You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
3 or 4 different projects I am aware of in the last two weeks ran into issues where dependency updates caused undesired multiple resolutions of itwinjs-core packages which is illegal and causes (occasionally nefarious) runtime errors.
Sometimes people will accidentally commit the broken resulting lockfile too.
Describe the solution you'd like
for @itwin/build-tools or some published package to ship a utility function that can be imported in any project's .pnpmfile.cjs to error out on attempts to install a dependency arrangement that results in illegal multi-resolved singleton packages. This will help people more quickly notice when they've screwed up a project, not at runtime
a guide or link to an existing guide on debugging multi-resolved peer dependencies in pnpm. Maybe placed in a FAQ or in tips and guidelines, next to the API support policy
I'm open to other potential solutions and discussions. I'd be curious if anyone has researched:
* wildcard versions for some peer dependencies
meta packages
these would need to be tested for tree-shakability, and possibly itwin.js packages need to conform to the package.json#sideEffects standard used by bundlers.
pnpm auto install peers
Describe alternatives you've considered
pnpm override everything... causes other issues.
Additional context
None
The text was updated successfully, but these errors were encountered:
One of the reasons that can happen is that peerDependencies in itwinjs-core are specified with ^, which tells package manager that it's fine to use a higher version. The first step, IMO, should be to fix this problem and instead specify all peer deps at exact version.
Is your feature request related to a problem? Please describe.
3 or 4 different projects I am aware of in the last two weeks ran into issues where dependency updates caused undesired multiple resolutions of itwinjs-core packages which is illegal and causes (occasionally nefarious) runtime errors.
Sometimes people will accidentally commit the broken resulting lockfile too.
Describe the solution you'd like
@itwin/build-tools
or some published package to ship a utility function that can be imported in any project's.pnpmfile.cjs
to error out on attempts to install a dependency arrangement that results in illegal multi-resolved singleton packages. This will help people more quickly notice when they've screwed up a project, not at runtimeI'm open to other potential solutions and discussions. I'd be curious if anyone has researched:
*
wildcard versions for some peer dependenciespackage.json#sideEffects
standard used by bundlers.Describe alternatives you've considered
pnpm override everything... causes other issues.
Additional context
None
The text was updated successfully, but these errors were encountered: