Hi thanks for this package, it's really useful.
I've noticed a (probably obscure) problem with it and just wondering if you have any advice on how to work around it.
First, some background. I'm working on a product called Data-Forge Notebook and it automatically installs npm modules that it finds used in scripts. I found it annoying that npm didn't automatically install peer dependencies. So that lead me to your package.
Here's an example of how I use it. A user of my product includes request-promise
as follows:
const request = require('request-promise');
When a user runs this script in Data-Forge Notebook the module is automatically installed for them. This module also has a peer dependency on the request
module. I'm made use of install-peerdeps
within Data-Forge Notebook to automatically install peer dependencies like this. What it does in this case is run npm install request-promise
and then it runs install-peerdeps request-promise --only-peers --silent
. This works really well in this case and it ensures that my users automatically have the npm modules they need and also the peer dependencies.
However I discovered a problem with a more complicated use case.
You can easily try this example for yourself to see the result.
Create a new directory and package file:
mkdir test
cd test
npm init -y
Now install Data-Forge:
npm install --save data-forge
This installs the latest version of Data-Forge which is currently 1.3.0.
Now install the Data-Forge add on library data-forge-indicators
.
npm install --save data-forge-indicators
data-forge-indicators has a peer dependency of data-forge.
Now run your tool as follows:
npm install -g install-peerdeps
install-peerdeps data-forge-indicators --only-peers --silent
This actually replaces data-forge 1.3.0 with the older version 1.0.10.
data-forge-indicators has a peer dependency on data-forge at or above that version, yet install-peerdeps replaces the existing version with the older version.
I'm thinking that install-peerdeps should be a bit smarter and realise that there is already a new version installed and that it doesn't need to actually do any work.
What do you think? Is this the way install-peerdeps is supposed to work or is this a bug or maybe a use case that hasn't been thought of?
Thanks for your package and your help.