search

yarnpkg / berry

📦🐈 Active development trunk for Yarn ⚒
https://yarnpkg.com
BSD 2-Clause "Simplified" License
7.35k stars 1.1k forks source link

[Bug?]: yarn does not take into account peerDependenciesMeta.optional for privately published packages #5153

Open ramblingenzyme opened 1 year ago

ramblingenzyme commented 1 year ago

Self-service

Describe the bug

As commented on https://github.com/yarnpkg/berry/issues/4653

This is definitely an issue showing up, but it seems to only be an issue for privately published packages somehow.

    "name": "@easy-agile/scripts",
    "version": "4.0.21",
    ...
    "dependencies": {
        ...
        "license-webpack-plugin": "^4.0.2",
    },
    "devDependencies": {
        ...
        "atlassian-webresource-webpack-plugin": "^5.2.8",
        "crossorigin-webpack-plugin": "^1.0.0",
        "html-webpack-plugin": "^5.5.0",
        "prettier": "^2.2.1",
        "webpack": "^5.74.0",
        "webpack-dev-server": "^4.7.4"
    },
    "peerDependencies": {
        "atlassian-webresource-webpack-plugin": "^5.2.8",
        "crossorigin-webpack-plugin": "^1.0.0",
        "eslint": "^7.12.1",
        "html-webpack-plugin": "^5.5.0",
        "prettier": "^2.1.2",
        "webpack-dev-server": "4"
    },
    "peerDependenciesMeta": {
        "eslint": {
            "optional": true
        },
        "prettier": {
            "optional": true
        },
        "atlassian-webresource-webpack-plugin": {
            "optional": true
        },
        "crossorigin-webpack-plugin": {
            "optional": true
        },
        "html-webpack-plugin": {
            "optional": true
        }
    }
}

And we're getting this in the output.

➤ YN0002: │ something@workspace:. doesn't provide atlassian-webresource-webpack-plugin (p3f480), requested by @easy-agile/scripts
➤ YN0002: │ something@workspace:. doesn't provide crossorigin-webpack-plugin (p6295d), requested by @easy-agile/scripts
➤ YN0002: │ something@workspace:. doesn't provide html-webpack-plugin (p0373d), requested by @easy-agile/scripts
➤ YN0002: │ something@workspace:. doesn't provide webpack-dev-server (paf88a), requested by @easy-agile/scripts

However, these are the dependencies in the root package.json of the workspace

{
    "dependencies": {
        "@changesets/cli": "^2.26.0",
        "@easy-agile/eslint-config": "^2.0.6",
        "@easy-agile/scripts": "^4.0.21",
        "@manypkg/cli": "^0.19.2",
        "eslint": "^8.30.0",
        "husky": "^8.0.2",
        "is-ci": "^3.0.1",
        "jest": "^29.3.1",
        "jest-environment-jsdom": "^29.3.1",
        "lerna": "^6.1.0",
        "lint-staged": "^13.1.0",
        "prettier": "^2.8.1",
        "typescript": "^4.9.4"
    }
}

and @easy-agile/scripts has a dependency on license-webpack-plugin, which has optional peer dependencies on webpack and webpack-sources which are not provided by @easy-agile/scripts nor the root package.json and there is no error message about them not being provided.

So I think this feature is indeed working but only for public packages somehow.

To reproduce

Cannot reproduce this with Sherlock

Environment

System:
    OS: Linux 5.15 Debian GNU/Linux 11 (bullseye) 11 (bullseye)
    CPU: (8) arm64 unknown
  Binaries:
    Node: 18.8.0 - /tmp/xfs-64f72f7c/node
    Yarn: 3.3.0 - /tmp/xfs-64f72f7c/yarn
    npm: 8.18.0 - /usr/bin/npm

Additional context

No response

ramblingenzyme commented 1 year ago

@arcanis could this be looked at? It adds incorrect noise for repos with private dependencies that have optional peer dependencies.

noahnu commented 1 month ago

@ramblingenzyme What package registry are you using? I've noticed GitHub Package Registry strips the peerDependenciesMeta field. Their docs claim they support it so I think this is just a bug on GitHub's side

See: https://github.com/orgs/community/discussions/51104