provide a better debugging experience when peer dependencies cause multiple resolution of singleton packags

[MichaelBelousov]

Is your feature request related to a problem? Please describe.

3 or 4 different projects I am aware of in the last two weeks ran into issues where dependency updates caused undesired multiple resolutions of itwinjs-core packages which is illegal and causes (occasionally nefarious) runtime errors.

Sometimes people will accidentally commit the broken resulting lockfile too.

Describe the solution you'd like

• for @itwin/build-tools or some published package to ship a utility function that can be imported in any project's .pnpmfile.cjs to error out on attempts to install a dependency arrangement that results in illegal multi-resolved singleton packages. This will help people more quickly notice when they've screwed up a project, not at runtime
• a guide or link to an existing guide on debugging multi-resolved peer dependencies in pnpm. Maybe placed in a FAQ or in tips and guidelines, next to the API support policy

I'm open to other potential solutions and discussions. I'd be curious if anyone has researched:

• * wildcard versions for some peer dependencies
• meta packages
  • these would need to be tested for tree-shakability, and possibly itwin.js packages need to conform to the package.json#sideEffects standard used by bundlers.
• pnpm auto install peers

Describe alternatives you've considered pnpm override everything... causes other issues.

Additional context None

[grigasp]

One of the reasons that can happen is that peerDependencies in itwinjs-core are specified with ^, which tells package manager that it's fine to use a higher version. The first step, IMO, should be to fix this problem and instead specify all peer deps at exact version.