-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing peer dependency: ajv@>=5.0.3-beta.0 #1344
Comments
I have the same problem with electron-builder 15.2.0. Versions:
I'm running on Ubuntu 16.10, targeting Windows and Linux. This is what happens when I attempt to install:
Here is my package.json file:
As a workaround I can get it to work if I include the following line in my package.json devDependencies:
However, I don't think I should have to include stuff in my package.json file for dependencies of dependencies of my dependencies. |
I'm still seeing this when installing electron-builder 15.3.0:
Npm shrinkwrap also fails hard on missing
|
It is just warning and doesn't lead to any issue. I will check again. |
Yes, to be fair nothing seemed to be busted. At least on macOS Builds in my tests. |
The remaining problem is not the warning on Steps to reproduce: Interestingly it is only reproducible if |
Why not use yarn :)? |
Because I'm from 2016 :) |
I've encountered the same issue on Ubuntu 16.04 building a very simple electron app.
|
We are not going to switch to stable ajv from beta. It is just a warning. Consider to use yarn if you want to get more clear warnings messages. ajv-validator/ajv-keywords#8 |
How does |
|
@develar While I disagree with it, I respect your opinion. Cheers! Do you have any resources on "npm shrinkwrap's brokenness by design"? I'd like to learn more about this... |
We just started using shrinkwrap at work for a project. Do you know any good writing or articles that expand on this? Would be nice to learn from others mistakes than learn for ourselves. |
@salomvary If you insist and don't want to use yarn — I can use stable version of ajv to make npm happy. Should I? Or you can migrate to yarn? |
@bcomnes @salomvary Please see https://code.facebook.com/posts/1840075619545360 "Attempts at scaling the npm client" npm/npm#5135 shrinkwrap simply doesn't support peer dependencies. I strongly suggest to not use npm and use yarn. |
Thanks for the articles. Will read. I don't have a strong opinion at this point. |
Yeach... if you will insist, I will just copy ajv-keywords into project or republish as npm module. @epoberezkin Are you aware of this issue?
So, are you really want to use *** npm or you can migrate to reliable, fast and predictable yarn? |
@develar No, I do not insist. I'm not working on anything critical that depends on electron-builder and npm shrinkwrap working together. The purpose of my comments was to understand the situation and provide feedback. |
@salomvary Ok. If it will leads to some issues for you — feel free to ping me to republish |
@develar Cool, thanks a lot! |
I think I see what is happening now. If my only dev dependency is electron-builder, then everything works -- no warnings. no errors. However, if I add a dev dependency that has a dependency on ajv (stable version), then I get an npm warning during install, and an ERR! during an npm list (this is probably what happens during a shrinking wrap as well, although that's not something I use). Examining the node_modules folder hierarchy, I see that npm puts the stable ajv at the top level. It also puts the beta ajv-keywords (which has ajv as its peer dependency) at the top level. The beta ajv (peer dependency of ajv) is placed below electron-builder further down in the hierarchy. So when an npm list command is scanning the node_modules hierarchy, it comes across ajv-keywords and complains because, at this point, the only version of ajv it has encountered is the stable version. The beta ajv isn't encountered until later. I don't believe npm is behaving sensibly in this case. If the stable ajv is at the top of the hierarchy, then both ajv beta and ajv-keywords beta should be placed below electron-builder so as not to interfere with anything that uses the stable version. Alternatively, it could put both ajv beta and ajv-keywords beta at the top of the hierarchy, and place the stable ajv below the electron dependency that requires it. <--- This is what Yarn does! I'm new to npm, but my guess at this point is that the problem lies with npm, possibly related to npm/npm#5135 as it pertains to peer dependencies, npm list, and perhaps the way beta dependencies are handled differently from stable dependencies. I don't see that electron-builder, or ajv/ajv-keywords are doing anything wrong. The workarounds from my end are to either include the requisite ajv beta package in my devDependencies, or to use the yarn. In the first case, I have to keep up with a dependency of a dependency, which defeats the whole purpose of having a dependency manager. In the second case, I'd have to specify that anyone building my program build it with yarn rather than npm to avoid npm warnings and errors. Some users may not be willing or ready to switch to another package manager. I don't know if there's a better way. |
