bun icon indicating copy to clipboard operation
bun copied to clipboard

Published 20 hours ago verified publisher icon oven-sh

Transitive dependencies bring their own (incompatible) versions of dependencies

Open MikeDombo opened this issue 9 months ago • 4 comments

What version of Bun is running?

1.0.0

What platform is your computer?

Darwin 22.6.0 arm64 arm

What steps can reproduce the bug?

Install @types/react-router-dom:5.3.3 and @types/react:16.14.38.

What is the expected behavior?

Bun should install both of these packages and the react-router-dom package should not bring its own version of node_modules with @types/react: 18.2.21 which causes the build to fail because types no longer match because multiple versions of react types are being used.

Bun should install the desired version of @types/react from my project's package.json.

What do you see instead?

Bun installs both types packages, but the react-router-dom type package brings its own nested node_modules directory which includes the latest version of @types/react which is not the version that my project requested. @types/react- packages include a dependency on @types/react with * as the version requirement, so bun should be able to use my project's requested version of the react type dependency rather than installing a newer (and incompatible) version

Additional information

No response

MikeDombo avatar Sep 11 '23 13:09 MikeDombo

I think it's even worse. I can see bun installing duplicated packages even for ^n.n.n choosing latest versions instead of existing ones.

mifopen avatar Sep 13 '23 15:09 mifopen

Possible duplicate: #4642

Zikoat avatar Sep 14 '23 13:09 Zikoat

I have the exact same issue with angular. ngx-build-plus@15 has @angular-devkit/build-angular@>=15 as a dependency. Thus @angular-devkit/build-angular@16 is installed for this dependency in its own node_modules and I get the infamous incopatible version error.

almarzn avatar Oct 03 '23 07:10 almarzn

This sounds like what's affecting expo-router and easily reproducible with create-expo-stack. It associates one peerDependency down the chain with the wrong version of ajv

$ npx [email protected] --bun --expo-router
$ cd my-expo-app/
$ npm ls ajv
$ bun start

npm ls ajv shows the bad association, and bun start quickly errors.

The workaround as mentioned in the linked comment is adding the higher/preferred ajv as a direct dependency, resolving the issue without giving eslint the wrong version:

$ bun install --dev ajv
$ npm ls ajv

Environment:

$ bun --version
1.0.26
$ node --version
v21.2.0
$ npm --version
10.2.3

sammoore avatar Feb 10 '24 22:02 sammoore

I am experiencing the same issue as @sammoore with an Expo project, and consider this to be a very serious mishandling of dependencies.

I tried to pin ajv via resolutions, but did not have any luck.

Is there any official response on the priority/timeline for fixing this problem?

isaachinman avatar Feb 21 '24 14:02 isaachinman

Possible duplicate: #9135

sammoore avatar Apr 01 '24 19:04 sammoore

@sammoore, @isaachinman Yep, I reported this a while ago: https://github.com/oven-sh/bun/issues/8406

byCedric avatar Apr 02 '24 12:04 byCedric