@aws-sdk/credential-provider-node doesn't provide @aws-sdk/client-sts

[samuelcole]

Checkboxes for prior research

• [X] I've gone through Developer Guide and API reference
• [X] I've checked AWS Forums and StackOverflow.
• [X] I've searched for previous similar issues and didn't find any solution.

Describe the bug

After yarn install I get:

➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.567.0 doesn't provide @aws-sdk/client-sts (pd83b4), requested by @aws-sdk/credential-provider-web-identity
➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.567.0 doesn't provide @aws-sdk/client-sts (p294b1), requested by @aws-sdk/credential-provider-ini
➤ YN0002: │ @aws-sdk/credential-provider-sso@npm:3.567.0 doesn't provide @aws-sdk/client-sso-oidc (pb330e), requested by @aws-sdk/token-providers

additionally my unimported tooling reports:

1 │ @aws-sdk/client-sso-oidc at ../../node_modules/@aws-sdk/token-providers/dist-cjs/index.js
2 │ @aws-sdk/client-sts at ../../node_modules/@aws-sdk/credential-provider-ini/dist-cjs/index.js, ../../node_modules/@aws-sdk/credential-provider-web-identity/dist-cjs/fromWebToken.js

SDK version number

@aws-sdk/credential-provider-node@npm:3.567.0

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

node v20.9.0, yarn 3.5.0

Reproduction Steps

yarn install

Observed Behavior

reports warnings

Expected Behavior

no warnings

Possible Solution

add @aws-sdk/client-sts and @aws-sdk/client-sso-oidc as dependencies for @aws-sdk/credential-provider-node

Additional Information/Context

No response

[trivikr]

If you have a minimal repro, please post it in the issue comments. I'll also post my attempts in reproducing. It'll help identify in which version it was introduced. We suspect it was introduced in either v3.564.0 or v3.565.0

The current workaround is to pin your client dependency to <3.564.0 in package.json as follows:

   "client-dynamodb": "<3.564.0",

[trivikr]

I'm not able to repro with this simple commands in a new workspace, and dependencies are installed

$ node -v
v20.12.2

$ corepack enable && yarn set version 4.2.1

$ yarn init -y && yarn add @aws-sdk/client-dynamodb@3.567.0 --exact

[trivikr]

Minimal repro with yarn@3.5.0 shows warnings

$ corepack enable && yarn set version 3.5.0

$ yarn init -y && yarn add @aws-sdk/client-dynamodb@3.567.0 --exact
...
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.567.0 doesn't provide @aws-sdk/client-sts (pd83b4), requested by @aws-sdk/credential-provider-web-identity
➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.567.0 doesn't provide @aws-sdk/client-sts (p294b1), requested by @aws-sdk/credential-provider-ini
➤ YN0002: │ @aws-sdk/credential-provider-sso@npm:3.567.0 doesn't provide @aws-sdk/client-sso-oidc (pb330e), requested by @aws-sdk/token-providers
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 0s 805ms
...

Not reproducible with 3.563.0

[trivikr]

The warning is shown in yarn@3.x as direct dependency of client-sts was removed in https://github.com/aws/aws-sdk-js-v3/pull/6028. The dependency was removed because other clients were not using it directly. The dependency, however, is required in some default credential providers like credential-provider-web-identity or credential-provider-ini.

In those credential providers, the dependency is added as a peerDependency to avoid circular dependency issue. This is not a problem for majority users, since most of the requests sent on JS SDK do not use those credential providers. For other users, most of them use npm 7+ which automatically installs peerDependencies.

However, it would be a problem for certain package managers where peerDependencies are not automatically installed (like yarn modern) and there's no workaround to install those peerDependencies (like yarn classic).

We're exploring re-adding the direct dependencies on clients.

[conico974]

@trivikr It can also cause issue if you set auto-install-peers=false in .npmrc Also in some cases in CI, it seems that npx also doesn't install peer dependencies which make CI fail.

[trivikr]

We're exploring re-adding the direct dependencies on clients.

PR posted at https://github.com/aws/aws-sdk-js-v3/pull/6055

[trivikr]

PR posted at https://github.com/aws/aws-sdk-js-v3/pull/6055

PR is merged, and the fix is expected to be published in https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.569.0 around 12:30 PM Pacific on Friday, May 3.

Reopening this issue for verification post publish.

[trivikr]

Reopening this issue for verification post publish.

Release https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.569.0 is out, and I verified that no warnings are shown in resolution step by yarn@3.5.0

v3.568.0

$ yarn init -y && yarn add @aws-sdk/client-dynamodb@3.568.0 --exact
...
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.568.0 doesn't provide @aws-sdk/client-sts (p0dd8b), requested by @aws-sdk/credential-provider-web-identity
➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.568.0 doesn't provide @aws-sdk/client-sts (p80a4c), requested by @aws-sdk/credential-provider-ini
➤ YN0002: │ @aws-sdk/credential-provider-sso@npm:3.568.0 doesn't provide @aws-sdk/client-sso-oidc (pcb0ab), requested by @aws-sdk/token-providers
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 0s 920ms
...

v3.569.0

$ yarn init -y && yarn add @aws-sdk/client-dynamodb@3.569.0 --exact
...
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.569.0 doesn't provide @aws-sdk/client-sts (padd33), requested by @aws-sdk/credential-provider-web-identity
➤ YN0002: │ @aws-sdk/credential-provider-node@npm:3.569.0 doesn't provide @aws-sdk/client-sts (p8938b), requested by @aws-sdk/credential-provider-ini
➤ YN0002: │ @aws-sdk/credential-provider-sso@npm:3.568.0 doesn't provide @aws-sdk/client-sso-oidc (pcb0ab), requested by @aws-sdk/token-providers
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 0s 945ms
...

$ yarn explain peer-requirements padd33
➤ YN0000: @aws-sdk/credential-provider-node@npm:3.569.0 doesn't provide @aws-sdk/client-sts, breaking the following requirements:

➤ YN0000: @aws-sdk/credential-provider-web-identity@npm:3.568.0 [37b69] → ^3.568.0 ✘

Although the warning is shown, we've ensured that the direct dependency is available in node_modules. This issue needs more deep dive, especially checking why the warning is not shown for v3.563.0

In the mean time, if v3.569.0 is causing any bugs in your application other than warning, please create a new bug report.

[samuelcole]

i can confirm it fixes my issue (which was unimported failing)!

[trivikr]

Closing as original author confirmed the issue is fixed in their setup.

Do create a new bug report if the issue is reproducible with v3.569.0+ in your setup.

[robertfmurdock]

Found this bug broke my service's ability to access DynamoDB in production today, updated the libraries to 3.569.0, and it was fixed. Guessing my toy app was broken for about 24 hours due to this.

Apparently locally testing with a local DynamoDB docker image wasn't enough to detect the problem, so I hope ya'll have added some test coverage to help ensure surprises like this don't happen again.

Thanks for the fast turnaround!

[github-actions[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.