为什么 package-lock.json 中有额外的必需依赖项?
[英]Why are there extra required dependencies in package-lock.json?
问题描述
React recently released a new version that has breaking changes to the TypeScript typings ( Can be read about here ). 
React 最近发布了一个新版本,它对 TypeScript 类型进行了重大更改(可以在此处阅读)。 Packages that require "@types/react": "*" target this new version automatically and cause my project to break.需要 "@types/react": "*" 的包自动针对这个新版本并导致我的项目中断。
I thought that I'd go to the projects that have this style of requirement and either ask them to change the dependency to optional or remove it.我认为我会 go 到具有这种需求风格的项目,并要求他们将依赖项更改为可选或删除它。 Then I thought I'd be more proactive and make a pull request to make the change myself and get some experience contributing to open source.然后我想我会更积极主动并提出拉取请求以自己进行更改并获得一些为开源做出贡献的经验。
However, I have yet to find where this change would be made in the project.但是,我还没有找到在项目中进行此更改的位置。 I have looked through the first 5 packages that have this problem and have yet to find where @types/react is required.我已经查看了前 5 个有这个问题的包,但还没有找到需要 @types/react 的地方。
As an example, in my package-lock.json file the listing for @types/react-redux shows that it requires @types/react: "*"例如,在我的 package-lock.json 文件中,@types/react-redux 的列表显示它需要 @types/react: "*"
So I go to the npm page for @types/react-redux and follow the link to the github page (I also verified that I'm on the most recent version).所以我 go 到@types/react-redux 的 npm 页面,然后点击链接到github 页面(我还验证了我使用的是最新版本)。 I would expect the required packages to be found in the package.json file there, and they all are except @types/react.我希望可以在 package.json 文件中找到所需的包,除了@types/react。
We are having a heck of a time trying to get our project working again after the changes to React being automatically pulled in because of these required "*" versions of @types/react.由于这些需要“*”版本的@types/react,在自动引入对 React 的更改后,我们正在努力让我们的项目再次运行。
Can anyone help educate me as to where this is coming from so that I could either make pull requests for these projects or ask the maintainers to make the change?谁能帮助我了解这是从哪里来的,以便我可以对这些项目提出拉取请求或要求维护人员进行更改?
1 个解决方案
解决方案1
1 2022-04-21 18:00:52
It's because index.d.ts imports react , but since package.json does not contain an explicit dependency on @types/react , DefinitelyTyped adds it automatically to the generated package.json of the npm bundle using information provided by the TypeScript compiler.这是因为index.d.ts导入了react ,但由于package.json不包含对@types/react的显式依赖,DefinitelyTyped 使用 88718 编译器 3437 提供的信息自动将其添加到 npm 包的生成的package.json
To pin the dependency version, simply add it explicitly to package.json , eg:要固定依赖版本,只需将其显式添加到package.json ,例如:
{
"private": true,
"dependencies": {
"@types/hoist-non-react-statics": "^3.3.0",
"@types/react": "16",
"hoist-non-react-statics": "^3.3.0",
"redux": "^4.0.0"
}
}
( "@types/react": "16" is just an example - use a version or version range that fits). ( "@types/react": "16"只是一个例子——使用适合的版本或版本范围)。 For a real example, see this merged pull request that introduces a similar change.有关真实示例,请参阅引入了类似更改的 合并拉取请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.