Open MichaelBelousov opened 2 months ago
One of the reasons that can happen is that peerDependencies
in itwinjs-core
are specified with ^
, which tells package manager that it's fine to use a higher version. The first step, IMO, should be to fix this problem and instead specify all peer deps at exact version.
Is your feature request related to a problem? Please describe.
3 or 4 different projects I am aware of in the last two weeks ran into issues where dependency updates caused undesired multiple resolutions of itwinjs-core packages which is illegal and causes (occasionally nefarious) runtime errors.
Sometimes people will accidentally commit the broken resulting lockfile too.
Describe the solution you'd like
@itwin/build-tools
or some published package to ship a utility function that can be imported in any project's.pnpmfile.cjs
to error out on attempts to install a dependency arrangement that results in illegal multi-resolved singleton packages. This will help people more quickly notice when they've screwed up a project, not at runtimeI'm open to other potential solutions and discussions. I'd be curious if anyone has researched:
*
wildcard versions for some peer dependenciespackage.json#sideEffects
standard used by bundlers.Describe alternatives you've considered pnpm override everything... causes other issues.
Additional context None