Hardhat Dependency Graph Doesn't Contain Nested Dependencies

[pingdaze]

Local package file contains @openzeppelin/contracts version:4.6.0 but the 'arb-bridge-eth' package I'm using contains @openzeppelin/contracts version:3.4.2 and since the 4. update the repo doesn't contain Pausable.sol leading to a dependency issue since Hardhat is looking for the dependency in my root node_modules instead of the dependencies node_modules where it's actually located. DUMPER.txt

[github-actions[bot]]

This issue is also being tracked on Linear.

We use Linear to manage our development process, but we keep the conversations on Github.

LINEAR-ID: c84dd8b1-3628-48f0-b329-c818dabf299c

[fvictorio]

Thanks for reporting this @pingdaze. This is a hard problem to solve because of the way solc works and how we use it. We are thinking of long-term solutions, but in the meantime we should:

1) Detect that this is happening and throw a better error 2) Add a section in our docs about how to deal with this scenario.

Note for ourselves: one way to do this is, during import resolution, and if we are resolving an import inside a library, check if that (second) imported library can be resolved both from the root of the project and from the (first) library. We should also get their respective versions, since that would be useful for the error message.

Notice that this can have an impact on performance, so we should probably cache this result, with the pair (lib1, lib2) as a key.

[Whytecrowe]

Any updates on this or at least some workarounds?

[alcuadrado]

The current workaround is declaring dependencies as peer dependencies.

We are currently working on a new major version of Hardhat that properly supports this.