firebase
Dependency conflict: tinyglobby requires picomatch@^4.0.3 but [email protected] is installed.
[REQUIRED] Environment info
firebase-tools: 14.19.1
Platform: Windows 10 22H2, vscode, Next.js(v15.5.4)
[REQUIRED] Test case
- npm update
- npm ls picomatch
- firebase deploy --only apphosting
[REQUIRED] Steps to reproduce
Follow the steps above in order.
And, these errors can be observed in step 2.
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ ├─┬ [email protected]
│ │ │ └── [email protected] deduped
│ │ └─┬ [email protected]
│ │ └── [email protected] deduped
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected] deduped invalid: "^4.0.3" from node_modules/tinyglobby, "^3 || ^4" from node_modules/tinyglobby/node_modules/fdir
│ └── [email protected] deduped invalid: "^4.0.3" from node_modules/tinyglobby
...
npm error code ELSPROBLEMS
npm error invalid: [email protected] D:\...\node_modules\picomatch
[REQUIRED] Expected behavior
The app is deployed normally without any package-related errors.
[REQUIRED] Actual behavior
There's a problem with deployment, and Cloud Build displays the logs for it.
npm error code EUSAGE
| npm error
| npm error `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.
| npm error
| npm error Missing: [email protected] from lock file
Hey @7hokerz, thanks for reporting this. At the moment, I can’t seem to reproduce the issue. If you are encountering an error running the deploy command on the Firebase CLI, could you please share the firebase-debug.log if it exists? If not, please rerun the command with --debug.
Also, the Cloud Build seems to be erroring out when trying to install the dependencies in your Next.js application. By any chance, could you provide your package.json and package-lock.json or steps on how you set up your Next.js project?
Hey @7hokerz, thanks for reporting this. At the moment, I can’t seem to reproduce the issue. If you are encountering an error running the deploy command on the Firebase CLI, could you please share the
firebase-debug.logif it exists? If not, please rerun the command with--debug.Also, the Cloud Build seems to be erroring out when trying to install the dependencies in your Next.js application. By any chance, could you provide your
package.jsonandpackage-lock.jsonor steps on how you set up your Next.js project?
@aalej
package.json dependencies.
"dependencies": {
"@hookform/resolvers": "^4.1.3",
"@radix-ui/react-accordion": "^1.2.3",
"@radix-ui/react-alert-dialog": "^1.1.6",
"@radix-ui/react-avatar": "^1.1.3",
"@radix-ui/react-checkbox": "^1.1.4",
"@radix-ui/react-collapsible": "^1.1.11",
"@radix-ui/react-dialog": "^1.1.6",
"@radix-ui/react-dropdown-menu": "^2.1.6",
"@radix-ui/react-label": "^2.1.2",
"@radix-ui/react-menubar": "^1.1.6",
"@radix-ui/react-popover": "^1.1.6",
"@radix-ui/react-progress": "^1.1.2",
"@radix-ui/react-radio-group": "^1.2.3",
"@radix-ui/react-scroll-area": "^1.2.3",
"@radix-ui/react-select": "^2.1.6",
"@radix-ui/react-separator": "^1.1.2",
"@radix-ui/react-slider": "^1.2.3",
"@radix-ui/react-slot": "^1.2.3",
"@radix-ui/react-switch": "^1.1.3",
"@radix-ui/react-tabs": "^1.1.3",
"@radix-ui/react-toast": "^1.2.6",
"@radix-ui/react-tooltip": "^1.1.8",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"date-fns": "^3.6.0",
"embla-carousel-react": "^8.6.0",
"firebase": "^12.3.0",
"firebase-admin": "^13.5.0",
"genkit": "^1.20.0",
"lucide-react": "^0.545.0",
"next": "15.3.3",
"next-themes": "^0.3.0",
"react": "^18.3.1",
"react-day-picker": "^8.10.1",
"react-dom": "^18.3.1",
"react-hook-form": "^7.65.0",
"recharts": "^2.15.4",
"tailwind-merge": "^3.0.1",
"tailwindcss-animate": "^1.0.7",
"zod": "^3.25.76"
},
"devDependencies": {
"@types/node": "^22.18.10",
"@types/react": "^18.3.25",
"@types/react-dom": "^18.3.7",
"firebase-tools": "^14.19.1",
"genkit-cli": "^1.20.0",
"postcss": "^8.5.6",
"tailwindcss": "^3.4.17",
"typescript": "^5.9.3"
}
Please follow these steps.
- rm -rf node_modules package-lock.json
- npm i
- npm ls picomatch
- npm i (or npm update)
- Once step 2 is complete, you can see the dependency in package-lock.json.
"node_modules/tinyglobby/node_modules/picomatch": {
"version": "4.0.3",
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
"integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
"dev": true,
"license": "MIT",
"optional": true,
"peer": true,
"engines": {
"node": ">=12"
},
"funding": {
"url": "https://github.com/sponsors/jonschlinkert"
}
},
- In step 3, you can check the dependency tree.
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ ├─┬ [email protected]
│ │ │ └── [email protected] deduped
│ │ └─┬ [email protected]
│ │ └── [email protected] deduped
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected] deduped
│ └── [email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
- However, once step 4 is complete, the picomatch version 4.0.3 of tinyglobby will be removed from package-lock.json and an error will be displayed in the dependency tree. (Same as when the first issue was raised.) (npm ls picomatch)
Please contact me if you have any additional requirements!
@aalej Temporarily, i can work around this issue by specifying picomatch: 4.0.3 in the overrides field in package.json. However, I think this is only a temporary solution.
Hi there,
Just to let you know you are not alone, @7hokerz, I have the same issue. Every time I change anything in my deps and push to CI, I get this error.
