stackoom
  简体   繁体   中英

Why are there extra required dependencies in package-lock.json?

 原文  2022-04-21 14:27:49       javascript/ reactjs/ typescript/ webpack/ package.json

Question

React recently released a new version that has breaking changes to the TypeScript typings ( Can be read about here ). Packages that require "@types/react": "*" target this new version automatically and cause my project to break.

I thought that I'd go to the projects that have this style of requirement and either ask them to change the dependency to optional or remove it. Then I thought I'd be more proactive and make a pull request to make the change myself and get some experience contributing to open source.

However, I have yet to find where this change would be made in the project. I have looked through the first 5 packages that have this problem and have yet to find where @types/react is required.

As an example, in my package-lock.json file the listing for @types/react-redux shows that it requires @types/react: "*"

package-lock.json 文件中的@types/react-redux 条目

So I go to the npm page for @types/react-redux and follow the link to the github page (I also verified that I'm on the most recent version). I would expect the required packages to be found in the package.json file there, and they all are except @types/react.

@types/react-redux 的 package.json 的内容

We are having a heck of a time trying to get our project working again after the changes to React being automatically pulled in because of these required "*" versions of @types/react.

Can anyone help educate me as to where this is coming from so that I could either make pull requests for these projects or ask the maintainers to make the change?

1 answers

solution1
 1  2022-04-21 18:00:52

It's because index.d.ts imports react , but since package.json does not contain an explicit dependency on @types/react , DefinitelyTyped adds it automatically to the generated package.json of the npm bundle using information provided by the TypeScript compiler.

To pin the dependency version, simply add it explicitly to package.json , eg:


{
    "private": true,
    "dependencies": {
        "@types/hoist-non-react-statics": "^3.3.0",
        "@types/react": "16",
        "hoist-non-react-statics": "^3.3.0",
        "redux": "^4.0.0"
    }
}

( "@types/react": "16" is just an example - use a version or version range that fits). For a real example, see this merged pull request that introduces a similar change.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Package-lock.json - requires vs dependencies Why does package-lock.json have different listed dependencies to package.json? Workflow with package-lock.json Is there a way to download all dependencies in a package-lock.json/yarn.lock file without installing them? Can I use in my project a package from package-lock.json dependencies? Webpack vendors JS bundle (Vue CLI) includes code not listed in dependencies or package-lock.json? Mitigate the diff noice by package-lock.json generate package-lock.json programmatically Prevent building package-lock.json frequently Ignoring certain packages in package-lock.json
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM