[Feature] Warn on missing peer dependencies of regular dependencies being provided by dev dependencies

[bgotink]

• [ ] I'd be willing to implement this feature (contributing guide)
• [x] This feature is important to have in this repository; a contrib plugin wouldn't do

Describe the user story

I maintain a couple of libraries of angular components. In the angular ecosystem, peer dependencies are widely used, but for some packages we use dependencies (e.g. tslib, internal packages).

If my project has a workspace with a regular dependency that has a peer dependency, and that peer dependency is provided by a dev dependency of the workspace but not by a peer dependency or regular dependency, yarn doesn't yield any complaints (be it a warning, an error, or even a notice). Yarn does complain when someone tries to consume my package, yielding warnings such as

➤ YN0002: │ @my/package@npm:3.20.7 [b6214] doesn't provide @the-missing/peer-dependency@^3.5.0 requested by @my/packages-dependency@npm:3.20.7

Describe the solution you'd like

I'd like for yarn to warn me in the @my/package workspace when running yarn install that there are peer dependencies that cannot be provided to my package's dependencies by consumers.

Describe the drawbacks of your solution

Describe alternatives you've considered

• Do this in a plugin: that's an extra command to run, we don't require plugins for other peer dependency mistakes
• Make packages automatically inherit any non-fullfilled peer dependency requirements of dependencies as the package's own peer dependencies That's a big change to how packages work, and it would break compatibility with npm/pnpm etc
• Keep the situation as is, with potentially broken packages being deployed without the package author realising it

[eric-burel]

Hey, I think i hit a similar issue (for dev deps or normal deps by the way):

 YN0002: │ @vulcanjs/mongo@npm:0.6.4 [98c6d] doesn't provide react-dom (p727e4), requested by @vulcanjs/permissions
➤ YN0002: │ @vulcanjs/react-hooks@npm:0.6.6-y.15 [1c9ed] doesn't provide apollo-server (p0d867), requested by @vulcanjs/graphql
➤ YN0002: │ @vulcanjs/react-hooks@npm:0.6.6-y.15 [1c9ed] doesn't provide mongodb (p49710), requested by @vulcanjs/mongo
➤ YN0002: │ @vulcanjs/react-hooks@npm:0.6.6-y.15 [1c9ed] doesn't provide mongoose (pf8b57), requested by @vulcanjs/mongo
➤ YN0002: │ @vulcanjs/react-hooks@npm:0.6.6-y.15 [7515e] doesn't provide apollo-server (p43d08), requested by @vulcanjs/graphql
➤ YN0002: │ @vulcanjs/react-hooks@npm:0.6.6-y.15 [7515e] doesn't provide mongodb (pc3192), requested by @vulcanjs/mongo
➤ YN0002: │ @vulcanjs/react-hooks@npm:0.6.6-y.15 [7515e] doesn't provide mongoose (p316c0), requested by @vulcanjs/mongo

So for instance, "vulcan-react-hooks" rely on "vulcan-mongo" package. "vulcan-mongo" as a peer dependency to "mongoose". I expect this dependency to be installed at the application level, to avoid multiple instances.

Basically it looks like this:

# "app" is responsible for installing mongoose. 
# I don't want "react-hooks" to include mongoose even as a peer dependency,
# because that would make it unmaintainable and I use vulcan-mongo only for TypeScript typings

app > vulcan-react-hooks > vulcan-mongo > mongoose

Therefore, "vulcan-react-hooks" should not explicitely depend on "mongoose" and cannot provide this peer dep, it is only an intermediate package and not the app.

I'd like to avoid having to list all peerDeps of sub-dependencies explicitely (so adding "mongoose" as a peer dep of "vulcan-react-hooks"), this wouldn't be sustainable.

Override packageExtensions is equally unmaintainable.

Possible solution: having an inheritPeerDep flag, so that only the top level "package.json" is responsible for setting the peer dependencies correctly, instead of blaming intermediate packages?

My monorepo if you want to test install: https://github.com/VulcanJS/vulcan-npm and starter app based on it: https://github.com/VulcanJS/vulcan-next