Comments (6)
The problem with peerDependencies is that different versions of NPM handle them differently. See https://docs.npmjs.com/cli/v7/configuring-npm/package-json#peerdependencies
In npm versions 3 through 6, peerDependencies were not automatically installed, and would raise a warning if an invalid version of the peer dependency was found in the tree. As of npm v7, peerDependencies are installed by default.
That means depending on the npm version used upstream, peerDependencies might be completely ignored, and therefore not part of the lock file, in which case we should ignore them too, and in other npm versions they are treated as normal dependencies and are part of the lock file, in which case we should install them.
If we want to have a nice UX, we should detect automatically which npm version was used upstream. We could to that by looking at:
- lock file version (version 2 or higher indicates npm version 7 or higher)
engine
field of package.json (might have a minimum version fornpm
)devDependnecies
in package.json (might have a npm version specified)
But some projects won't have a lock file and none of the required fields set in package.json, therefore we still need a flag, allowing the user to manually toggle peer deps on/off.
from dream2nix.
very nice find.
I tried to install the dependency with the lockfile with version 1 and with version 2
the previous snippet was after I updated the lockfile.
Before I updated it, the lockfile looks like
"@sveltejs/vite-plugin-svelte": {
"version": "1.0.0-next.37",
"resolved": "https://registry.npmjs.org/@sveltejs/vite-plugin-svelte/-/vite-plugin-svelte-1.0.0-next.37.tgz",
"integrity": "sha512-EdSXw2rXeOahNrQfMJVZxa/NxZxW1a0TiBI3s+pVxnxU14hEQtnkLtdbTFhnceu22gJpNPFSIJRcIwRBBDQIeA==",
"requires": {
"@rollup/pluginutils": "^4.1.2",
"debug": "^4.3.3",
"kleur": "^4.1.4",
"magic-string": "^0.25.7",
"svelte-hmr": "^0.14.9"
},
"dependencies": {
"debug": {
"version": "4.3.3",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
"integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
"requires": {
"ms": "2.1.2"
}
},
"ms": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
}
}
},
it doesn't even show the dependency, however I get the exact same error.
So in the previous version of npm, the lockfile is just wrong and we have no way to fix this.
This tends to make me think that we shouuldn't worry about npm version and always try to install peerDependencies to be on the safe side (if they are not used, we loose just a bit of space, if they are we prevent mistakes).
If we don't install them, we should have a way to make an override to add a dependency. something like
vite-plugin-svelte = {
add-missing-deps = {
buildInputs = old: old ++ [ self.svelte ];
}
}
(or something like that, I couldn't find a way to manually add a dependency already in the dependency graph).
from dream2nix.
We can't just try to install peerDependencies
by default, because they might not be part of the lock file and then translation will fail.
Though we could install them whenever they are part of the lock file.
You can add dependency edges via the inject
parameter. See an example here:
https://github.com/bobanetwork/boba/blob/b6b200d74e6e90c63ade6180adb1c06585c9b77b/flake.nix#L162-L172
from dream2nix.
very nice secret api!
do they support wildcard ?
at the moment my inject looks like
inject = {
"@sveltejs/vite-plugin-svelte"."1.0.0-next.37" = [
["svelte" "3.46.4"] ["vite" "2.8.4"]
];
"@tiptap/extension-blockquote"."2.0.0-beta.26" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-bold"."2.0.0-beta.26" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-bubble-menu"."2.0.0-beta.55" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-bullet-list"."2.0.0-beta.26" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-code"."2.0.0-beta.26" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-code-block"."2.0.0-beta.37" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-document"."2.0.0-beta.15" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-dropcursor"."2.0.0-beta.25" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-floating-menu"."2.0.0-beta.50" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-gapcursor"."2.0.0-beta.34" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-hard-break"."2.0.0-beta.30" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-heading"."2.0.0-beta.26" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-highlight"."2.0.0-beta.33" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-history"."2.0.0-beta.21" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-horizontal-rule"."2.0.0-beta.31" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-image"."2.0.0-beta.27" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-italic"."2.0.0-beta.26" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-link"."2.0.0-beta.36" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-list-item"."2.0.0-beta.20" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-ordered-list"."2.0.0-beta.27" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-paragraph"."2.0.0-beta.23" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-strike"."2.0.0-beta.27" = [
["@tiptap/core" "2.0.0-beta.174"]
];
"@tiptap/extension-text"."2.0.0-beta.15" = [
["@tiptap/core" "2.0.0-beta.174"]
];
};
wondering if I can do something like
inject = {
# wildcard to match all versions ?
"@tiptap/extension-blockquote"."*" = [
# wildcard to match all versions ? Or perhaps I just don't specify the version ?
["@tiptap/core" "*" ]
# wildcard in the name to match a series of dependencies ?
"@tiptap/extension-*"."*" = [
["@tiptap/core" "*"]
];
};
just wondering about those, no worries if they are not implemented.
from dream2nix.
That API should be improved and documented. The wildcard idea needs to be added as well.
from dream2nix.
I'm sorry, I just noticed that my previous comments on this issue are highly misleading. We are in fact installing exactly the dependencies from the lock file. Dependency resolution already has happened by NPM which created the lock-file, Therefore we cannot and should not do anything regarding the peerDependencies.
The problems you were running into @happysalada are due to the build toolchain not being able to cope with symlinks. This requires either patching the toolchain, or using installMethod=copy
.
With installMethod=copy
+ some fixes in #194, the package builds fine without having to use any injects
from dream2nix.
Related Issues (20)
- Trouble Using Yarn Lockfile (nodejs-package-lock-v3) HOT 6
- Basic Documentation HOT 1
- Setuptools Collision HOT 4
- pip: do not know how to unpack source archive xxxx.whl HOT 1
- Separate the pyEnv and devShell parts of pip module into their own module(s)
- Start shell with dependencies without creating a new flake file HOT 2
- PDM Locking fails if only config.deps.python is set HOT 1
- nodejs: native module compilation failure, need help configuring nativeBuildInputs HOT 3
- Pip installed CLI tool not in PATH HOT 3
- WIP - pdm add spyder # python3.12-pyqt5-5.15.10 - pdm.sourceSelector.<function body> is not of type 'string'. HOT 2
- WIP - pdm - Python version from d2n nixpkgs HOT 1
- [help] usage of multi-derivation-package HOT 1
- Question: Python package with libusb dependency HOT 2
- error: infinite recursion encountered # nix run github:nix-community/dream2nix#__pythonEnv extract-msg HOT 2
- realpath: command not found HOT 1
- How to make the lock building process for python proxy aware?
- Error: attribute 'overrideAttrs' missing when running nodejs-granular-v3 devshell
- bad (null) hash for package from extra pypi index
- Unable to provide nativeBuildInputs to nodejs transitive dependencies
- error: No valid filename found in the list of filenames: - PyQt5_Qt5-5.15.13-py3-none-macosx_10_13_x86_64.whl
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dream2nix.