Adding missing dependencies to package.json files to clean up phantom dependencies #8604
Conversation
alshdavid
requested review from
devongovett,
thebriando,
mischnic and
a team
and removed request for
devongovett,
thebriando and
mischnic
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
from
3caa91d
to
9e0d86e
Compare
|
We also have this eslint rule which I would have expected to catch these undeclared dependencies (I removed nullthrows from the package.json): |
| "@parcel/utils": "2.7.0", | ||
| "chalk": "^4.1.0", | ||
| "ncp": "^2.0.0", | ||
| "nullthrows": "^1.1.1", | ||
| "posthtml": "^0.16.5", | ||
| "posthtml-parser": "^0.10.1", | ||
| "resolve": "^1.12.0", | ||
| "resolve": "^1.22.1", |
There was a problem hiding this comment.
Updated this to the lasted minor version as there were issues with linux-arm64
| @@ -7,6 +7,6 @@ | |||
| }, | |||
| "peerDependencies": { | |||
| "@babel/core": "^7.0.0", | |||
| "eslint": ">= 7.0.0" | |||
| "eslint": "^7.32.0" | |||
There was a problem hiding this comment.
Had to ensure eslint was the same version in all packages that use it due to it being a global workspace package.
| @@ -39,6 +39,7 @@ | |||
| "detect-libc": "^1.0.3" | |||
| }, | |||
| "devDependencies": { | |||
| "@types/node": "^12.12.6", | |||
There was a problem hiding this comment.
This should probably be added to packages that specifically need node types rather than relying on the global package on the top level
| @@ -29,6 +29,9 @@ | |||
| "nullthrows": "^1.1.1", | |||
| "terser": "^5.14.2" | |||
| }, | |||
| "devDependencies": { | |||
| "@parcel/types": "2.7.0" | |||
| }, | |||
| "peerDependencies": { | |||
| "elm": "^0.19.1-5" | |||
There was a problem hiding this comment.
Worth noting that elm does not work on linux-arm64 meaning Parcel cannot be built/developed on docker for MacOS, ARM Linux, Asahi, etc
EDIT: Notified the elm team, they are addressing this
| "@parcel/diagnostic": "2.5.0", | ||
| "@parcel/plugin": "2.5.0", | ||
| "@parcel/types": "2.5.0", | ||
| "@parcel/utils": "2.5.0", |
There was a problem hiding this comment.
Were these intentionally set to use old versions of parcel?
If we are interested in syncing all packages in the repo against their declared workspace version, pnpm has phenomenal workspace support that avoids phantom dependencies and allows us to describe package dependencies with:
"dependencies": {
"@parcel/types": "workspace/*"
}which automatically transforms the version to the version declared in the workspace package on package publishing.
"dependencies": {
"@parcel/types": "2.7.0"
}If a dependency with a different version is required, it installs it locally to the package without creating conflicts with other packages
There was a problem hiding this comment.
Were these intentionally set to use old versions of parcel?
No, but for some reason this step didn't bump the version on the last release
Line 33 in 932b6bd
"@parcel/types": "workspace/*"
Is there some mechanism to replace that with the actual version on publish? Or is that only meant for private packages?
There was a problem hiding this comment.
Is there some mechanism to replace that with the actual version on publish? Or is that only meant for private packages?
It's a mechanism to replace the version with the actual version when running pnpm pack or pnpm publish - it works for public or private packages as it's just string replacement when publishing.
Reduces the maintenance burden involved in tracking the versions of packages in the workspace and avoids us needing to commit absolute versions in the source repo which has caused me so much grief in the past 🤣
To be clear, this is a feature of pnpm workspaces and I don't believe it's available in lerna or yarn - so it's currently unavailable to us, but is that something we'd be open to discussing?
Benchmark ResultsKitchen Sink ✅
Timings
Cold BundlesNo bundle changes detected. Cached BundlesNo bundle changes detected. React HackerNews ✅
Timings
Cold BundlesNo bundle changes detected. Cached BundlesNo bundle changes detected. AtlasKit Editor ✅
Timings
Cold BundlesNo bundle changes detected. Cached BundlesNo bundle changes detected. Three.js ✅
Timings
Cold BundlesNo bundle changes detected. Cached BundlesNo bundle changes detected. |
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
from
33d20da
to
fa92482
Compare
package.json
Outdated
| "flow-bin": "0.184.0", | ||
| "glob": "^7.1.6", | ||
| "gulp": "^4.0.2", | ||
| "gulp-babel": "^8.0.0", | ||
| "husky": "^6.0.0", | ||
| "lerna": "^3.22.1", | ||
| "@octokit/core": "3.6.0", |
There was a problem hiding this comment.