@belltown I believe that you should use yarn. Also, since you build electron app, you can get a lot of benefits of NPM is dead. Really. Do not use npm. It is only several seconds to install yarn. Several seconds that will save A LOT OF your and your contributors hours. Do not use npm. Use yarn (and do not forget to commit lockfile). Disagree? Ook, electron-builder is not going to teach you or force to use some tool. I can republish/integrate ajv-keywords if you really want to use broken, slow and buggy npm. |
Thanks for taking the time to respond, @develar. From what I've seen so far, yarn is far superior to npm, and I've started using it successfully. As I said, I don't think anything is "broken" in either electron-builder or ajv, etc. Rather, it seems like the issue is with the way npm works (or doesn't) in certain situations. I'll change my build script to use yarn, and add a note to my build documentation that yarn is recommended, but can be changed to npm as long as npm peer dependency errors are resolved by adding to devDependencies (or ignored). I think that is the best way. I was just trying to avoid imposing a yarn recommendation on others who didn't want to use it, but I totally understand and agree with your points. |
I've published updated version of ajv-keywords, is there still a problem? |
@epoberezkin it fixes warn in case of yarn (thanks), but npm in any case are not happy because buggy. |
@develar npm works fine for me. I'm glad yarn works well for you. |
@epoberezkin "if I add a dev dependency that has a dependency on ajv (stable version), then I get an npm warning during install, and an ERR! during an npm list " Issue is that npm doesn't handle situation where there are several versions of ajv. |
@develar I think it gets fixed if you delete node_modules folder and then If I am correct, then it seems like an edge case to me rather than a bug. |
In my testing, I always ran:
The error still happened, even with the deletion of node_modules and the npm cache. Here's what I had in devDependencies:
Note, there is no problem if I remove electron from devDependencies. However, there is a use of ajv stable beneath electron: (electron->electron-download->nugget->request->har-validator->ajv). When npm installs, it puts the stable ajv at the top-level of node_modules, along with the beta ajv-keywords. The beta ajv is placed below electron-builder in the tree. I think 'npm list' gives an error because when it encounters the beta ajv-keywords at the top-level node_modules, it only sees the stable ajv at that point, not it's beta peer dependency. It works with yarn because yarn places both ajv beta and ajv-keywords beta at the top of node_modules, and the stable ajv below the electron dependency that needs it (har-validator). All this stuff is new to me, but I'm guessing it's a problem with how npm works, rather than the way electron-builder or ajv/ajv-keywords are specifying their dependencies. I'm using yarn now and everything seems better now, but yes npm still shows 'WARN' on npm install and 'ERR!' on npm list. |
The issue seem to exist in 4.x versions of npm (flat node_modules, bundled with node 6-7), not in 2.x (tree node_modules, bundled with node 4). Probably worth filing issue to npm. The warning is only advisory though, and it doesn't affect code execution - electron-builder uses new ajv and new ajv-keywords, but because the latter is install to the root, |
On another hand, they can argue that this warning should be present to show versions inconsistency and to advise you not to use ajv-keywords in your app directly, without installing the compatible version? Inside dependencies it all works correctly though, as I wrote. |
@epoberezkin. That's what I thought. I figured it had something to do with the changes npm made going from version 2 to 3 in which they use a different node_modules structure, and no longer automatically install peerDependencies like they used to. What I found odd was that electron-builder does include both ajv beta and ajv-keywords beta as dependencies, yet a package that uses electron-builder as well as some other package that uses ajv stable, reports an error (not warning), with npm list. Thanks for looking into this. I don't have the time or interest to follow this though with npm. I'm happy with what I'm doing now. Thanks for looking into this. |
And you should not. Your node_modules should be as small as possible to reduce distributable app size. And only yarn can guarantee it (yarnpkg/yarn#2676). |
I solved it by installing peer dependencies manually and it worked for me! |
A recent version of electron-builder (^15.1.1) started logging peer dependency warnings on install:
The text was updated successfully, but these errors were encountered: