Closed federicobond closed 5 years ago
If this gets merged, I can update provide pull requests for the rest of the modules.
For now it does, but there is a warning about that functionality changing with NPM 3.x so I thought I might as well future-proof the change.
npm WARN peerDependencies The peer dependency bitcore included from bitcore-mnemonic will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
Just did a bit of testing with peerDependencies, here are the results (with npm v2.7.4)
With this package.json
:
{
"dependencies": {
"bitcore": "^0.11.0",
"bitcore-p2p": "git://github.com/braydonf/bitcore-p2p.git#1f6f0ab", //peerDependency with bitcore 0.12
"bitcore-mnemonic": "git://github.com/federicobond/bitcore-mnemonic.git#579cdf" //peerDependency with bitcore 0.12
}
}
Results in the incompatibility error:
npm ERR! peerinvalid The package bitcore does not satisfy its siblings' peerDependencies requirements!
npm ERR! peerinvalid Peer bitcore-mnemonic@0.11.0 wants bitcore@^0.12.0
With this package.json
:
{
"dependencies": {
"bitcore-p2p": "git://github.com/braydonf/bitcore-p2p.git#1f6f0ab74fcf097728c5f2d08f55e983c5a55806",
"bitcore-mnemonic": "git://github.com/federicobond/bitcore-mnemonic.git#579cdfc931c68f5cc9a199df879eed9bf51c5252"
}
}
Results in an installation (identical to using "dependency"):
bitcore@0.12.5 node_modules/bitcore
├── inherits@2.0.1
├── bs58@2.0.0
├── hash.js@1.0.2
├── bn.js@2.0.4
├── sha512@0.0.1
├── lodash@2.4.1
└── elliptic@3.0.3 (brorand@1.0.5)
bitcore-mnemonic@0.11.0 node_modules/bitcore-mnemonic
bitcore-p2p@0.14.0 node_modules/bitcore-p2p
├── buffers@0.1.1
├── bloom-filter@0.2.0
└── socks5-client@0.3.6 (network-byte-order@0.2.0, ipv6@3.1.1)
With the warning:
npm WARN peerDependencies The peer dependency bitcore@^0.12.0 included from bitcore-mnemonic will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
So with npm@3, to achieve the same would require package.json
with:
{
"dependencies": {
"bitcore": "0.12.5",
"bitcore-p2p": "git://github.com/braydonf/bitcore-p2p.git#1f6f0ab74fcf097728c5f2d08f55e983c5a55806",
"bitcore-mnemonic": "git://github.com/federicobond/bitcore-mnemonic.git#579cdfc931c68f5cc9a199df879eed9bf51c5252"
}
}
And if bitcore was not included there would be a "peerinvalid" warning?
Yes, I'm pretty sure that's how it works. The broken case right now is triggered by the following commands:
npm install bitcore-mnemonic
npm install bitcore
Now you have bitcore
as nested depedency of bitcore-mnemonic
and bitcore
as top level dependency.
WIth peerDependencies
, you run:
npm install bitcore-mnemonic
And NPM 2.x will also install bitcore
if it does not find it as top level dependency. This behavior changes, with NPM 3.x, which will require you to explicitly install bitcore
as another dependency.
One thing I noticed is that once you have installed bitcore
as top level dependency, the modules will not include it as nested dependency. Otherwise, it is possible to accumulate as many copies of bitcore
as modules you have installed. Is that an artifact of your build system?
That's npm resolving the dependencies, since they are compatible and package.json
uses ^0.12.0
Ok. Is there anything else I can do to move this pull request forward?
It would be good to get a few other opinions on it, and some more information about the behavior in npm@3. With the versionGuard, it's necessary to have bitcore as a top level dependency anyways. And seems like it may behavior nearly identical to using 'dependency' until npm@3 is available?
See http://blog.nodejs.org/2013/02/07/peer-dependencies/
cc/ @maraoz