search

mikeedwards / po2json

Pure Javascript implementation of Uniforum message translation. Based on a great gist.
https://gist.github.com/1739769
Other
178 stars 62 forks source link

About dependencies in package.json #82

Closed ryouaki closed 4 years ago

ryouaki commented 5 years ago

Expected Behavior

What did you want to happen?

Actual Behavior

In package.json,have three dependencies:

  "dependencies": {
    "commander": "^2.18.0",
    "gettext-parser": "2.0.0",
    "gettext-to-messageformat": "^0.3.0"
  },
  "devDependencies": {
    "jed": "~1.1.1",
    "messageformat": "^2.0.4",
    "nodeunit": "*"
  },

Steps to Reproduce

When I use po2json on my project,it will install two dependencies which has two different version like "commander@2.20.0" and "commander@2.15.1", and will both build in my production Javascript files.

Additional Data

change to peerdependencies will fix this problem。

  "peerDependencies": {
    "commander": "^2.18.0",
    "gettext-parser": "2.0.0",
    "gettext-to-messageformat": "^0.3.0"
    "jed": "~1.1.1",
    "messageformat": "^2.0.4",
    "nodeunit": "*"
  },
mikeedwards commented 4 years ago

I felt a little weird removing the dependencies entirely, but I added some to peer dependencies in the latest beta. Let me know if that helps you @ryouaki

ryouaki commented 4 years ago

I felt a little weird removing the dependencies entirely, but I added some to peer dependencies in the latest beta. Let me know if that helps you

Thank you for your replay , yes it will help me and fix my problem.

ryouaki commented 4 years ago

I saw your change, But I think move to peer dependencies is better。

If still keep in dependencies, I have a package need "commander" with version "1.0.0", and in po2json is version 2.18.0, when I run npm install --production, it will install 2.18.0 and 1.0.0 form my project. And will get risk for my project.

mondeja commented 4 years ago

If still keep in dependencies, I have a package need "commander" with version "1.0.0", and in po2json is version 2.18.0, when I run npm install --production, it will install 2.18.0 and 1.0.0 form my project. And will get risk for my project.

If you are using both versions in your project, both will be installed. The risk would be install one only. You need to go ahead with one of both if you want to remove the redundancy: upgrade your commander-dependent code in your project in order to use 2.18.0 only or stop using po2json because does not meet your dependencies versions.

I felt a little weird removing the dependencies entirely, but I added some to peer dependencies in the latest beta.

Sorry @mikeedwards, but I'm getting always the next warning message installing po2json:

warning " > po2json@1.0.0-beta-3" has unmet peer dependency "commander@^6.0.0".
warning " > po2json@1.0.0-beta-3" has unmet peer dependency "gettext-parser@2.0.0".
warning " > po2json@1.0.0-beta-3" has unmet peer dependency "gettext-to-messageformat@0.3.1".

This redundancy in the dependencies of the project doesn't have any sense. Are peer or normal dependencies? Please, consider remove peerDependencies in package.json. I think that this change has been a misconception of what peer dependencies are.