Phantom dependencies

[stevebeauge]

Category

[ ] Enhancement

[X] Bug

[ ] Question

Version

Please specify what version of the library you are using: [ 3.16.0 ]

Expected / Desired Behavior / Question

A developer should be able to use any package manager to build the project. Especially pnpm or yarn which are way better than npm. This requires to be very rigorous in declaring dependencies.
Basically, any time a package is used in code, it should be present in the dependencies explicitly, and not by "chance", by indirect dependency.

Ideally, pnpm should be set as the default package manager for this project (personal thought). Even if npm remains the package manager, phantom dependencies introduces some risks.

Observed Behavior

When trying to switch to pnpm, the project cannot be built anymore because of some phantom dependencies. Phantom dependencies are explained greatly by the rush team (https://rushjs.io/pages/advanced/phantom_deps/).

Here's the list of phantom dependencies in this project:

• @microsoft/sp-component-base@1.17.3
• @microsoft/sp-http@1.17.3
• @microsoft/sp-page-context@1.17.3
• @microsoft/sp-extension-base@1.17.3
• @uifabric/react-hooks@7.16.4
• @pnp/odata@2.5.0
• @uifabric/utilities@7.38.2
• @pnp/common@2.5.0
• @fluentui/merge-styles@8.5.12
• @fluentui/styles@0.66.5
• @fluentui/react-icons-northstar@0.66.5

Steps to Reproduce

1. clone the repo
2. run pnpm install (and not npm)
3. try to build pnpm run build
4. A lot of errors appear because of missing dependencies

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.