[BUG] Multiple related packages install fail due to wrong peerDependencies resolution

[sarunint]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Reopening #3171 (cc @cyrilletuzi)

(The content below is modified from #3171)

When having multiple packages relying on each others having the exact same version, trying to update them all via npm install fails when there is another package which loosely rely on them via "peerDependencies": "^x.x.x", due to npm7 erroneous resolution.

Real world example: Angular core packages are supposed to be installed with the exact same version, so for example @angular/common@12.1.1 has "peerDependencies": { "@angular/core": "12.1.1" } (note the exact version).

Until now everything is fine. You can update all versions to 12.2.1 in package.json, run npm install and it works.

But now add another package which relies on one of the core packages, for example @angular-devkit/build-angular@11.2.9 has a "peerDependencies": { "@angular/compiler-cli": "^11.0.0 || ^12.0.0-next" }.

Now if you update all versions to 11.2.10 in package.json and run npm install, it fails.

(The striketrough text issue has been solved in npm@7.20.3, as stated in #3171 (comment).)

This time, there are two more dependencies that become related in this, namely:

• @angular/animations@12.1.1. Similar to @angular/common@12.1.1, this package has "peerDependencies": { "@angular/core": "12.1.1" }
• ngx-clipboard@14.0.1, which is a clipboard library for Angular. This one has the following:

"peerDependencies": {
    "@angular/common": ">=10.0.0",
    "@angular/core": ">=10.0.0"
}

If you modify all 12.1.1 versions to 12.2.2 and run npm install, I get the following error:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: npm-test@0.0.0
npm ERR! Found: @angular/animations@12.1.1
npm ERR! node_modules/@angular/animations
npm ERR!   @angular/animations@"12.2.2" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! @angular/animations@"12.2.2" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: @angular/core@12.2.2
npm ERR! node_modules/@angular/core
npm ERR!   peer @angular/core@"12.2.2" from @angular/animations@12.2.2
npm ERR!   node_modules/@angular/animations
npm ERR!     @angular/animations@"12.2.2" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /home/sarunint/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/sarunint/.npm/_logs/2021-08-19T20_20_01_099Z-debug.log

I've created test packages to try to debug this issue, and published them to my GitLab registry.

I also discovered that the order of the package names does matter, surprisingly! As you can see with my test packages, I've dedicated package-4 to ngx-clipboard in the above example, and package-{1,2,3} to 3 @angular/* packages, with all 6 permutations (order-{a,b,c,d,e,f}). It turns out that only permutation d and f does reproduce the issue.

Expected Behavior

npm install should work, as versions are correct and peerDependencies are respected.

Steps To Reproduce

1. mkdir npmissue
2. cd npmissue
3. echo "@sarunint:registry=https://gitlab.com/api/v4/projects/28910102/packages/npm/" > .npmrc
4. npm init -y
5. npm install -E @sarunint/order-f-package-1@1.0.0 @sarunint/order-f-package-2@1.0.0 @sarunint/order-f-package-3@1.0.0 @sarunint/order-f-package-4@1.0.0
6. Replace 1.0.0 with 1.0.1 for only first 3 packages.
7. npm install: should fail with following error:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: npmissue@1.0.0
npm ERR! Found: @sarunint/order-f-package-1@1.0.0
npm ERR! node_modules/@sarunint/order-f-package-1
npm ERR!   @sarunint/order-f-package-1@"1.0.1" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! @sarunint/order-f-package-1@"1.0.1" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: @sarunint/order-f-package-3@1.0.1
npm ERR! node_modules/@sarunint/order-f-package-3
npm ERR!   peer @sarunint/order-f-package-3@"1.0.1" from @sarunint/order-f-package-1@1.0.1
npm ERR!   node_modules/@sarunint/order-f-package-1
npm ERR!     @sarunint/order-f-package-1@"1.0.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /home/sarunint/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/sarunint/.npm/_logs/2021-08-19T19_47_04_754Z-debug.log

(You can try replace order-f with other variants. Only order-d and order-f will reproduce the issue.)

Environment

• OS: Arch
• Node: 14.17.5
• npm: 7.21.0

[KristenLeach]

I've updated npm to 7.23.0 and I am still seeing this error. Are there any updates?

[brandones]

The error is still present on 7.24.2. @sarunint 's reproduction is very easy to understand once you look at the code in the repository: https://gitlab.com/sarunint/npm-dependency-bug . Here's a diagram:

[OrangeDog]

I don't know if this is the same issue, but I appear to have a peer version of "*" being expanded into "0.0.0" and then failing?

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @angular-eslint/eslint-plugin@2.1.1
npm ERR! Found: eslint-plugin-jsdoc@36.1.0
npm ERR! node_modules/eslint-plugin-jsdoc
npm ERR!   dev eslint-plugin-jsdoc@"^36.1.0" from the root project
npm ERR!   peer eslint-plugin-jsdoc@"*" from @angular-eslint/eslint-plugin@2.1.1
npm ERR!   node_modules/@angular-eslint/eslint-plugin
npm ERR!     dev @angular-eslint/eslint-plugin@"^2.1.1" from the root project
npm ERR!     @angular-eslint/eslint-plugin@"2.1.1" from @angular-eslint/schematics@2.1.1
npm ERR!     node_modules/@angular-eslint/schematics
npm ERR!       dev @angular-eslint/schematics@"^2.1.1" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer eslint-plugin-jsdoc@"*" from @angular-eslint/eslint-plugin@2.1.1
npm ERR! node_modules/@angular-eslint/eslint-plugin
npm ERR!   dev @angular-eslint/eslint-plugin@"^2.1.1" from the root project
npm ERR!   @angular-eslint/eslint-plugin@"2.1.1" from @angular-eslint/schematics@2.1.1
npm ERR!   node_modules/@angular-eslint/schematics
npm ERR!     dev @angular-eslint/schematics@"^2.1.1" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: eslint-plugin-jsdoc@0.0.0
npm ERR! node_modules/eslint-plugin-jsdoc
npm ERR!   peer eslint-plugin-jsdoc@"*" from @angular-eslint/eslint-plugin@2.1.1
npm ERR!   node_modules/@angular-eslint/eslint-plugin
npm ERR!     dev @angular-eslint/eslint-plugin@"^2.1.1" from the root project
npm ERR!     @angular-eslint/eslint-plugin@"2.1.1" from @angular-eslint/schematics@2.1.1
npm ERR!     node_modules/@angular-eslint/schematics
npm ERR!       dev @angular-eslint/schematics@"^2.1.1" from the root project

[lukekarrys]

Thanks for the thorough repro and explanation! This is definitely a bug, since it's a case npm should be able to resolve.

Another interesting thing I found when debugging this is that if I run the problematic install command with --force I get an identical package-lock.json as I get if I install them all at the same time. I'm going to dig into making this a test case in arborist so we can get this fixed.

echo "@sarunint:registry=https://gitlab.com/api/v4/projects/28910102/packages/npm/" > .npmrc

# reset everything
rm -rf node_modules/ package-lock.json package.json
npm init -y

# install the end result we want directly, this works
npm install -E @sarunint/order-f-package-1@1.0.1 @sarunint/order-f-package-2@1.0.1 @sarunint/order-f-package-3@1.0.1 @sarunint/order-f-package-4@1.0.0 --loglevel silly
cp package-lock.json this-was-successful.json

# reset everything again
rm -rf node_modules/ package-lock.json package.json
npm init -y

# install all 1.0.0
npm install -E @sarunint/order-f-package-1@1.0.0 @sarunint/order-f-package-2@1.0.0 @sarunint/order-f-package-3@1.0.0 @sarunint/order-f-package-4@1.0.0 --loglevel silly
# then install packages 1,2,3@1.0.1, but with force
npm install -E @sarunint/order-f-package-1@1.0.1 @sarunint/order-f-package-2@1.0.1 @sarunint/order-f-package-3@1.0.1 --force --loglevel silly
cp package-lock.json force.json

cmp this-was-successful.json force.json
# shows 0 since files are identical
echo $?

[OrangeDog]

And another, when attempting npm dedupe:

npm ERR! Conflicting peer dependency: typescript@4.4.3
npm ERR! node_modules/typescript
npm ERR!   peer typescript@"*" from @angular-eslint/builder@4.3.0
npm ERR!   node_modules/@angular-eslint/builder
npm ERR!     dev @angular-eslint/builder@"^4.3.0" from the root project

[jpage-godaddy]

Similar for me. There's a package def with a * version for jkl in peerDependencies, and despite the fact that a newer version of jkl is installed, the peerDependencies for the very earliest publish of jkl are being demanded. This is in npm@8.1.3.

