search

bitpay / bitcore-mnemonic

BIP39 Mnemonics implemented for Bitcore
http://bitcore.io
MIT License
155 stars 212 forks source link

Use bitcore as peerDependency #26

Closed federicobond closed 5 years ago

federicobond commented 9 years ago

See http://blog.nodejs.org/2013/02/07/peer-dependencies/

cc/ @maraoz

federicobond commented 9 years ago

If this gets merged, I can update provide pull requests for the rest of the modules.

coveralls commented 9 years ago

Coverage Status

Coverage remained the same at 97.99% when pulling 579cdfc931c68f5cc9a199df879eed9bf51c5252 on federicobond:peer-dependency into d129cbbad7fb695b1d987dc7afcabda14a40a53e on bitpay:master.

federicobond commented 9 years ago

For now it does, but there is a warning about that functionality changing with NPM 3.x so I thought I might as well future-proof the change.

npm WARN peerDependencies The peer dependency bitcore included from bitcore-mnemonic will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency 
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
braydonf commented 9 years ago

Just did a bit of testing with peerDependencies, here are the results (with npm v2.7.4)

With this package.json:

{
  "dependencies": {
    "bitcore": "^0.11.0",
    "bitcore-p2p": "git://github.com/braydonf/bitcore-p2p.git#1f6f0ab", //peerDependency with bitcore 0.12
    "bitcore-mnemonic": "git://github.com/federicobond/bitcore-mnemonic.git#579cdf" //peerDependency with bitcore 0.12
  }
}

Results in the incompatibility error:

npm ERR! peerinvalid The package bitcore does not satisfy its siblings' peerDependencies requirements!
npm ERR! peerinvalid Peer bitcore-mnemonic@0.11.0 wants bitcore@^0.12.0

With this package.json:

{
  "dependencies": {
    "bitcore-p2p": "git://github.com/braydonf/bitcore-p2p.git#1f6f0ab74fcf097728c5f2d08f55e983c5a55806",
    "bitcore-mnemonic": "git://github.com/federicobond/bitcore-mnemonic.git#579cdfc931c68f5cc9a199df879eed9bf51c5252"
  }
}

Results in an installation (identical to using "dependency"):

bitcore@0.12.5 node_modules/bitcore
├── inherits@2.0.1
├── bs58@2.0.0
├── hash.js@1.0.2
├── bn.js@2.0.4
├── sha512@0.0.1
├── lodash@2.4.1
└── elliptic@3.0.3 (brorand@1.0.5)

bitcore-mnemonic@0.11.0 node_modules/bitcore-mnemonic

bitcore-p2p@0.14.0 node_modules/bitcore-p2p
├── buffers@0.1.1
├── bloom-filter@0.2.0
└── socks5-client@0.3.6 (network-byte-order@0.2.0, ipv6@3.1.1)

With the warning:

npm WARN peerDependencies The peer dependency bitcore@^0.12.0 included from bitcore-mnemonic will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency 
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.

So with npm@3, to achieve the same would require package.json with:

{
  "dependencies": {
    "bitcore": "0.12.5",
    "bitcore-p2p": "git://github.com/braydonf/bitcore-p2p.git#1f6f0ab74fcf097728c5f2d08f55e983c5a55806",
    "bitcore-mnemonic": "git://github.com/federicobond/bitcore-mnemonic.git#579cdfc931c68f5cc9a199df879eed9bf51c5252"
  }
}

And if bitcore was not included there would be a "peerinvalid" warning?

federicobond commented 9 years ago

Yes, I'm pretty sure that's how it works. The broken case right now is triggered by the following commands:

npm install bitcore-mnemonic
npm install bitcore

Now you have bitcore as nested depedency of bitcore-mnemonic and bitcore as top level dependency.

WIth peerDependencies, you run:

npm install bitcore-mnemonic

And NPM 2.x will also install bitcore if it does not find it as top level dependency. This behavior changes, with NPM 3.x, which will require you to explicitly install bitcore as another dependency.

federicobond commented 9 years ago

One thing I noticed is that once you have installed bitcore as top level dependency, the modules will not include it as nested dependency. Otherwise, it is possible to accumulate as many copies of bitcore as modules you have installed. Is that an artifact of your build system?

braydonf commented 9 years ago

That's npm resolving the dependencies, since they are compatible and package.json uses ^0.12.0

federicobond commented 9 years ago

Ok. Is there anything else I can do to move this pull request forward?

braydonf commented 9 years ago

It would be good to get a few other opinions on it, and some more information about the behavior in npm@3. With the versionGuard, it's necessary to have bitcore as a top level dependency anyways. And seems like it may behavior nearly identical to using 'dependency' until npm@3 is available?