The only way to get rid of it is to delete the node_modules folder and the lock file, then reinstall everything and push again.
Hey @7hokerz , sorry I wasn't able to get back to this sooner. Taking a look into this again, I can’t seem to reproduce the issue locally. I used the package.json you shared and ran the commands you provided, but npm ls picomatch isn't raising any errors(even after running npm update). Also, the picomatch version in package-lock.json seems to still stay the same(4.0.3) after npm update. Here's my repro, I'm not sure if I may be missing something here, if I am please let me know.
Although the dependency issue seems to be coming from superstatic, I’ll try to ask someone from our engineering team who is familiar with the library to take a look.
@Al38andr0 just to verify, is the dependency conflict you're getting also related to picomatch?
Hey @7hokerz , sorry I wasn't able to get back to this sooner. Taking a look into this again, I can’t seem to reproduce the issue locally. I used the
package.jsonyou shared and ran the commands you provided, butnpm ls picomatchisn't raising any errors(even after runningnpm update). Also, thepicomatchversion inpackage-lock.jsonseems to still stay the same(4.0.3) afternpm update. Here's my repro, I'm not sure if I may be missing something here, if I am please let me know.Although the dependency issue seems to be coming from
superstatic, I’ll try to ask someone from our engineering team who is familiar with the library to take a look.@Al38andr0 just to verify, is the dependency conflict you're getting also related to
picomatch?
That's weird. I just tested it just in case, and I get the same error.
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ ├─┬ [email protected]
│ │ │ └── [email protected] deduped
│ │ └─┬ [email protected]
│ │ └── [email protected] deduped
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected] deduped invalid: "^4.0.3" from node_modules/tinyglobby, "^3 || ^4" from node_modules/tinyglobby/node_modules/fdir
│ └── [email protected] deduped invalid: "^4.0.3" from node_modules/tinyglobby
├─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected]
Additionally, There doesn't seem to be anything wrong with your process.
Hi there,
Just to let you know you are not alone, @7hokerz, I have the same issue. Every time I change anything in my deps and push to CI, I get this error.
The only way to get rid of it is to delete the node_modules folder and the lock file, then reinstall everything and push again.
Your method is also effective, but is also temporary. If i run npm i or npm update or etc... it gives in the same error.
That's weird. I just tested it just in case, and I get the same error.
Since you're encountering the same error using the same codebase and dependencies, I'm guessing it may be related to the npm version being used? Which version of npm are you currently using? I'm using npm 10.9.4 and node v22.21.1
That's weird. I just tested it just in case, and I get the same error.
Since you're encountering the same error using the same codebase and dependencies, I'm guessing it may be related to the npm version being used? Which version of npm are you currently using? I'm using npm
10.9.4and nodev22.21.1
Oh, I think I found the cause. It was the npm version. I was using 11.6.2. Just in case, I downgraded to 10.9.4, and the issue was resolved.
- The node version is the same as yours.
That's good news! Though, I think this might also be an issue we'd encounter when folks upgrade to npm v11. Will share this update with our engineering team.
Just a quick update here, I did a couple more testing and it seems like the issue might be with npm, specifically v11.6.1 and v11.6.2. The reason I think this is because on the first npm i dependecies are correctly resolved, but on the second npm i(or npm update), some of dependencies(in this case picomatch 4.0.3) are removed from the package-lock.json. I think npm i should consistently generate the same lock file.
I also tried with different versions of npm and this seems to occur starting with npm v11.6.1. I've open up an issue with npm to verify https://github.com/npm/cli/issues/8725.
See https://github.com/aalej/tools-issue-9295_npm?tab=readme-ov-file#notes for the list npm versions tested
Just a quick update here, I did a couple more testing and it seems like the issue might be with npm, specifically v11.6.1 and v11.6.2. The reason I think this is because on the first
npm idependecies are correctly resolved, but on the secondnpm i(ornpm update), some of dependencies(in this case picomatch 4.0.3) are removed from thepackage-lock.json. I thinknpm ishould consistently generate the same lock file.I also tried with different versions of
npmand this seems to occur starting withnpmv11.6.1. I've open up an issue with npm to verify npm/cli#8725.See https://github.com/aalej/tools-issue-9295_npm?tab=readme-ov-file#notes for the list npm versions tested
Oh, I see. Actually, I found that there was a picomatch dependency update in the v11.6.1 release.
https://github.com/npm/cli/releases/tag/v11.6.1 https://github.com/npm/cli/pull/8576
I still have this issue. Even on latest npm. Does anyone have any update?
Hey @unav4ila8le, I tried with npm v11.6.3 and v11.6.4 and both seem to work fine. Used the mcve I shared in the npm issue https://github.com/npm/cli/issues/8725 and no errors are being raised. Just to verify, are you using either npm v11.6.3 or v11.6.4? Also, could you provide a minimal reproducible example to help us replicate the issue?
@aalej I am on 11.6.4 locally. But locally I have no problem, npm ci works fine.
The issue is on GitHub actions: https://github.com/unav4ila8le/foliofox/actions/runs/19699066814/job/56430600244
The repo is public.
I am a beginner, please forgive if I have overlooked anything. Also, my issue isn't with firebase-tools, but I was still wondering if the it was somewhat related.
@unav4ila8le, since it's working locally but not on GitHub actions, my best guess is there might be a difference between the local package-lock.json you have and the package-lock.json you have in GitHub. It might be worth checking the difference of the two files.
One thing to also try is to match the local npm version you're using with the one being used in GitHub actions, or vice-versa, to see if it's only occurring on specific versions of npm.
In our case for firebase-tools, the issue was resolved by this PR in npm https://github.com/npm/cli/pull/8645
