Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External dependencies that has packageExtensions to depend on internal dependencies causes lockfile to always unable to be frozen #5018

Open
kenrick95 opened this issue Jul 12, 2022 · 2 comments
Open

External dependencies that has packageExtensions to depend on internal dependencies causes lockfile to always unable to be frozen #5018

kenrick95 opened this issue Jul 12, 2022 · 2 comments
Labels
type: bug

Comments

@kenrick95
Copy link
Member

kenrick95 commented Jul 12, 2022
edited

pnpm version: 7.5.1

Code to reproduce the issue:

In this repo: https://github.com/kenrick95/pnpm-testing-repro-peers-issue using PNPM which has #4776 implemented causes pnpm install --frozen-lockfileto always fail regardless if pnpm install has been executed before.

This seems to be caused by #4776 since I managed to reproduce the issue even in 6.32.18+ (6.32.16-6.32.17 are not usable due to #4796). This issue didn't happen at 6.32.15.

The issue seem to go away if I set auto-install-peers = false

One symptom that I find is that, in the lockfile, I see entries like

importers:
  /package/something:
    specifiers:
      pkg-a: 'workspace: ^'
      pkg-b: 'workspace: ^'
      pkg-c: '' // <-- just empty string here ???
      pkg-d: 'workspace: ^'

This seem related to packageExtensions where it injects "dependencies" of internal packages to an external package.

In that repro https://github.com/kenrick95/pnpm-testing-repro-peers-issue

@kenrick95/external-depend-on-internal has peerDep + devDep to @kenrick95/internal-a, @kenrick95/internal-b, @kenrick95/internal-c, @kenrick95/internal-d

At root package.json, the packageExtensions set this:

  "pnpm": {
    "packageExtensions": {
      "@kenrick95/external-depend-on-internal": {
        "dependencies": {
          "@kenrick95/internal-a": "*",
          "@kenrick95/internal-b": "*",
          "@kenrick95/internal-c": "*",
          "@kenrick95/internal-d": "*",
          "@kenrick95/internal-e": "*"
        }
      }
    }
  },

This is used at packages/e/package.json:

{
  "name": "@kenrick95/internal-e",
  "version": "1.0.0",
  "publishConfig": {
    "registry": "https://registry.npmjs.org/",
    "access": "public"
  },
  "dependencies": {
    "@kenrick95/external-depend-on-internal": "^1.0.0"
  }
}

The resulting lockfile looks like

  packages/e:
    specifiers:
      '@kenrick95/external-depend-on-internal': ^1.0.0
      '@kenrick95/internal-a': ''
      '@kenrick95/internal-b': ''
      '@kenrick95/internal-c': ''
      '@kenrick95/internal-d': ''
    dependencies:
      '@kenrick95/external-depend-on-internal': 1.0.0_react@16.11.0+redux@4.2.0

This causes pnpm's packages/lockfile-utils/src/satisfiesPackageManifest.ts's following block to always return false:

if (!equals({ ...pkg.devDependencies, ...pkg.dependencies, ...pkg.optionalDependencies }, importer.specifiers)) {
   // at packages/e, "importer.specifiers" object does not have "@kenrick95/internal-a", "@kenrick95/internal-b", "@kenrick95/internal-c", "@kenrick95/internal-d"
    return false
  }

Expected behavior:

pnpm install --frozen-lockfile should not fail

Actual behavior:

pnpm install --frozen-lockfile always fail regardless how many times pnpm install is executed

Additional information:

  • node -v prints: 14.19.3
  • Windows, macOS, or Linux?: macOS & Linux
@kenrick95
Copy link
Member Author

kenrick95 commented Jul 13, 2022
edited

(edit: updated issue body instead)

@kenrick95 kenrick95 changed the title Behavior of install is inconsistent with and without --filter External dependencies that depends on internal dependencies causes lockfile to always unable to be frozen Jul 13, 2022
@kenrick95 kenrick95 changed the title External dependencies that depends on internal dependencies causes lockfile to always unable to be frozen External dependencies that has packageExtensions to depend on internal dependencies causes lockfile to always unable to be frozen Jul 13, 2022
@valerybugakov
Copy link

We bumped into the same issue recently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kenrick95 @valerybugakov