lockbox icon indicating copy to clipboard operation
lockbox copied to clipboard
verified publisher icon robertzk

Failure to resolve dependencies correctly

Open robertzk opened this issue 9 years ago • 3 comments

In this run syberia/syberia depends on robertzk/testthatsomemore which depends on peterhurford/strdate which depends on peterhurford/checkr. The latter package attempts to be installed first, but its dependency memoise attempts to be installed after checkr, leading to problems when memoise is not in a global library. This boils down to a problem with lockbox dependency resolution.

robertzk avatar Nov 17 '16 21:11 robertzk

Yikes...

peterhurford avatar Nov 17 '16 21:11 peterhurford

yarn and bundler solve this by generating a .lock file out of the specification, that represents full dependency tree along with the order of installation. If you come up with a dependency tree you can do a topological sort on the dependency graph and then dump (i.e. dput) the resulting list into lock.box file. Then installing/loading dependencies is guaranteed to be identical across multiple machines, and debugging such issues should be much easier. As a side bonus https://github.com/robertzk/lockbox/issues/103 becomes trivial

kirillseva avatar Jun 21 '17 16:06 kirillseva

@kirillseva Agreed. Let's plan on implementing that in the next major version of lockbox.

robertzk avatar Jun 21 '17 17:06 robertzk