-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publishing order should take peerDependencies into account #1437
Publishing order should take peerDependencies into account #1437
Comments
This is also exacerbated by #1018 since Lerna actually explicitly changes the peerDependency to a non-range version. |
It's weird that publish even cares to distinguish between "allDependencies" vs "dependencies" when constructing the graph. Batching "dependencies" merely omits We would need to improve the peerDependencies parsing to recognize local siblings, and I doubt that work would be easy to back-port into the 2.x branch. 3.x will be Notably, since v2.7.0 lerna does not mutate |
I see it as important because it's possible to have dependency cycles that are present when
No problem. Thanks for your work on Lerna :)
Oh cool, great to know. I saw that the issue I linked was still open and assumed it hadn't been tackled yet. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
It appears lerna 3.13.1 doesn't honor peerDependencies for toposort. Is the solution to use peerDependencies in conjunction with devDependencies? |
Running in to this issue as well, using a mono repo with 3 packages (A. B. C) where A is a peerDep (and devDep) of B and C, and B is also a peerDep (and devDep) of C. I can work around this for now by also specifying the packages as optionalDependencies, but would you be open to a PR to add a flag to include devDeps when evaluating the publish hierarchy? At least that way if a user needs the behavior they can opt in. |
@sparebytes Yes, it is a best practice with npm packages (regardless of monorepo or not) to specify @padraig-meaney I agree it's unfortunate that proper peer+dev deps aren't taken into account in (as much as it's tempting to automatically include # equivalent to current behavior
npx lerna publish --graph-type dependencies
# adds devDependencies to the package graph, thus influencing the topological sort
npx lerna publish --graph-type all Configured in lerna.json: {
"command": {
"publish": {
"graphType": "all"
}
},
"packages": [
"packages/*"
],
"version": "independent"
} I'd be very interested in flipping the default in the next major, always adding Reopening to track the work. |
@evocateur that sounds great to me. I may have some free bandwidth in the next 2 weeks to put together a PR for this. |
Allow for configuration of a specific graphType, so that users can opt-in to using devDependencies when building a package graph during publish. Closes lerna#1437.
Allow for configuration of a specific graphType, so that users can opt-in to using devDependencies when building a package graph during publish. Closes lerna#1437.
Currently the package graph ordering is defined in
lerna/core/package-graph/index.js
Line 68 in bd79949
peerDependencies
. This means it is possible to publish a module with apeerDependency
on a specific version that you are publishing at the same time, and the version with the peerDependency may be published before the version that it depends on.Expected Behavior
Ideally the version ranges in the peerDependencies should be validated, and if the range is only satisfied by the version you are just about to publish, it should publish it later, after the dependency is publishes.
Context
Just noticed on Babel that
@babel/cli
was being published before@babel/core
which means there is a period (which on this publish was about 4.5 minutes, since we publish a LOT of packages), where the CLI depends on a non-existent version of@babel/core
because during our beta phase we're using specific non-rangepeerDependencies
. That gets extra dangerous once you take caching registry mirrors into account.Your Environment
lerna --version
npm --version
yarn --version
node --version
The text was updated successfully, but these errors were encountered: