mermaid-cli
mermaid-cli copied to clipboard
mermaid-js
Remove puppeteer from dev dependencies
Describe the bug I was trying to update mermaid-cli package for Nix from v10 (yarn) to v11 (npm). The installation setup is non-standard, but I came up with the following script:
npm ci --ignore-scripts
npm prepare
npm --omit=dev --include=peer --ignore-scripts install
This correctly builds the app and installs production dependencies except for puppeteer which is required at runtime, but not installed.
To Reproduce
- Build using:
npm ci --ignore-scripts
npm prepare
npm --omit=dev --include=peer --ignore-scripts install
-
Run the mermaid-cli.
-
Get the error:
Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'puppeteer' imported from /nix/store/81dbkd67vpzzi26wgvkz75vkxbb3jgmm-mermaid-cli-11.4.2/lib/node_modules/@mermaid-js/mermaid-cli/src/index.js
at packageResolve (node:internal/modules/esm/resolve:838:9)
at moduleResolve (node:internal/modules/esm/resolve:907:18)
at defaultResolve (node:internal/modules/esm/resolve:1037:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:650:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:599:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:582:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:241:38)
at ModuleJob._link (node:internal/modules/esm/module_job:132:49) {
code: 'ERR_MODULE_NOT_FOUND'
}
Expected behavior
I expect puppeteer to be installed as it is in peerDepedencies. However, due to how npm works, a dependency should not be listed both in peerDepedencies and devDependencies. See for example https://github.com/npm/cli/issues/7618.
I therefore recommend removing puppeteer from devDependencies, then the install works correctly.
Desktop (please complete the following information):
- OS:
Linux 6.12.8 #1-NixOS SMP PREEMPT_DYNAMIC Thu Jan 2 09:34:26 UTC 2025 x86_64 GNU/Linux - Version 11.4.2, Node.js v22.11.0
Hmmmmmm, as far as I'm aware, usually you're supposed to put peerDependencies in devDependencies too if you're planning on using them for tests/CI. And according to the docs of NPM, this sounds like a bug in NPM:
If a package type appears in both the
--includeand--omitlists, then it will be included.
E.g. our peerDependencies for Puppeteer might say ^23 || ^24 if we support two major versions, but our devDependencies might only say ^24.1.2 if our tests only work with a certain version of the library.
Another potential work-around: I'm not entirely sure about how Nix works, but if you want to embed the exact same versions of mermaid-cli in the library that our package-lock.json has, and you want to only install production dependencies, maybe something like this is better:
# Build step generates a `.tgz` archive
npm ci --ignore-scripts
npm shrinkwrap
npm pack
cp my-file-generated-by-the-last-npm-pack-step.tgz /my-build-output-folder/
rm -r ./* # delete build folder
# Install step
npm install /my-build-output-folder/my-file-generated-by-the-last-npm-pack-step.tgz
In theory, npm shrinkwrap should just copy the package-lock.json file into the generated tarball as an npm-shrinkwrap.json file, so that anybody that installs the tarball gets the exact versions listed in it. This usually isn't recommended, since it means that users can't update the dependencies themselves to fix security issues, or to share dependencies with other packages to save on disk space, but maybe that's preferred by Nix?
Although it does seem like the newer versions of NPM have a lot of bugs for lesser used features, so :shrug:, I'm not sure if this would actually work!
