Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pnpm install --prod installs devDependencies #2411

Closed
jbergstroem opened this issue Mar 10, 2020 · 13 comments
Closed

pnpm install --prod installs devDependencies #2411

jbergstroem opened this issue Mar 10, 2020 · 13 comments
Assignees
@zkochan
Labels
area: peers size: XL state: rejected type: breaking change

Comments

@jbergstroem
Copy link

jbergstroem commented Mar 10, 2020
edited

pnpm version:

$ pnpm --version
4.11.5

Code to reproduce the issue:

  • Create a package.json containing something like

    {
  "dependencies": {
    "next": "latest"
  },
  "devDependencies": {
    "typescript": "latest"
  }
}

  • invoke pnpm install --prod

Expected behavior:

Similar to npm:

$ npm install --production
$ dust | grep -m 1 -A 3 typescript
$

Actual behavior:

$ pnpm --help install | grep "\-\-prod"
77:  -P, --prod                                    Packages in `devDependencies` won't be installed
$ pnpm install --prod
Lockfile is up-to-date, resolution step is skipped
Packages: +783
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Resolving: total 783, reused 783, downloaded 0, done
node_modules/.pnpm/registry.npmjs.org/core-js/2.6.11/node_modules/core-js: Running postinstall script, done in 393ms
node_modules/.pnpm/registry.npmjs.org/fsevents/1.2.11/node_modules/fsevents: Running install script, done in 6s

dependencies:
+ next 9.3.0
$ dust | grep -m 1 -A 3 typescript
5:  52M        ├─┬ typescript
6-  52M        │ └─┬ 3.8.3
7-  52M        │   └─┬ node_modules
8:  52M        │     └─┬ typescript
9-  49M        │       └─┬ lib
10- 9.0M        │         ├── tsserverlibrary.js
11- 8.6M        │         ├── tsserver.js
$

Additional information:

$ node -v
v13.10.1
$ uname -a
Darwin jess.local 19.4.0 Darwin Kernel Version 19.4.0: Tue Feb 25 22:28:31 PST 2020; root:xnu-6153.101.5~8/RELEASE_X86_64 x86_64
  • If I remove typescript from devDependencies it doesn't get installed (assuming it would have gotten dragged along as a dependency of next).
  • prune follows suit: 
    $ pnpm prune --prod
Lockfile is up-to-date, resolution step is skipped
Already up-to-date
$ dust | grep -m 1 -A 3 typescript
5:  52M        ├─┬ typescript
6-  52M        │ └─┬ 3.8.3
7-  52M        │   └─┬ node_modules
8:  52M        │     └─┬ typescript
9-  49M        │       └─┬ lib
10- 9.0M        │         ├── tsserverlibrary.js
11- 8.6M        │         ├── tsserver.js
@jbergstroem
Copy link
Author

jbergstroem commented Mar 10, 2020
edited

#2396 looks related? likely not

@zkochan
Copy link
Member

zkochan commented Mar 12, 2020

This happens because typescript is a peer dependency of ts-pnp (a subdependency of next).

I am not sure we can solve this.

@jbergstroem
Copy link
Author

This happens because typescript is a peer dependency of ts-pnp (a subdependency of next).

I was looking at this too but could not figure out why pnpm and yarn/npm chose to treat it differently (ok, did not read code). What is the "correct" way to navigate this then?

@jbergstroem
Copy link
Author

jbergstroem commented Mar 14, 2020
edited

This happens because typescript is a peer dependency of ts-pnp (a subdependency of next).

Looking a bit closer;

  • its set as optional via peerDependenciesMeta
  • typescript is defined in devDependencies

..shouldn't it be evaluated as a peerDependency only if doing an install that should cover devDependencies?

@zkochan
Copy link
Member

zkochan commented Mar 14, 2020

Maybe prod dependencies should never use dev dependencies to resolve their peer dependencies. But that would break a workflow that currently works.

I'd rather leave it as it is. Peer dependencies are too complex currently. Also, npm wants to make some changes to peer dependencies, it wants to autoinstall them again. So I guess this current behavior of pnpm is kind of like that.

@jbergstroem
Copy link
Author

Also, npm wants to make some changes to peer dependencies, it wants to autoinstall them again.

Is there an upstream issue to read up on?

@zkochan
Copy link
Member

zkochan commented Mar 14, 2020

I am personally not happy about it. Peer dependencies are so hard that I'd never touch them again

npm/rfcs#43

@jbergstroem
Copy link
Author

I am personally not happy about it. Peer dependencies are so hard that I'd never touch them again

Long read, but I agree with you.

Maybe prod dependencies should never use dev dependencies to resolve their peer dependencies. But that would break a workflow that currently works.

I couldn't find a reference to production dependencies peeking into devDependencies for resolution though. Is there some other rfc other than the linked one?

@j
Copy link

j commented Mar 26, 2020

I'm also getting typescript when installing @nestjs/graphql which has ts-morph as a devDependency and optionalDependency (not peerDependency). ts-morph has a dependency on typescript, but doing a pnpm prune --prod or production install, it should ignore @nestjs/graphql's devDependencies and optionalDependencies. @zkochan thoughts?

@jbergstroem
Copy link
Author

So, reading the rrfc about opt out for this scenario there seems to be progress on this matter. As I read @isaacs's comment, shouldn't --no-optional in current npm also apply here?

@jlsjonas
Copy link

jlsjonas commented May 27, 2020
edited

I stumbled upon this issue after noticing 404 not found errors for internal devDependencies (rush monorepo), these packages are only ever referenced as devDependency, so it should not error out when trying to pnpm install --production
Edit: looks like this related to #881

@jlsjonas jlsjonas mentioned this issue May 28, 2020
Open
@zkochan zkochan mentioned this issue Jul 26, 2020
Closed
@zkochan zkochan added this to the v6.0 milestone Feb 27, 2021
@zkochan zkochan self-assigned this Feb 27, 2021
@zkochan zkochan removed this from the v6.0 milestone Feb 27, 2021
@zkochan
Copy link
Member

zkochan commented Feb 27, 2021

I am not sure it is worth fixing. There are too many edge cases.

Let's assume there is bar that has foo as a peer dependency. In the following case, bar will resolve its peer depenendency both from a prod foo and a dev foo:

prod
+bar
+qar
  +foo
  +bar

dev
+ foo

It is impossible to solve this problem in a way that will satisfy all use cases.

If you really don't want foo to be linked into bar, I would recommend to remove foo from the peer depenendecies of bar, using a pnpmfile hook

@jbergstroem
Copy link
Author

jbergstroem commented Feb 28, 2021
edited

If you really don't want foo to be linked into bar, I would recommend to remove foo from the peer depenendecies of bar, using a pnpmfile hook

For others (hello, google) wanting to do the same - here's the relevant documentation.

@zkochan zkochan closed this as completed Feb 28, 2021
@steffen-4s1 steffen-4s1 mentioned this issue Mar 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zkochan zkochan

Labels
area: peers size: XL state: rejected type: breaking change
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jbergstroem @j @jlsjonas @zkochan