You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ npm i --omit=dev
$ npm explain peer
peer@1.0.0
node_modules/peer
dev peer@"file:../deps/peer/peer-1.0.0.tgz" from the root project
peerOptional peer@"file:../peer/peer-1.0.0.tgz" from direct@1.0.0
node_modules/direct
direct@"file:../deps/direct/direct-1.0.0.tgz" from the root project
Expected Behavior
The peerOptional dependency is not auto installed for npm i --omit=dev.
$ npm ls @sap/hana-client
optional-peer-test@0.0.1
├── @sap/hana-client@2.21.31
└─┬ @sap/hdi@4.5.2
└── @sap/hana-client@2.21.31 deduped
$ npm explain @sap/hana-client
@sap/hana-client@2.21.31
node_modules/@sap/hana-client
dev @sap/hana-client@"2.21.31" from the root project
peerOptional @sap/hana-client@"^2 >= 2.5" from @sap/hdi@4.5.2
node_modules/@sap/hdi
@sap/hdi@"4.5.2" from the root project
Also note that in the package-lock.json, the @sap/hana-client is now marked as devOptional, while it was never included under optionalDependencies. When a npm-shrinkwrap.json is then generated and the package is published, the consumer also auto installs the peerOptional dependency.
This seems to be due to arborist not really differentiating between optional dependencies and optional peer dependencies, as e.g. discussed here: #4859 (comment) .
Environment
npm: 10.8.3
Node.js: v22.7.0
The text was updated successfully, but these errors were encountered:
@kchindam-infy , thank you for linking the ticket. It's indeed addressing the same issue, but was closed with the argument that ""optional" in peer deps simply means npm will not error if it is unable to be installed".
As ljharb pointed out and according to the documentation, setting optional to true in peerDependenciesMeta means that npm will not automatically install it.
This is also the observed behavior if the dev dependencies are empty. But as soon as the same package is also included in the dev dependencies, it is installed even if --omit=dev is set.
This behavior is inconsistent in itself, as adding a dev dependency and omitting it via --omit=dev should not change which packages are installed.
I'm happy to take a shot at fixing this. Should I?
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Having a package (peer) both as transitive peerOptional dependency and as dev dependency leads to it being installed for production as well.
Scenario:
Expected Behavior
The peerOptional dependency is not auto installed for
npm i --omit=dev
.Steps To Reproduce
Reproduction repo: https://github.com/Akatuoro/optional-peer-test
For a real world scenario, use the package.json
and run
resulting in
Also note that in the package-lock.json, the
@sap/hana-client
is now marked asdevOptional
, while it was never included underoptionalDependencies
. When a npm-shrinkwrap.json is then generated and the package is published, the consumer also auto installs the peerOptional dependency.This seems to be due to arborist not really differentiating between optional dependencies and optional peer dependencies, as e.g. discussed here: #4859 (comment) .
Environment
The text was updated successfully, but these errors were encountered: