-
Notifications
You must be signed in to change notification settings - Fork 885
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): pino-pretty should be an optional peer #699
Conversation
This fixes pnpm/pnpm#1791 pnpm and yarn are not printing warnings if optional peers are not found. The next version of npm will also support optional peer deps.
Maybe I don't remember how Lines 183 to 198 in 146d803
|
As of now, peer dependencies are not installed automatically. Unfortunately
npm wants to change it in v7. But even then, optional peer deps will not
autoinstall
…On Wed, 21 Aug 2019, 22:39 James Sumners, ***@***.***> wrote:
Maybe I don't remember how peerDependencies work, but don't they get
installed automatically? Our docs are rather clear that you should install
pino-pretty yourself if you want to use prettification:
https://github.com/pinojs/pino/blob/146d803e6956638861f57d4d46b275aa8c80fa1d/docs/api.md#L183-L198
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#699?email_source=notifications&email_token=AAOWTG5RVP2DGQ2LJKREPZDQFWKXNA5CNFSM4IOMVE72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD424OXQ#issuecomment-523618142>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAOWTGYB72HUXE5JVSFY5F3QFWKXNANCNFSM4IOMVE7Q>
.
|
I’m not convinced this is a bug. We have the documentation outlining the requirement and issue a warning when you attempt to use it without having installed the dependency. |
But this is clearly an optional peer dependency. It is required by name from the code. What are the drawbacks of declaring it as an optional peer dep if package managers will not print a warning about it? A warning will only be printed if Another solution would be changing this line https://github.com/pinojs/pino/blob/master/lib/tools.js#L159 to var prettyFactory = require(require.resolve('pino-pretty', {paths: [require.main.filename]})) |
If I have: package.json {"dependencies":{"pino":"^5.13.2","pino-pretty":"^3.2.1"}} Then do 'use strict'
const log = require('pino')({prettyPrint: true})
log.info('hello world') I get: % node index.js
[1566428426105] INFO (45556 on morla): hello world Which is to say the |
The reason it isn't a peer dependency is because it is not specifically required for the functionality of @mcollina @davidmarkclements what are your thoughts? |
The intent of this code is described in #699 (comment), I’ll be +1 on such a change. peerDependencies are currently a no-no because of how npm currently supports them. I do not want a warning printed during install that the module is missing. Note that I use this pattern in some other module to work around these limitations (fastify-plugin for example), may I tag you? |
Currently, this is only an issue in monorepos that are managed by pnpm. pnpm is strict but normally all subdeps have access to the direct dependencies of a project. In a monorepo, pnpm is even stricter and packages have access only to listed deps and peer deps.
I wanted to write: "The current latest version of npm (v6.11) is not printing warnings for optional peer deps.". But seems like the change by Maël did not work (npm/cli#224), so it still prints a warning. Which is a bug in npm.
I am fine with that solution too. We can close this PR and do the other change.
sure |
As of |
@eps1lon unless it comes with Node when I do |
@jsumners I wasn't suggesting to follow the latest npm install. Just wanted to let you know that this will be resolve and there's no need to be that adamant ("no-no") about peer dependencies. Especially considering not listing those always allowed broken dependency trees. |
I think @jsumners and myself are referring to what is possible right now vs what will be possible in 1-2 years as old node versions go out of LTS. |
I think the reason that npm (and others) have failed to address peer dependencies in a satisfactory way is because there are a multitude of dependency scenarios that we can categorize as peer dependency situations. There is no satisfactory generic approach to peer dependencies. So considering our specific situation:
So given that, I'd say let's close this PR for now, and revisit if anything changes in the future with regard to this standard (or other standardized approaches to handling peer dep scenarios) |
Wrongfully raised #716 in an attempt to address this. I think the rationale above makes some sense, except there's some assumptions made. See the pnpm use-case - pnpm actually knows what to do with that optional peer dependency and otherwise will NOT allow the dep to be resolved it unless it's specified somewhere as a dependency (which is pretty sane!), so it's largely irrelevant what a user knows to do. I still find it particularly challenging that of all the vendor packages I'm making use of at the moment are compatible (or at least considered pnpm worthy enough to make required fixes (they really are fixes). As a general rule, it makes sense that if you import/require something, that it's declared as some form of dependency. I also expect you might be forced to reconsider when Yarn2/Berry/PnP land. |
|
The code adheres to CommonJS spec, but ultimately you're shipping a package, which should probably describe itself to package managers - pnpm included. Taking the literal view, |
I'm in favour of semantic verbosity but not at the expense of user cognitive overhead. Until the warnings go away in all actively used package managers I'm against altering As soon as usage levels of package managers that don't emit a warning for this config drop to <5% I'm happy to include it. In the meantime the programmatic fix described seems fine, happy to accept a PR for that. |
Where do you get usage numbers including the version of the package manager? |
I do not know. |
A good reference would be that it is supported by all version of npm that are shipped in all Node LTS releases. This is likely years away. |
It' already released in node 12, node 10 is at tops months away, node 8 deprecated this december.
So how can you make the statement that you'll merge it once usage drops if you have now knowledge of the usage? Edit: Last time node 10 got an npm update it was less than 6 weeks behind node 12: https://nodejs.org/en/download/releases/ |
Let's revisit after Node 8 goes EOL if Node 10.x has npm 6.11 we could potentially bump the major and set that version of Node as minimum requirement. I'm not a fan of that tbh, because I would love our software to run on most developer machines without needing an upgrade. Note that given #699 (comment), it's actually possible to fix this problem now. As I said, I'm happy to see a PR implementing that. |
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
This fixes pnpm/pnpm#1791
pnpm, yarn and npm (from v6.11) are not printing warnings if optional peers are not found.