search

theodorejb / es-cookie

A simple, lightweight module for handling cookies
MIT License
45 stars 2 forks source link

Version 1.4.0 is breaking dependent CJS packages #10

Open kaleabmelkie opened 1 year ago

kaleabmelkie commented 1 year ago

I have a SvelteKit app that is dependent on @auth0/auth0-spa-js. That library is currently CJS and is dependent on es-cookie@^1.3.2.

My app is crashing with the following message because es-cookie@1.4.0 turned to an ESM package in a non-breaking version minor upgrade (which @auth0/auth0-spa-js assumed was fine):

Error [ERR_REQUIRE_ESM]: require() of ES Module /[redacted_project_path]/node_modules/.pnpm/es-cookie@1.4.0/node_modules/es-cookie/src/es-cookie.js from /[redacted_project_path]/node_modules/.pnpm/@auth0+auth0-spa-js@1.22.2/node_modules/@auth0/auth0-spa-js/dist/lib/auth0-spa-js.cjs.js not supported.
Instead change the require of es-cookie.js in /[redacted_project_path]/node_modules/.pnpm/@auth0+auth0-spa-js@1.22.2/node_modules/@auth0/auth0-spa-js/dist/lib/auth0-spa-js.cjs.js to a dynamic import() which is available in all CommonJS modules.
    at Object.<anonymous> (/[redacted_project_path]/node_modules/.pnpm/@auth0+auth0-spa-js@1.22.2/node_modules/@auth0/auth0-spa-js/dist/lib/auth0-spa-js.cjs.js:9:15)
    at async Promise.all (index 0)
    at async nodeImport (file:///[redacted_project_path]/node_modules/.pnpm/vite@3.0.9/node_modules/vite/dist/node/chunks/dep-0fc8e132.js:50619:21)
    at async eval (/src/lib/configs/auth0.ts:11:31)
    at async instantiateModule (file:///[redacted_project_path]/node_modules/.pnpm/vite@3.0.9/node_modules/vite/dist/node/chunks/dep-0fc8e132.js:50548:9)

Is it possible to revert the new ESM changes of v1.4.0 as v1.4.1 and release them as a new v2.0.0 instead (to respect semver)?

kaleabmelkie commented 1 year ago

My temporary workaround is to force a version resolution in my SvelteKit app's package.json:

{
  "resolutions": {
    "es-cookie": "1.3.2"
  }
}
iadnanmalik commented 1 year ago

Same issue. In my case its being used in auth0/auth0-spa-js library as well.

theodorejb commented 1 year ago

I released the native ES module update as v1.4 instead of v2.0 since there is no change to the documented public API, and when using a module bundler such as Rollup or Webpack the library should continue working seamlessly. If your project can't support the ESM version for some reason, can you pin es-cookie to v1.3.2 (e.g. via package-lock.json or npm overrides)?

If I were to publish v1.4.1 as a CommonJS module instead of ESM, that could also be a breaking change for people already depending on the new ESM version...

stefanmaco commented 1 year ago

auth0/auth0-spa-js library as well.

worked for me, thanks. but isn't this a breaking change?