Undeclared dependencies with Yarn PnP

[Jul13nT]

Describe the bug I'm unable to install redocly in devDependencies and use it with Yarn Pnp mode. It shows an error for undeclared dependencies.

To Reproduce Steps to reproduce the behavior:

1. Clone https://github.com/Redocly/openapi-starter
2. Run yarn
3. Run yarn set version stable
4. Run yarn install
5. Remove line nodeLinker: node-modules from .yarnrc.yml file to use PnP mode.
6. Run yarn install again.
7. Run yarn test

Expected behavior With the cloned repo openapi-starter, running yarn test should lint the openapi file instead of throwing an error.

Logs

/workspaces/openapi-starter/.pnp.cjs:11877
      Error.captureStackTrace(firstError);
            ^

Error: @redocly/cli tried to access lodash.isequal, but it isn't declared in its dependencies; this makes the require call ambiguous and unsound.

Required package: lodash.isequal
Required by: @redocly/cli@npm:1.0.0-beta.112 (via /workspaces/openapi-starter/.yarn/cache/@redocly-cli-npm-1.0.0-beta.112-7adc8a3bdd-b9993a6c04.zip/node_modules/@redocly/cli/lib/commands/split/)

Require stack:
- /workspaces/openapi-starter/.yarn/cache/@redocly-cli-npm-1.0.0-beta.112-7adc8a3bdd-b9993a6c04.zip/node_modules/@redocly/cli/lib/commands/split/index.js
- /workspaces/openapi-starter/.yarn/cache/@redocly-cli-npm-1.0.0-beta.112-7adc8a3bdd-b9993a6c04.zip/node_modules/@redocly/cli/lib/index.js
- /workspaces/openapi-starter/.yarn/cache/@redocly-cli-npm-1.0.0-beta.112-7adc8a3bdd-b9993a6c04.zip/node_modules/@redocly/cli/bin/cli.js
    at Function.require$$0.Module._resolveFilename (/workspaces/openapi-starter/.pnp.cjs:11877:13)
    at Function.require$$0.Module._load (/workspaces/openapi-starter/.pnp.cjs:11727:42)
    at Module.require (internal/modules/cjs/loader.js:974:19)
    at require (internal/modules/cjs/helpers.js:101:18)
    at Object.<anonymous> (/workspaces/openapi-starter/.yarn/cache/@redocly-cli-npm-1.0.0-beta.112-7adc8a3bdd-b9993a6c04.zip/node_modules/@redocly/cli/lib/commands/split/index.js:18:17)
    at Module._compile (internal/modules/cjs/loader.js:1085:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Object.require$$0.Module._extensions..js (/workspaces/openapi-starter/.pnp.cjs:11921:33)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.require$$0.Module._load (/workspaces/openapi-starter/.pnp.cjs:11758:14)

Redocly Version(s) 1.0.0-beta.112, 1.0.0-beta.114

Node.js Version(s) 14.20.1, 18.12.1

Yarn Version(s) 3.3.0, 3.2.4

Additional context Additionally, when running yarn install, Yarn warns on missing peer dependencies:

➤ YN0002: │ @redocly/cli@npm:1.0.0-beta.112 doesn't provide core-js (p832a4), requested by redoc
➤ YN0002: │ @redocly/cli@npm:1.0.0-beta.112 doesn't provide react-is (pd53cd), requested by styled-components
➤ YN0002: │ redoc@npm:2.0.0 [7adc8] doesn't provide webpack (p3efe6), requested by style-loader

[tatomyr]

Hi @Jul13nT,

What are these intermediary steps 3-5 for? I cannot reproduce step 5 because there is no such line in my .yarnrc.yaml file.

[Jul13nT]

By default Yarn will not use it's last version and it's PnP mode when converting an existing repo from NPM to Yarn.

Step 3 is to use Yarn 3.x instead of Yarn 1.22. Step 4 is to migrate the repo from Yarn 1 to Yarn 3. Step 5 is to able Yarn PnP mode.

To confirm you are using the good setup, when running yarn -v, you should see 3.3.0. And you should see zip files in the .yarn/cache folder.

I can reproduce these steps using the feature Open in codespace of GitHub.

[IgorKarpiuk]

Hi @Jul13nT , Thanks for reporting.

As a workaround you can put pnpMode: loose in yarnrc.yaml and run yarn install again You can follow this link for more information.

[Jul13nT]

Thanks, for anyone who don't want to set this param, another workaround I found is to set this in yarnrc.yaml to declare the missing dependencies:

packageExtensions:
  [email protected]:
    dependencies:
      react-is: "18.2.0"
  "@redocly/cli@^1.0.0-beta.114":
    dependencies:
      "lodash.isequal": "^4.5.0"
      "node-fetch": "^2.6.1"
  redoc@~2.0.0:
    dependencies:
      call-me-maybe: "1.0.2"
      yaml: "2.1.3"
      fast-safe-stringify: "2.1.1"

[lornajane]

Do we need to make code or docs changes to complete the request here?

[RomanHotsiy]

Yes, we have to add missing deps to our package.json.

We won't be able to add react-is one as this is controlled by styled-components package.

[RomanHotsiy]

@tatomyr we also need to check why redoc package requires yaml. This seems wrong.

[JonFranchi]

This still seems to be an issue and I get this output when running yarn install:

➤ YN0068: │ redoc ➤ dependencies ➤ call-me-maybe: No matching package in the dependency tree; you may not need this rule anymore.
➤ YN0068: │ redoc ➤ dependencies ➤ yaml: No matching package in the dependency tree; you may not need this rule anymore.
➤ YN0068: │ redoc ➤ dependencies ➤ fast-safe-stringify: No matching package in the dependency tree; you may not need this rule anymore.

But then if I try to run yarn redocly I get this error:

      Error.captureStackTrace(firstError);
            ^

Error: redoc tried to access call-me-maybe, but it isn't declared in its dependencies; this makes the require call ambiguous and unsound.

Required package: call-me-maybe

If not clear, the message is actually coming from the redoc bundle rather than redocly/cli. Presumably the bundled code is related to the issue.

[tatomyr]

The original issue with lodash.isequal should be fixed as it was removed from the bundle at some point. If the issue still persists, it might indeed be coming from Redoc. FYI @AlexVarchuk