Wrong dependencies calculation during builds

[gperdomor]

I have a project with many lib packages, I'm using the updateBuildableProjectDepsInPackageJson(which is enabled by default) to generate the package json of my libs but I notice some weird behavior

Current Behavior

Lib core imports some package, let's say @actions/exec, I build this library and the package.json inside dist/core directory is something like this:

{
  "name": "@sample/core",
  "version": "0.0.1",
  "type": "commonjs",
  "main": "./src/index.js",
  "typings": "./src/index.d.ts",
  "dependencies": {
    "@actions/exec": "1.1.1"
  },
  "peerDependencies": {}
}

which is fine...

Also, I have a second libe, let's say lib1 which depends on core and do something... I build this library and the package.json inside dist/core directory is something like this:

{
  "name": "@sample/lib1",
  "version": "0.0.1",
  "type": "commonjs",
  "main": "./src/index.js",
  "typings": "./src/index.d.ts",
  "dependencies": {
    "@sample/core": "0.0.1",
    "@actions/exec": "1.1.1"
  },
  "peerDependencies": {}
}

but @actions/exec is not imported in lib1 and is a dependency of core

If I have a third lib which import core and lib1, this lib will have all deps from core and lib1 in their package.json after I build it

Expected Behavior

Only @sample/coremust be present in the package.json of lib1

Steps to Reproduce

Use this repo https://github.com/gperdomor/nx-sample-buildable-bug

Failure Logs

N/A

Environment

NX Report complete - copy this into the issue template

Node : 16.15.0
OS : darwin x64
npm : 8.9.0

nx : 14.1.4
@nrwl/angular : Not Found
@nrwl/cypress : Not Found
@nrwl/detox : Not Found
@nrwl/devkit : 14.1.4
@nrwl/eslint-plugin-nx : 14.1.4
@nrwl/express : Not Found
@nrwl/jest : 14.1.4
@nrwl/js : 14.1.4
@nrwl/linter : 14.1.4
@nrwl/nest : Not Found
@nrwl/next : Not Found
@nrwl/node : Not Found
@nrwl/nx-cloud : Not Found
@nrwl/nx-plugin : Not Found
@nrwl/react : Not Found
@nrwl/react-native : Not Found
@nrwl/schematics : Not Found
@nrwl/storybook : Not Found
@nrwl/web : Not Found
@nrwl/workspace : 14.1.4
typescript : 4.6.4
rxjs : 6.6.7

Community plugins:

[github-actions]

This issue has been automatically marked as stale because it hasn't had any recent activity. It will be closed in 14 days if no further activity occurs.
If we missed this issue please reply to keep it active.
Thanks for being a part of the Nx community! 🙏

[gperdomor]

not stale

[JosefBredereck]

I experience the same problem, and I'm on the search for a solution since hours.
In my case, the issue is even worse, since there is not only one but 12 dependent dependencies included from the referenced workspace package, which also includes another workspace package.

So, I have:
@some/lib1:

{
  "dependencies": {
    "@some/lib2": "version"
  }
}

@some/lib2:

{
  "dependencies": {
    "@some/lib3": "version",
    "random-package1": "version",
    "random-package2": "version",
    "random-package3": "version"
  }
}

@some/lib3:

{
  "dependencies": {
    "random-sub-package1": "version",
    "random-sub-package2": "version",
    "random-sub-package3": "version"
  }
}

When I now run npx nx run lib1:build the generated package.json includes all the dependencies and looks like the following.

{
  "peerDependencies": {
    "@some/lib2": "version",
    "@some/lib3": "version",
    "random-package1": "version",
    "random-package2": "version",
    "random-package3": "version",
    "random-sub-package1": "version",
    "random-sub-package2": "version",
    "random-sub-package3": "version"
  }
}

In my point of view, it should be sufficient to include @some/lib2 as dependency. The other dependencies should be loaded automatically.

I found a PR which seems to go in that direction if I do interpret the logic wrong: #10595

[JosefBredereck]

I looked a bit more into #10595 the code is not used in the package @nrwl/js.

[JosefBredereck]

A solution was implemented in #10600, but rolled back and tried in a second attempt in #12857.
The shallow property was introduced in #9297 and is only used by rollup right now (but seems not to work anymore #17660).

The issue is also mentioned in older issues like #8096 #8640 #8641 #9371 where similar stuff is mentioned.
And in newer ones: #11293
Remotely related (maybe): #9194

[ajwootto]

@JosefBredereck that's a really helpful list, there also appears to be a new issue with this system which I've reported here
#17758

[FrozenPandaz]

We've deprecated and removed updateBuildableProjectDepsInPackageJson.

The new recommended approach is to manage the dependencies with the help of a lint rule called: dependency-checks-rule
You can learn more about the rule here: https://nx.dev/nx-api/eslint-plugin/documents/dependency-checks#dependency-checks-rule

[ajwootto]

@FrozenPandaz is it documented anywhere that this is the case, aside from the lint plugin docs? The main docs site doesn't seem to mention it, and still references the previous approach on the page about dependency management
https://nx.dev/concepts/more-concepts/dependency-management#single-version-policy

[github-actions]

This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.