louis-bompart
commented
2 years ago I encountered the same issue, and created a minimum reproducible example here: louis-bompart/upgraded-garbanzo.
OS: Windows10, Node: 16.10.0, NPM: 7.24.0
Closed milahu closed 2 years ago
louis-bompart
commented
2 years ago I encountered the same issue, and created a minimum reproducible example here: louis-bompart/upgraded-garbanzo.
OS: Windows10, Node: 16.10.0, NPM: 7.24.0
snyksec
commented
2 years ago :tada: This issue has been resolved in version 1.37.2 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
child peerDependencies should be parsed
consider svelte-nodegui-starter
part of the dependency tree
acorn-import-assertions peerDependencies -> acorn
this is also visible in package-lock.json
but in the snyk-nodejs-lockfile-parser deptree, the peerDependencies field is missing
related #104
details: peerDependencies are NOT listed in yarn.lock
``` acorn-import-assertions@^1.7.6: version "1.7.6" resolved "..." integrity ... webpack@^5.53.0: version "5.53.0" resolved "..." integrity ... dependencies: ... acorn "^8.4.1" acorn-import-assertions "^1.7.6" ```details: peerDependencies in pnpm-lock.yaml
``` /webpack/5.52.1_webpack-cli@4.8.0: ... dependencies: ... acorn: 8.5.0 acorn-import-assertions: 1.7.6_acorn@8.5.0 /acorn-import-assertions/1.7.6_acorn@8.5.0: ... peerDependencies: acorn: ^8 dependencies: acorn: 8.5.0 dev: true ```details: when are peerDependencies installed?
> npm versions 1, 2, and 7 will automatically install peerDependencies if they are not explicitly depended upon higher in the dependency tree. For npm versions 3 through 6, you will receive a warning that the peerDependency is not installed instead. https://nodejs.org/en/blog/npm/peer-dependencies/ > As of npm v7, peerDependencies are installed by default. https://docs.npmjs.com/cli/v7/configuring-npm/package-json#peerdependencies ... except its marked "optional" in [peerDependenciesMeta](https://docs.npmjs.com/cli/v7/configuring-npm/package-json#peerdependenciesmeta)