ckeditor5 icon indicating copy to clipboard operation
ckeditor5 copied to clipboard
verified publisher icon ckeditor

Missing peer dependency webpack on dev-utils package

Open jnoordsij opened this issue 2 years ago • 8 comments

📝 Provide detailed reproduction steps (if any)

  1. Run (empty directory): yarn set version berry
  2. yarn add -D @ckeditor/ckeditor5-dev-utils
  3. The following messages will appear:
➤ YN0002: │ @ckeditor/ckeditor5-dev-utils@npm:38.4.0 doesn't provide webpack (p9dd4f), requested by css-loader
➤ YN0002: │ @ckeditor/ckeditor5-dev-utils@npm:38.4.0 doesn't provide webpack (pc8460), requested by esbuild-loader
➤ YN0002: │ @ckeditor/ckeditor5-dev-utils@npm:38.4.0 doesn't provide webpack (p22d4b), requested by mini-css-extract-plugin
➤ YN0002: │ @ckeditor/ckeditor5-dev-utils@npm:38.4.0 doesn't provide webpack (p28963), requested by postcss-loader
➤ YN0002: │ @ckeditor/ckeditor5-dev-utils@npm:38.4.0 doesn't provide webpack (pe35ec), requested by raw-loader
➤ YN0002: │ @ckeditor/ckeditor5-dev-utils@npm:38.4.0 doesn't provide webpack (p06d68), requested by style-loader
➤ YN0002: │ @ckeditor/ckeditor5-dev-utils@npm:38.4.0 doesn't provide webpack (p76864), requested by terser-webpack-plugin

✔️ Expected result

No output.

❌ Actual result

Error messages by Yarn.

❓ Possible solution

Add appropriate versions of webpack as (optional) peerDependencies to package.json.

📃 Other details

  • Browser: N/A
  • OS: N/A
  • First affected CKEditor version: N/A
  • Installed CKEditor plugins: N/A

If you'd like to see this fixed sooner, add a 👍 reaction to this post.

jnoordsij avatar Aug 18 '23 15:08 jnoordsij

CC @pomek.

Witoso avatar Aug 21 '23 08:08 Witoso

Is webpack a strict dependency of all utils available in dev-utils package? If not – IMO it's fine that it's not listed as a peerDependency. It may be a dependency of an app that uses dev-utils but not of dev-utils itself.

Sorry for being so rejective of the warnings logged by yarn but we have so much headache here with all package managers behaving differently that I'm now on the "don't touch if it seems to work" side.

Reinmar avatar Aug 21 '23 09:08 Reinmar

It's only a dependency for part of the tools AFAICS. I think it shouldn't cause any problems adding it as a peer dependency marked as optional (see https://docs.npmjs.com/cli/v9/configuring-npm/package-json#peerdependenciesmeta), but I do understand different package managers might behave differently and that's an annoying thing to deal with.

For reference, this warning can be silenced locally by force-adding this dependency locally in your .yarnrc.yml file:

packageExtensions:
  '@ckeditor/ckeditor5-dev-utils@*':
    peerDependencies:
      webpack: "*"
    peerDependenciesMeta:
      webpack:
        optional: true

jnoordsij avatar Aug 21 '23 09:08 jnoordsij

ckeditor5-dev-utils does not use webpack directly. There is only one mention of the package in the entire project:

  • https://github.com/ckeditor/ckeditor5-dev/blob/ee7c8e11e9c0cca9bb87e37c009fb71ad7a825a0/packages/ckeditor5-dev-utils/lib/builds/getdllpluginwebpackconfig.js#L31

It may be a dependency of an app that uses dev-utils but not of dev-utils itself.

☝️ Exactly.

If we add webpack as peer deps, our Vite integration will be installing webpack (due to release tools using utils).

pomek avatar Aug 21 '23 09:08 pomek

If we add webpack as peer deps, our Vite integration will be installing webpack (due to release tools using utils).

I don't understand this; I think the whole point of a peerDependency is notifying the package consumer which version should be installed with a certain version constraint in their dependencies, to ensure matching versions, and thus it should never be installed by default.

I think this blog explains the point of why to mark webpack as peer dependency pretty well, altough I think in practice it doesn't really matter here.

jnoordsij avatar Aug 21 '23 09:08 jnoordsij

Starting from npm v7, npm installs peerDependencies automatically. And, which isn't necessarily a problem in this specific case, the algorithm it uses to do so causes issues because for odd reasons it installs a wrong version of a package (duplicating already installed packages). This makes us very cautious when playing with peerDependencies.

We don't have a single ticket now where we handle these topics. There's a chance we'll find some reasonable resolutions to these issues (#13344 + one that's handled in our private repo for the time being). But for now, we're cautious.

Reinmar avatar Aug 21 '23 11:08 Reinmar

Ah I see, though a little surprising to me I kind of understand why they'd go with this.

I did however find a follow-up RFC to the one enabling the auto installation of peer dependencies, which disables auto-install for optional ones. So maybe marking it as optional (which it is) will work for all cases.

jnoordsij avatar Aug 21 '23 12:08 jnoordsij

There has been no activity on this issue for the past year. We've marked it as stale and will close it in 30 days. We understand it may still be relevant, so if you're interested in the solution, leave a comment or reaction under this issue.

CKEditorBot avatar Aug 21 '24 01:08 CKEditorBot

We've closed your issue due to inactivity. We understand that the issue may still be relevant. If so, feel free to open a new one (and link this issue to it).

CKEditorBot avatar Oct 01 '24 23:10 CKEditorBot