pnpm provides different hashes for the exact same version of the same dependency, breaking nestjs
Question
I have a monorepo with a very basic setup available for reproducing this issue here:
It is a single nestjs app with 2 packages that it reads from.
@nestjs/core among other dependencies is needed for both the packages and the main app to work, and it is enforced to be the exact same fixed version not only on their own local package.json's but also with the resolutions {} config in the main package.json.
I can inspect the lockfile and find out that although the same version is used -- the hashes are different, causing major issues with nestjs, not being able to import injectable dependencies reliably causing it to break on bootstrap.
Is there a way to prevent this? to force linking the exact same hash/dependency?
1 answers
solution1
0 2022-08-24 01:02:30
When a dependency has peer dependencies, it might be written to node_modules several times if the peer dependencies are resolved differently in various parts of the dependency graph.
In your case, @nestjs/core is in the dependencies of the graphql-server project and the @myapp/entities project. @nestjs/core has @nestjs/platform-express as an optional peer dependency.
@nestjs/platform-express is in the dependencies of the graphql-server project, so pnpm links it to @nestjs/platform-express . You can see it in the lockfile:
/@nestjs/core/8.4.7_fkqgj3xrohk2pflugljc4sz7ea:
resolution: {integrity: sha512-XB9uexHqzr2xkPo6QSiQWJJttyYYLmvQ5My64cFvWFi7Wk2NIus0/xUNInwX3kmFWB6pF1ab5Y2ZBvWdPwGBhw==}
requiresBuild: true
peerDependencies:
'@nestjs/common': ^8.0.0
'@nestjs/microservices': ^8.0.0
'@nestjs/platform-express': ^8.0.0
'@nestjs/websockets': ^8.0.0
reflect-metadata: ^0.1.12
rxjs: ^7.1.0
peerDependenciesMeta:
'@nestjs/microservices':
optional: true
'@nestjs/platform-express':
optional: true
'@nestjs/websockets':
optional: true
dependencies:
'@nestjs/common': 8.4.7_47vcjb2de6lyibr6g4enoa5lyu
'@nestjs/platform-express': 8.4.7_7tsmhnugyerf5okgqzer2mfqme # <------HERE
'@nuxtjs/opencollective': 0.3.2
fast-safe-stringify: 2.1.1
iterare: 1.2.1
object-hash: 3.0.0
path-to-regexp: 3.2.0
reflect-metadata: 0.1.13
rxjs: 7.5.5
tslib: 2.4.0
uuid: 8.3.2
transitivePeerDependencies:
- encoding
In the other project ( @myapp/entities ), @nestjs/platform-express is not in the dependencies, so when installing @nestjs/core , pnpm cannot resolve the optional peer dependency. As a result, pnpm needs to create another instance of @nestjs/core , which doesn't have this optional peer linked in. As you can see in the lockfile, the other entry doesn't have @nestjs/platform-express :
/@nestjs/core/8.4.7_g7av3gvncewo44y4rurz3mgav4:
resolution: {integrity: sha512-XB9uexHqzr2xkPo6QSiQWJJttyYYLmvQ5My64cFvWFi7Wk2NIus0/xUNInwX3kmFWB6pF1ab5Y2ZBvWdPwGBhw==}
requiresBuild: true
peerDependencies:
'@nestjs/common': ^8.0.0
'@nestjs/microservices': ^8.0.0
'@nestjs/platform-express': ^8.0.0
'@nestjs/websockets': ^8.0.0
reflect-metadata: ^0.1.12
rxjs: ^7.1.0
peerDependenciesMeta:
'@nestjs/microservices':
optional: true
'@nestjs/platform-express':
optional: true
'@nestjs/websockets':
optional: true
dependencies:
'@nestjs/common': 8.4.7_47vcjb2de6lyibr6g4enoa5lyu
'@nuxtjs/opencollective': 0.3.2
fast-safe-stringify: 2.1.1
iterare: 1.2.1
object-hash: 3.0.0
path-to-regexp: 3.2.0
reflect-metadata: 0.1.13
rxjs: 7.5.5
tslib: 2.4.0
uuid: 8.3.2
transitivePeerDependencies:
- encoding
To solve this, you can add @nestjs/platform-express to the dependencies of the @myapp/entities project. It should be the same version as in the other project.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.