search

oven-sh / bun

Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
https://bun.sh
Other
72.21k stars 2.58k forks source link

Transitive dependencies bring their own (incompatible) versions of dependencies #4946

Open MikeDombo opened 10 months ago

MikeDombo commented 10 months ago

What version of Bun is running?

1.0.0

What platform is your computer?

Darwin 22.6.0 arm64 arm

What steps can reproduce the bug?

Install @types/react-router-dom:5.3.3 and @types/react:16.14.38.

What is the expected behavior?

Bun should install both of these packages and the react-router-dom package should not bring its own version of node_modules with @types/react: 18.2.21 which causes the build to fail because types no longer match because multiple versions of react types are being used.

Bun should install the desired version of @types/react from my project's package.json.

What do you see instead?

Bun installs both types packages, but the react-router-dom type package brings its own nested node_modules directory which includes the latest version of @types/react which is not the version that my project requested. @types/react- packages include a dependency on @types/react with * as the version requirement, so bun should be able to use my project's requested version of the react type dependency rather than installing a newer (and incompatible) version

Additional information

No response

mifopen commented 10 months ago

I think it's even worse. I can see bun installing duplicated packages even for ^n.n.n choosing latest versions instead of existing ones.

Zikoat commented 10 months ago

Possible duplicate: #4642

almarzn commented 9 months ago

I have the exact same issue with angular. ngx-build-plus@15 has @angular-devkit/build-angular@>=15 as a dependency. Thus @angular-devkit/build-angular@16 is installed for this dependency in its own node_modules and I get the infamous incopatible version error.

sammoore commented 5 months ago

This sounds like what's affecting expo-router and easily reproducible with create-expo-stack. It associates one peerDependency down the chain with the wrong version of ajv

$ npx create-expo-stack@2.4.2 --bun --expo-router
$ cd my-expo-app/
$ npm ls ajv
$ bun start

npm ls ajv shows the bad association, and bun start quickly errors.

The workaround as mentioned in the linked comment is adding the higher/preferred ajv as a direct dependency, resolving the issue without giving eslint the wrong version:

$ bun install --dev ajv
$ npm ls ajv

Environment:

$ bun --version
1.0.26
$ node --version
v21.2.0
$ npm --version
10.2.3
isaachinman commented 5 months ago

I am experiencing the same issue as @sammoore with an Expo project, and consider this to be a very serious mishandling of dependencies.

I tried to pin ajv via resolutions, but did not have any luck.

Is there any official response on the priority/timeline for fixing this problem?

sammoore commented 3 months ago

Possible duplicate: #9135

byCedric commented 3 months ago

@sammoore, @isaachinman Yep, I reported this a while ago: https://github.com/oven-sh/bun/issues/8406