storybook/addon-storyshots#3.2.13" has unmet peer dependency "#storybook/channels#^3.2.13".
warning " > #storybook/addon-storyshots#3.2.13" has unmet peer dependency "#storybook/react#^3.2.13".
warning " > #storybook/addon-storyshots#3.2.13" has unmet peer dependency "babel-core#^6.26.0".
warning "#storybook/react-native > #storybook/ui > react-icons#2.2.7" has incorrect peer dependency "react-dom#^0.14.0 || ^15.0.0 || ^16.0.0".
warning "#storybook/react-native > #storybook/ui > react-komposer#2.0.0" has incorrect peer dependency "react#^0.14.7 || ^15.0.0".
warning "#storybook/react-native > #storybook/ui > react-modal#2.4.1" has incorrect peer dependency "react#^0.14.0 || ^15.0.0".
warning "#storybook/react-native > #storybook/ui > react-modal#2.4.1" has incorrect peer dependency "react-dom#^0.14.0 || ^15.0.0".
warning "#storybook/react-native > #storybook/ui > react-treebeard#2.0.3" has incorrect peer dependency "react#^15.5.4".
warning "#storybook/react-native > #storybook/ui > react-treebeard#2.0.3" has incorrect peer dependency "react-dom#^15.5.4".
warning "#storybook/react-native > #storybook/ui > mantra-core > react-komposer#1.13.1" has incorrect peer dependency "react#^0.14.3 || ^15.0.0".
warning "#storybook/react-native > #storybook/ui > mantra-core > react-simple-di#1.2.0" has incorrect peer dependency "react#^0.14.0 || ^15.0.0".
warning "#storybook/react-native > #storybook/ui > react-komposer > react-stubber#1.0.0" has incorrect peer dependency "react#^0.14.7 || ^15.0.0".
warning "#storybook/react-native > #storybook/ui > react-treebeard > velocity-react#1.3.3" has incorrect peer dependency "react-dom#^15.3.0 || ^16.0.0".
warning "#storybook/react-native > #storybook/ui > react-treebeard > velocity-react > react-transition-group#1.2.1" has incorrect peer dependency "react-dom#^15.0.0 || ^16.0.0".
warning " > babel-jest#21.2.0" has unmet peer dependency "babel-core#^6.0.0 || ^7.0.0-alpha || ^7.0.0-beta || ^7.0.0".
warning " > enzyme#2.9.1" has incorrect peer dependency "react#0.13.x || 0.14.x || ^15.0.0-0 || 15.x".
warning " > react-addons-test-utils#15.4.2" has incorrect peer dependency "react-dom#^15.4.2".
warning "react-native > eslint-plugin-react-native#3.2.1" has unmet peer dependency "eslint#^3.17.0 || ^4.0.0".
git-upgrade info Generate new version template
git-upgrade info Add updated files to commit
git-upgrade info Commit new version template
git-upgrade info Generate the patch between the 2 versions
git-upgrade info Save the patch in temp directory
git-upgrade info Reset the 2 temporary commits
git-upgrade info Apply the patch
error: patch failed: .gitignore:51
Falling back to three-way merge...
Applied patch to '.gitignore' with conflicts.
error: ios/MyApp.xcodeproj/project.pbxproj: does not exist in index
error: ios/MyApp/AppDelegate.h: does not exist in index
error: ios/MyApp/AppDelegate.m: does not exist in index
error: ios/MyApp/main.m: does not exist in index
error: ios/MyAppTests/MyAppTests.m: does not exist in index
git-upgrade WARN The upgrade process succeeded but there might be conflicts to be resolved. See above for the list of files that have merge conflicts.
git-upgrade info Upgrade done
Notice these lines:
error: ios/MyApp.xcodeproj/project.pbxproj: does not exist in index
error: ios/MyApp/AppDelegate.h: does not exist in index
error: ios/MyApp/AppDelegate.m: does not exist in index
error: ios/MyApp/main.m: does not exist in index
error: ios/MyAppTests/MyAppTests.m: does not exist in index
These files are now all missing. Despite the message saying it succeeded, trying react-native -v yields
react-native-cli: 2.0.1
react-native: 0.55.3
And now the MyApp/ios/ directory is missing almost all of it's original files. If I even try react-native run-ios, I get xcodebuild: error: Scheme MyApp is not currently configured for the build action. Any suggestions would be incredibly helpful.

Figured it out. For those of you with this problem, all you need to do is delete your android/ios folder and use react-native eject which will regenerate the files necessary to rebuild your react-native project. This should be in the official react native upgrading guide IMO.