> On Jan 20, 2015, at 12:31 AM, Damon Smith <[email protected]> wrote: > > Thanks for the reply! > > Sorry about this, but now I'm intrigued about peer dependencies and want to > ask lots of questions. > > 1. ok so I think I have it, I grepped through my node_modules for > peerDependency and the version of react under server-jsx has a peerDependency > on envify ~1.2.0, and server-jsx itself also has a normal dependency on > envify ~1.0.1
That sounds too tight: If they were to both use ^1.0.0, it should work great, assuming nobody mismarks something as compatible when it's not. > 2. so packages that have peer dependencies must not conflict, and npm has the > unenviable task of trying to find a version of the peer dependency that all > packages are happy with. Now I understand your "requirements of a package are > too narrow" statement. If that is the case, why not call them > globalDependencies? Or is that muddying up the concept again? It's not global, but just at that level: if you depended on something that depended on that server-jsx, then all this would be isolated into that node_modules, and not really affect your main app's. > 3. And to finish, that means that server-jsx 0.0.2 can never have worked > right? It seems like it's got a fundamental version conflict and it couldn't > possibly ever work. It may have: A prior release of react may have been compatible with server-jsx, and peer compatible with envify. > In this case, just to spitball an idea, the error message could be "Error, > your package tree is trying to install envify as a peerDependency but also > has a different version dependency elsewhere." Yeah, in this case, that might do it. But it could also be two peerDependencies that conflict. > Ultimately it'd be nice if it told me that I've just tripped over someone > else's crazy dependency problem - "package server-jsx can't be installed > because it's dependencies have gone bonkers, just file a bug and walk away > buddy". I don't know if that's possible though. Or if it's even the case. Or use a different version, if that's possible. But I agree: this is terrible, and peerDependencies are the 'dependency hell' that other languages and package managers do by default. Aria -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/C86BE058-B1DA-403C-9676-6991B6AFC8F1%40nbtsc.org. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
