-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
acceptDependencies package.json field #72
Conversation
This treats any dep ranges in the acceptDependencies field as an acceptable alternative for any dependency range specified elsewhere in the package manifest. Implementation of npm/rfcs#72
Note: this is now implemented in @npmcli/arborist, more or less as described in the draft RFC, as of npm/arborist@705578d
I think the answer here is that they'll just serve as alternative version specifiers that are also valid resolutions. There's no need for them to be semver ranges per se. It's perfectly fine to say "I want it fetched from this URL if necessary, but this other URL is also fine if present."
This is indeed tricky, but I think the peer dep resolution implied by #43 will avoid the worst of it, making it merely sub-optimal rather than an actual footgun. Let's say you depend on
Case (2) is already problematic: the peer dep would be unsatisfied, and npm v7 won't let that happen by default. So, it's highly unlikely that a user will find themselves in that situation. Case (1) will result (today) in the It would be nice if the tree resolver could note that the peer dep would be acceptable to one of the acceptable versions of your The third case is that All in all, I like how simple this is now, and I'm perfectly comfortable punting on the hard bits imagined in this question.
Currently they're just ignored.
That feels like overreaching for this, I think. There's already |
So, this is implemented in arborist, and status quo will be for it to make its way into npm 7.x. It seems pretty uncontroversial, but adding it to the agenda for us to at least officially say so in the RFC meeting. |
Should I plan to join the RFC meeting? If so do you know when it is scheduled? |
What / Why
Make it possible for modules that support node.js 0.1 to accept the latest version of dependencies regardless of the minimum node.js it requires. I know this could use some more details especially about handling of
peerDependencies
, I wanted to post what I have so we have something concrete to base discussion around.References