cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

issue/5051 - incorrect peer dependencies on v1 lockfile upgrade

Open siemhesda opened this issue 2 years ago • 2 comments

Npm does not capture conflicting dependencies with old lockfiles (npm@6) . On the first install from an old lockfile, the lockfile gets upgraded but the install command captures the old lockfile during the install. This update checks for old lockfiles and re reifies to ensure the updated lockfile is used during the second reification.

References

closes #5051

siemhesda avatar Jan 03 '24 18:01 siemhesda

I don't know that solution is the right one. It seems a little overwrought. "do the install twice based on new state Arborist is tracking for this single situation." feels like a pretty heavy-handed approach. Is there no better way for:

  1. Arborist to do this itself
  2. Not have to run reify twice to get this behavior

?

wraithgar avatar Jan 10 '24 16:01 wraithgar

I don't know that solution is the right one. It seems a little overwrought. "do the install twice based on new state Arborist is tracking for this single situation." feels like a pretty heavy-handed approach. Is there no better way for:

  1. Arborist to do this itself
  2. Not have to run reify twice to get this behavior

?

The first instinct was to do it within the arborist but the challenge is that it does not wait for the lockfile to be updated before proceeding with execution. Hence doing it on the install when everything is already done. Also the shrinkwrap, which I think plays part in this, is not asynchronous.

siemhesda avatar Jan 10 '24 17:01 siemhesda