This is a peerDependency of lerna, adding this to suppress a warning
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
4 times, most recently
from
ea18091
to
8232c11
Compare
| @@ -1,4 +1,4 @@ | |||
| /* global chrome, browser, addEventListener, fetch, Response, HMR_HOST, HMR_PORT */ | |||
| /* global chrome, browser, addEventListener, Response, HMR_HOST, HMR_PORT */ | |||
There was a problem hiding this comment.
Linting error
1:46 error 'fetch' is already defined as a built-in global variable no-redeclare
| @@ -1,5 +1,4 @@ | |||
| // @flow | |||
| /* global MessageChannel:readonly */ | |||
There was a problem hiding this comment.
Linting error
1:46 error 'MessageChannel' is already defined as a built-in global variable no-redeclare
8232c11
to
9bf8258
Compare
package.json
Outdated
| "@khanacademy/flow-to-ts": "^0.5.2", | ||
| "@napi-rs/cli": "^2.6.2", | ||
| "@parcel/babel-register": "2.7.0", | ||
| "@types/node": "^15.12.4", | ||
| "@types/node": "^12.20.55", |
There was a problem hiding this comment.
Making sure our node types are aligned with our engine support
In a previous project I worked on we also used an eslint rule to enforce packages explicitly declaring their dependencies and it worked pretty well. Also helped with blacklisting imports containing We ended up moving to pnpm as, in workspaces, it structures |
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
2 times, most recently
from
6cfa714
to
f707f35
Compare
|
Should I do a patch version bump on the packages that have been updated? |
No, we do the version bumping as part of the release process.
It'd also say that it worked pretty well for Parcel so far. But apparently it's not working for intra-workspace packges (which the current eslint rule apparently silently allows)
I guess that's a separate discussion. Detecting these undeclared dependencies statically in a linter seems better to me than relying on the import call to fail at runtime/in the tests. |
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
4 times, most recently
from
2657c5a
to
e1be976
Compare
| @@ -1,6 +1,5 @@ | |||
| // @flow | |||
| import path from 'path'; | |||
| import process from 'process'; | |||
There was a problem hiding this comment.
Flow error Cannot resolve module 'process'.
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
3 times, most recently
from
1162feb
to
bd0b1af
Compare
package.json
Outdated
| @@ -37,6 +37,9 @@ | |||
| }, | |||
| "devDependencies": { | |||
| "@babel/core": "^7.12.0", | |||
| "@octokit/core": "3.6.0", | |||
| "@parcel/eslint-config": "2.7.0", | |||
| "@parcel/babel-preset": "2.7.0", | |||
There was a problem hiding this comment.
@octokit/core is an unmet peer dependency of lerna it was complaining about
@parcel/eslint-config Is used by ./.eslintrc.json
@parcel/babel-preset Is used by ./babel.config.json
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
from
bd0b1af
to
2ce79f4
Compare
packages/dev/babel-preset/index.js
Outdated
| @@ -55,7 +56,7 @@ module.exports = api => { | |||
| ], | |||
| }, | |||
| ], | |||
| 'babel-plugin-minify-dead-code-elimination', | |||
| require('babel-plugin-minify-dead-code-elimination'), | |||
There was a problem hiding this comment.
These were causing resolution issues when strict/isolated workspace packages were enabled. They now resolve relative to this package and will always use the dependencies of this package first
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
9 times, most recently
from
119a128
to
04c5090
Compare
alshdavid
force-pushed
the
alsh/rationalizing-phantom-dependencies
branch
from
04c5090
to
669cc16
Compare
Background
Yarn workspaces flattens all dependencies declared in the workspace packages into the top level
node_modeules. This, combined with Node's module resolution strategy, allows packages in the workspace to have access to a dependency declared in another package's package.json without declaring that dependency in their own package.json.These are known as phantom dependencies and can cause friction when it comes the versioning of dependencies, unexpected breakages for consumers due to missing packages (that are available in the workspace but not when pulled from npm), can sometimes hide circular dependencies and cause various other annoyances.
CHANGELOG
.npmcrcNotes
I am not 100% sure what should be a
devDependency,peerDependencyanddependencyas I lack the context on what is a library and what is a consumer. Please check my working in this regard