Install size of node_modules increased in v3.565.0

[trivikr]

Describe the feature

Install size of node_modules increased in v3.565.0

Use Case

At the time of running the test, the latest version of the SDK is v3.568.0

Versions

$ node -v
v20.12.2

$ npm -v
10.5.0

v3.564.0

$ npm init -y && npm install @aws-sdk/[email protected] --save-exact

$ du -sh node_modules 
 17M    node_modules

v3.565.0

$ npm init -y && npm install @aws-sdk/[email protected] --save-exact

$ du -sh node_modules                                                     
 23M    node_modules

v3.568.0

$ npm init -y && npm install @aws-sdk/[email protected] --save-exact

$ du -sh node_modules                                                     
 17M    node_modules

Proposed Solution

The install size increases in v3.565.0, since npm installs peerDependencies by default and it installs the latest version at the time of running the install in absence of lockfile. In v3.565.0, we switched to using caret for all peerDependencies in #6031 which caused this issue.

To unblock users on package managers which do not install peerDepdendencies by default, like yarn, we added direct dependency of exact client version in #6055. We can similar use exact version of client as a peerDependency in credential providers.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

SDK version used

v3.564.0

Environment details (OS name and version, etc.)

Node.js

[trivikr]

Re-opening, since https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.570.0 didn't release new versions of the following packages:

• credential-provider-ini
• credential-provider-web-identity
• token-providers

This is likely due to some issue in internal publish script, and needs investigation.

[trivikr]

An update to @aws-sdk/credential-provider-ini was released in https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.572.0, and I verified that it depends on fix version of the client

$ npm install @aws-sdk/[email protected] --save-exact

$ grep -A 2 peerDependencies node_modules/@aws-sdk/credential-provider-ini/package.json
  "peerDependencies": {
    "@aws-sdk/client-sts": "3.572.0"
  },

[trivikr]

This problem should not exist since https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.569.0 as we add clients used in credential providers as direct dependency in #6055

At the time of running the test, the latest version of the SDK is v3.576.0

v3.569.0

$ npm init -y && npm install @aws-sdk/[email protected] --save-exact

$ du -sh node_modules 
 17M    node_modules
 
$ npm ls @aws-sdk/client-sts
[email protected] /Users/trivikr/workspace/test-npm
└─┬ @aws-sdk/[email protected]
  ├─┬ @aws-sdk/[email protected]
  │ └── @aws-sdk/[email protected] deduped
  ├── @aws-sdk/[email protected]
  └─┬ @aws-sdk/[email protected]
    ├─┬ @aws-sdk/[email protected]
    │ └── @aws-sdk/[email protected] deduped
    └─┬ @aws-sdk/[email protected]
      └── @aws-sdk/[email protected] deduped

$ grep peerDependencies -A 2 node_modules/@aws-sdk/credential-provider-ini/package.json 
  "peerDependencies": {
    "@aws-sdk/client-sts": "^3.568.0"
  },
  
 $ npm view @aws-sdk/client-sts versions | tail -n3
  '3.569.0',        '3.572.0',        '3.574.0',        '3.575.0',
  '3.576.0'
]

Although credential-provider-ini requests the latest version of client-sts, it's resolved to v3.569.0 because of direct dependency from client-dynamodb.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.