[BUG] failed to resolve peer dependencies (conflict) when peer dependencies are in range.

[talsi]

Current Behavior:

npm install favors getting higher versions of peer dependencies.

for example:

"@angular/cdk": 10.2.5 has the following peer dependencies

{
  ...
  "@angular/common": "^10.0.0 || ^11.0.0-0",
  "@angular/core": "^10.0.0 || ^11.0.0-0"
  ...
}

"@angular/forms": 10.2.5 has the following peer dependencies

{
  ...
  "@angular/common": "10.2.5",
  "@angular/core": "10.2.5"
  ...
}

if you try to install both packages above you'll get an error because when resolving peer dependencies it chooses "@angular/common": 11.2.11 (and then "@angular/core": 11.2.11) thus results in a conflict

Expected Behavior:

when resolving peer dependencies it should choose "@angular/common": 10.2.5 (and then "@angular/core": 10.2.5) that would have satisfy all deps

Steps To Reproduce:

1. open an empty project / folder
2. run npm init (package.json doesn't list any dependencies)
3. run npm i @angular/cdk@10.2.5 @angular/forms@10.2.5

result:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: @angular/core@11.2.11
npm ERR! node_modules/@angular/core
npm ERR!   peer @angular/core@"^10.0.0 || ^11.0.0-0" from @angular/cdk@10.2.5
npm ERR!   node_modules/@angular/cdk
npm ERR!     @angular/cdk@"10.2.5" from the root project
npm ERR!   peer @angular/core@"11.2.11" from @angular/common@11.2.11
npm ERR!   node_modules/@angular/common
npm ERR!     peer @angular/common@"^10.0.0 || ^11.0.0-0" from @angular/cdk@10.2.5
npm ERR!     node_modules/@angular/cdk
npm ERR!       @angular/cdk@"10.2.5" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! @angular/forms@"10.2.5" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: @angular/core@10.2.5
npm ERR! node_modules/@angular/core
npm ERR!   peer @angular/core@"10.2.5" from @angular/forms@10.2.5
npm ERR!   node_modules/@angular/forms
npm ERR!     @angular/forms@"10.2.5" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

Environment:

npm: 7.11.1

[nlf]

this is one we intend to resolve in some fashion, but it is surprisingly complicated with the current state of arborist.

as a work around for now you can specify @angular/common@10.2.5 as a direct dependency and you'll at least be unblocked and able to install your tree.

[talsi]

@nlf thanks, i really appreciate your suggestion for a workaround but this is merely an example to demonstrate the nature of the issue.

The real issue I'm facing is more complicated than the example above- i actually want to rely on npm to install peer dependencies correctly and to fail when it finds conflicts.

There are however many published libraries that will fail to install without a workaround.
There are also many CLIs and other tools that will not work because of this issue.

[nlf]

yup, totally understood. we're working on it but this one creates a huge amount of complexity so it may be some time before we come up with a solution that resolves as many conflicts as it possibly can without introducing massive slow downs.

[princemaple]

Hey @talsi , does npm 7.11.2 work for you?
I'm still getting the same errors.

[talsi]

@princemaple

hi,
npm 7.11.2 does fixes the bug described above (successfully running npm i @angular/cdk@10.2.5 @angular/forms@10.2.5), but unfortunately, i'm still having a similar issue.

for example,
when trying to install @angular-slider/ngx-slider@"^2.0.3" and @angular/common@"^10.2.4"

• @angular-slider/ngx-slider@"2.0.3" has a peer-dependency on @angular/common@">=6.1.0"
  it chooses @angular/common@"10.2.5" that satisfies the root dependency of @angular/common@"^10.2.4"

• @angular-slider/ngx-slider@"2.0.3" has a peer-dependency on @angular/forms@">=6.1.0"
  it favors the higher version (11.2.12) of @angular/forms which has a peer-dependency on @angular/common@"11.2.12"

steps to reproduce are:
running npm i @angular-slider/ngx-slider@"^2.0.3" @angular/common@"^10.2.4"

result:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: untitled45@1.0.0
npm ERR! Found: @angular/common@10.2.5
npm ERR! node_modules/@angular/common
npm ERR!   @angular/common@"^10.2.4" from the root project
npm ERR!   peer @angular/common@">=6.1.0" from @angular-slider/ngx-slider@2.0.3
npm ERR!   node_modules/@angular-slider/ngx-slider
npm ERR!     @angular-slider/ngx-slider@"^2.0.3" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer @angular/common@"11.2.12" from @angular/forms@11.2.12
npm ERR! node_modules/@angular/forms
npm ERR!   peer @angular/forms@">=6.1.0" from @angular-slider/ngx-slider@2.0.3
npm ERR!   node_modules/@angular-slider/ngx-slider
npm ERR!     @angular-slider/ngx-slider@"^2.0.3" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

@isaacs, @nlf,
should i open a new bug for it?

[princemaple]

#3171

[talsi]

@isaacs it still happens to me using 7.24.2

[talsi]

@isaacs @nlf it still happens to me using 7.24.2

[Quazmoz]

Has there been any progress on this issue?

[ljharb]

@Quazmoz it's fixed. try npm 8 latest, and if you're getting an error like the above, then it means your dependency graph is invalid, and the error message explains why.

[talsi]

@Quazmoz @ljharb
actually this bug is not fixed and it's very easy to see it, just run
npm i @angular-slider/ngx-slider@"^2.0.3" @angular/common@"^10.2.4"
here's the output of the running it using the latest version (8,4,1)

the dependency graph is OK.
during install npm choose the highest version possible of @angular/forms instead of choosing a compatible version which would satisfy peer dependencies.
this bug is repeatedly getting closed. it doesn't seem like anyone thinks it's too serious.

[ljharb]

@talsi it's not always going to be possible (in a P=NP sense) to pick the right version; it's not really a bug that sometimes you have to do it yourself and explicitly add a peer dep (all your peer deps should be explicitly added anyways).

It seems like your project already depends on v13.2.2 of @angular/forms, and npm (correctly) respects that and does not downgrade it (because that might break your code, if you depend in a feature added in v13.2.0, for example).

I think you need to downgrade @angular/forms yourself, and then npm will be able to figure out the rest.

[talsi]

@ljharb
hi, my project is not dependent on anything. In fact, it's a fresh, completely empty project. No package-lock.json. No node_modules folder. No other dependencies in package.json. so npm choose to install an incompatible version of @angular/forms.

I can't control the peer dependencies of 3rd party libs.

If the default settings in npm 7 is to install peer dependencies then it shoud work flawlessly. That's the reason why it was removed after version 3.

For experienced developers this can be just a minor issue but new ones will immediately start using yarn or anything else that works for them.

I truly understand the complexity of this issue i just think that if there are no plans to fix this issue maybe it'll better to have users opt-in to use this feature instead of closing all of the bugs users open about it and keeping it as the the default setting.

I honstly don't understand how come this issue don't get more attention.

[ljharb]

@talsi indeed, you can't. which is why in this case you'd need to add @angular/forms to your initial npm install command. It's not possible for it to work flawlessly; but this is still an improvement over npm 6's behavior.

[faizaldong]

why this issue is closed? it still happening in June 2022 @ljharb

[mshakibdev]

I am still facing this issue.

[ljharb]

@faizaldong because the bug is likely in your package.json, not in npm