Dependency Issue: Installation via npm fails

[pano9000]

Describe the bug Trying to run npm install with from current main/master fails due to some dependency issues

Examples

npm install

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: rollup-plugin-babel@4.4.0
npm ERR! Found: rollup@0.47.6
npm ERR! node_modules/rollup
npm ERR!   dev rollup@"^0.47.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer rollup@">=0.60.0 <3" from rollup-plugin-babel@4.4.0
npm ERR! node_modules/rollup-plugin-babel
npm ERR!   dev rollup-plugin-babel@"^4.0.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: rollup@2.79.1
npm ERR! node_modules/rollup
npm ERR!   peer rollup@">=0.60.0 <3" from rollup-plugin-babel@4.4.0
npm ERR!   node_modules/rollup-plugin-babel
npm ERR!     dev rollup-plugin-babel@"^4.0.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

Additional context Validator.js version: main/master Node.js version: 16 OS platform: windows

[WikiRik]

Yeah, the dependencies could use some updating. I think the easiest way to solve this one however is to update the following line to get rollup@^0.60.0; https://github.com/validatorjs/validator.js/blob/531dc7f1f75613bec75c6d888b46480455e78dc7/package.json#L52

According to semver this can cause some breaking changes, but we'll probably notice those along the way. There is a PR to update rollup (among other things), but it hasn't really been worked on over the last months; https://github.com/validatorjs/validator.js/pull/1869

[pano9000]

thanks for the reply, updating the version to 0.60.0 does make it install now, (but shows a few "high" severity issues, related to some other outdated packages - but as you said, that would need some major updates).

bit off topic: the more time I spend on validator.js the more I get a feeling like this poject is kind of semi-abandoned, even though there seems to be quite big interesst and also contributions to it :-( a bit of a shame really...

[pixelbucket-dev]

What about just removing the rollup devDependency and just let rollup-plugin-babel deal with the dependency chain? It should know best what it needs.

[WikiRik]

That will install v2 of rollup which does not support Node 6 and does not work with our current config (v0.48 had some breaking changes I believe so that's why we are using v0.47 still). So we'll have to do a bit more than that either way.

I think that we can start with a PR to upgrade rollup to v0.60 and then continue from there. Considering that we might start migrating parts of the codebase to TypeScript soon (see #1271) I think we'll overhaul the build tooling not too far from now and that will also fix this issue

[profnandaa]

@WikiRik -- that's correct, there will be some more work to be done to stablize our npm install. In the meantime, I will just work with --legacy-peer-deps option.

[rubiin]

@profnandaa we can switch from npm to perhaps yarn or pnpm. I prefer to use pnpm and its almost compatible with npm (most commands are alike), so the transition will be seemless

[profnandaa]

What's the upsides of using pnpm or yarn over npm? I'm also thinking we can now retire Node 6 and 8?

[rubiin]

Pnpm is “performant” version of npm, hence the name pnpm. I think this should list everything good about it. https://refine.dev/blog/pnpm-vs-npm-and-yarn/#migrating-from-npmyarn-to-pnpm

[WikiRik]

I would retire anything under Node 18 for the next major release since those are not supported anymore. If people want we can still support Node 1 but that version already has been unsupported for over 6 months. See https://nodejs.org/en/about/previous-releases

[rubiin]

Yeah that is what I was thinking . Supporting anything below 18 is just not worth it as they are all EOL and every platform(vercel , netlify to name a few) has already dropped them in favor of LTS and current. This would also mean not requiring things like babel or polyfills for backward compatibility as 18+ supports most JS features