[BUG] Shared dependencies installs multiple versions of React.

[denchp]

Current Behavior:

We have multiple front ends using a shared component library (CL). The CL uses Storybook, with several add-ons in order to facilitate faster development. The CL has a peer dependency of ^17.0.0 || ^16.14.0 for backwards compatibility with a Storybook add-on. Our front ends also have a dependency (non-peer) on React ^17.0.1 || ^16.14.0 for backwards compatibility with the same storybook packages.

The front ends and CL are in two different workspaces.

When running npm i at the repo level (using workspaces for both the CL and the front-ends) React v16.14.0 is installed at the repo level, and React 17.0.1 is installed in the front-end node_modules. This appears to all be fine - until running the front-end locally, which then results in hook errors being thrown because multiple versions of react are installed:

Edit: I set the front-end to have a specific dependency on 16.14.0 and it still installs a separate version in the front-end\node_modules directory, and so we still get the same hook errors because despite matching versions with the hoisted version - it is still a separate installation.

\root
package.json (defines workspaces for \component-library and \front-ends)
\node_modules
\react (16.14
\component-library
package.json (defines peerDep on react "17 || 16.14", and on storybook - which is dependent on react >=16 based on @emotion/core)
\front-ends
\someFrontEnd
package.json (defines dependency on React "17 || 16.14.0" AND component-library)
\nodu_modules
\react (17.0.1)

Expected Behavior:

Install the 'lowest common denominator' that matches all packages' dependencies.

Environment:

• OS: Win 10
• Node: 15,12
• npm: 7.6.3

[darcyclarke]

What happens when you run:

• npm find-dupes & then npm dedupe?
• npm ls react & npm explain react should also give you a good idea as to why something may be there twice

Another interesting troubleshooting thought would be... are there any package-lock.json files in your workspaces?

[timaiv]

Npm 7.24.2
Reproducible with ethers.js 5.5.1
ethers.js project has specific version dependencis.
"@ethersproject/abstract-provider": "5.5.1",
"@ethersproject/networks": "5.5.0",
in root node_modules npm installs 5.5.2 version of ethersproject/networks package (cuz @ethersproject/abstract-provider has "^" syntax dependencies), and 5.5.0 in ethers subfolders.
npm find-dupes & then npm dedupe resolves (5.5.0 moved to root, 5.5.2 package deleted).
This problem does not reproducible outside workspace.