» npm audit fix

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: my-app@0.1.0
npm ERR! Found: react-intl@4.7.6
npm ERR! node_modules/react-intl
npm ERR!   peer react-intl@"^4.5.3" from abc@2102.0.4
npm ERR!   node_modules/abc
npm ERR!     peer abc@">=2002.0.0" from def@4.18.4
npm ERR!     node_modules/def
npm ERR!       def@"^4.18.0" from the root project
npm ERR!       1 more (ghi)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react-intl@"^2.8.0" from jkl@2000.7.21
npm ERR! node_modules/jkl
npm ERR!   peer jkl@"*" from def@4.18.4
npm ERR!   node_modules/def
npm ERR!     def@"^4.18.0" from the root project
npm ERR!     1 more (ghi)

» npm ls jkl

my-app@0.1.0 /home/foo
└─┬ def@4.18.4
  └── jkl@2102.0.4

[TrevorKarjanis]

There are additional upstream reports with a similar failure in issues 21204 and 22365. This issue seems to be the closest I can find if they are indeed issues with npm. This time it errors reconciling @angular/compiler-cli@13.1.0 with @angular/compiler-cli@"^13.0.0 || ^13.1.0-next".

[e1himself]

I believe the issue I've reported here might be related too: #4104

[kolkov]

angular/angular#44959 one more related issue.
Can't update to 13.2.1 from 13.1.3 with Conflicting peer dependency: @angular/core@13.2.1

[haskelcurry]

Hi, any updates on this?

[cklogs]

Hi there,

This issue is still affecting Angular users. Can we perhaps get a status update?

[XhmikosR]

@lukekarrys did you have a chance to dig into this? It indeed affects angular and that's a lot of users. Would be nice if this was fixed. Using the npm version that ships with Node.js 16 LTS:

C:\Users\xmr\Desktop\repo>node -v && npm -v
v16.15.0
8.5.5

[vugar005]

@cklogs @XhmikosR . For now, we can use --force flag. For example: npx @angular/cli@13 update @angular/core@13 @angular/cli@13 --force

[BojanKogoj]

We used --legacy-peer-deps (as suggested in error message) and it works this way for now.

[Weerasinghe066]

I got that error when upgrading to angular version from 11 to version 12.
I changed the npm and node version and that's worked for me.
npm version - 6.14.16
node version - 12.22.12

[fspreck-indiscale]

The same happens with react@"^18.2.0" and "@testing-library/react": "^14.0.0":

npm ERR! Conflicting peer dependency: react@18.2.0
npm ERR! node_modules/react
npm ERR!   peer react@"^18.0.0" from @testing-library/react@14.0.0
npm ERR!   node_modules/@testing-library/react
npm ERR!     dev @testing-library/react@"^14.0.0" from the root project

npm: 9.6.6
node: v19.9.0

[silvenon]

The same issue is happening with npm v10.5.1 often with Remix dependencies, you should be able to reproduce this in a completely empty project. Mine were at version 2.8.0, and upgrading them results in the peer dependency errors:

npm i @remix-run/{express,node,react,dev,testing}@latest

npm ERR! Found: @remix-run/dev@2.8.0
npm ERR! node_modules/@remix-run/dev
npm ERR!   dev @remix-run/dev@"2.9.1" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! dev @remix-run/dev@"2.9.1" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: @remix-run/react@2.9.1
npm ERR! node_modules/@remix-run/react
npm ERR!   peer @remix-run/react@"^2.9.1" from @remix-run/dev@2.9.1
npm ERR!   node_modules/@remix-run/dev
npm ERR!     dev @remix-run/dev@"2.9.1" from the root project

What is it about these dependencies that makes it so hard for npm to resolve?

Additional info, if it matters:

• Node v22.0.0
• macOS 14.4.1

[moshe-foreflight]

Another example of this is a conflict between tree-sitter-swift and tree-sitter-objc. The former pins ^tree-sitter@0.21.1 and the latter ^tree-sitter@0.22.1.

There's an unexpected workaround here which is to first install tree-sitter-cli, using npm i tree-sitter-cli. I don't know enough about npm or the specific package implementations to understand why, but this seems to work.

Repro

brew install node;
mkdir tree-sitter-repro && cd tree-sitter-repro;
npm init -y;
npm i tree-sitter-objc;
npm i tree-sitter-swift;

Output: (2024-12-26T14_45_27_618Z-debug-0.log)

Environment

• Node v23.5.0
• NPM 10.9.2
• macOS 14.5