[BUG] installing a dependency in a package with a peer dependency changes the peerDependencies field

[targos]

Current Behavior:

If you have a package with something in peerDependencies and then install that something in the same package as a devDependency, the peerDependencies field is changed and the dependency is added to package.json, but it inherits the semver string that the peer dependency had.

Expected Behavior:

Installing a dev dependency should do the same change to the package.json, whether that dependency is already in peerDependencies or not.

Steps To Reproduce:

echo '{ "peerDependencies": { "typescript": "*" } }' > package.json
npm i -D typescript
cat package.json

{"peerDependencies":{"typescript":"^4.1.5"},"devDependencies":{"typescript":"*"}}

Environment:

• OS: macOS
• Node: 15.8.0
• npm: 7.5.4

[ljharb]

npm warns when moving a dep between dev and prod; I’d hope if you attempt to install a dev dep and a peer dep exists, that it at least informed you of that.

[nlf]

as mentioned, we print a warning when this happens. in addition to that we've made some improvements to how peer dependencies are added and saved that i believe should address this problem.

[targos]

I tried again with npm 7.9.0 and no warning is printed. I'd like this issue to be reopen because nothing has changed since I opened it.

[targos]

Reopened at #3096