pnpm update 未更新 package.json 文件

2022-08-12 · 799 chars · 4 min read

我在当前这个 blog 项目中使用了 pnpm,整体上的体验要比 npm 好上很多,强烈推荐。但是因为 dependabot 暂时还不支持 pnpm,所以只能手动管理依赖,大概一个多月前我尝试升级了一次,发现 package.json 文件没有被更新:

# pnpm version 7.5.0
pnpm update

输出如下信息(你可能和我不一样)

WARN deprecated [email protected]: standard 16.0.0 and eslint-config-standard 16.0.0 no longer require the eslint-plugin-standard package. You can remove it from your dependencies with 'npm rm eslint-plugin-standard'. More info here: https://github.com/standard/standard/issues/1316
WARN deprecated @stylelint/[email protected]: Use the original unforked package instead: postcss-markdown
WARN deprecated [email protected]: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
Already up-to-date
Progress: resolved 1463, reused 1285, downloaded 0, added 0, done
ERR_PNPM_PEER_DEP_ISSUES Unmet peer dependencies

.
├─┬ elint-preset-kw
│ ├─┬ @typescript-eslint/eslint-plugin
│ │ ├── ✕ missing peer [email protected]"^5.0.0 || ^6.0.0 || ^7.0.0"
│ │ └─┬ @typescript-eslint/experimental-utils
│ │   ├── ✕ missing peer [email protected]"*"
│ │   └─┬ eslint-utils
│ │     └── ✕ missing peer [email protected]>=5
│ ├─┬ @typescript-eslint/parser
│ │ └── ✕ missing peer [email protected]"^5.0.0 || ^6.0.0 || ^7.0.0"
│ ├─┬ eslint-config-prettier
│ │ └── ✕ missing peer [email protected]>=7.0.0
│ ├─┬ eslint-config-standard
│ │ └── ✕ missing peer [email protected]^7.12.1
│ ├─┬ eslint-config-standard-jsx
│ │ └── ✕ missing peer [email protected]^7.12.1
│ ├─┬ eslint-config-standard-react
│ │ └── ✕ missing peer [email protected]^7.12.1
│ ├─┬ eslint-config-standard-with-typescript
│ │ └── ✕ missing peer [email protected]^7.12.1
│ ├─┬ eslint-plugin-import
│ │ └── ✕ missing peer [email protected]"^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8"
│ ├─┬ eslint-plugin-node
│ │ ├── ✕ missing peer [email protected]>=5.16.0
│ │ └─┬ eslint-plugin-es
│ │   └── ✕ missing peer [email protected]>=4.19.1
│ ├─┬ eslint-plugin-promise
│ │ └── ✕ missing peer [email protected]^7.0.0
│ ├─┬ eslint-plugin-react
│ │ └── ✕ missing peer [email protected]"^3 || ^4 || ^5 || ^6 || ^7 || ^8"
│ ├─┬ eslint-plugin-standard
│ │ └── ✕ missing peer [email protected]>=5.0.0
│ ├─┬ stylelint-config-prettier
│ │ └── ✕ missing peer [email protected]>=11.0.0
│ └─┬ stylelint-config-standard
│   ├── ✕ missing peer [email protected]>=10.1.0
│   └─┬ stylelint-config-recommended
│     └── ✕ missing peer [email protected]>=10.1.0
├─┬ @docsearch/js
│ └─┬ @docsearch/react
│   └─┬ @algolia/autocomplete-preset-algolia
│     └── ✕ missing peer @algolia/[email protected]^4.9.1
├─┬ react-router
│ └─┬ mini-create-react-context
│   └── ✕ unmet peer [email protected]"^0.14.0 || ^15.0.0 || ^16.0.0 || ^17.0.0": found 18.2.0
└─┬ use-media
  └── ✕ unmet peer [email protected]^16.8.1: found 18.2.0
Peer dependencies that should be installed:
  @algolia/[email protected]^4.9.1  [email protected]">=7.12.1 <8.0.0"       [email protected]>=11.0.0

hint: If you want peer dependencies to be automatically installed, add "auto-install-peers=true" to an .npmrc file at the root of your project.
hint: If you don't want pnpm to fail on peer dependency issues, add "strict-peer-dependencies=false" to an .npmrc file at the root of your project.

此时再看 IDE,发现只有 pnpm-lock.yaml 更新了,package.json 里的依赖并没有变化。我没多想,以为是 pnpm 的 bug,就打算等修复后再升级。完全没想到 peer dependencies 和 pnpm 结尾输出的 hint 与此事有任何关系。

直到前几天,给 webpack 提的一个 issue 被修复关闭了,我又想到了依赖升级的事情。在 pnpm 仓库上搜索了一番,意外发现这事儿居然真的和 peer dependencies 有关:

The root cause is the strict-peer-dependencies option default value change which happened in v7.0.0 https://github.com/pnpm/pnpm/pull/4427. It results in the package.json file not being written after pnpm update.

As a workaround, you may add this line in your project's .npmrc file: strict-peer-dependencies=false

然后找了下官方文档,它是这么写的:

strict-peer-dependencies

  • 默认值:true
  • 类型:Boolean

如果启用了此选项,那么在依赖树中存在缺失或无效的 peer 依赖关系时,命令将执行失败。

那么解决方案其实很简单了,在 .npmrc 中添加 strict-peer-dependencies=false 即可

但这其实依然是一个问题,命令执行失败的时候 package.jsonpnpm-lock.yaml 两个文件不同步了。

赞赏

微信