npm peer dependency check

Question

$ npm install
[email protected] /Users/antpaw/my_module
├── [email protected] 
└── UNMET PEER DEPENDENCY request@^2.74.0

npm WARN [email protected] requires a peer of request@^2.74.0 but none was installed.

I don't understand how this can be only a warning. It's a pretty big deal for my app if "request" isn't install and my app will crash.

How can i make npm install exit with 1 if a peer dependency is unmet or is there something like npm do-i-have-everything-i-need-installed command that will exit with 1?

Answer 1

You are most likely using npm@3 (version 3).

As specified in the documentation, npm versions 1 and 2 used to install peerDependencies in most cases. Npm version 3 changes this behavior and no longer installs peerDependencies but instead throw a warning when the peerDependencies is not installed.

npm versions 1 and 2 will automatically install peerDependencies if they are not explicitly depended upon higher in the dependency tree. In the next major version of npm (npm@3), this will no longer be the case. You will receive a warning that the peerDependency is not installed instead.

The reasons behind the changes were mostly to avoid a dependencies hell when using peerDependencies or most of the time peerDependencies being used wrongly. There are a number of issues on the npm Github regarding peerDependencies like this one explaining some issues and what led to the solution to not install peerDependencies anymore.

If your application crashes if request is not installed, you are mostly requiring it. At the moment, in the npm environment, dependencies are packages you require(), devDependencies are packages you require() only for development, tests, etc.

peerDependencies were originally designed to address problems with packages that were mostly 'plugins' for other frameworks or libraries, designed to be used with another 'host' package even though they're not directly using or requiring the 'host' package.

For example, Grunt plugins are meant to be used with Grunt but never require('grunt');. Adding grunt as a dependencies would lead to a new downloaded copy of the package that would never be used. Even if some plugins have direct dependencies to the 'host' package and specify the 'host' package in the dependencies, that would lead to multiple copies of the 'host' package.

A peerDependencies is a way of saying that a package works when plugged in a version of an 'host' package, so if you install this package, you should also install this other package manually.

That's the behaviour you're currently having, you're installing your application, listing request as a peerDependencies, so you should install it for it to work and remove the warning, otherwise, you'll need to move to a classic dependencies.

Answer 2

It looks like I've found a way to exit with 1, after/before (I think the order doesn't matter) doing the general npm install I need to run npm install my_module which will exit with 1. That means I can define a list of modules I want to make sure to have exactly what they need (defined in peerDependencies) in my CI script, not pretty but it's better than nothing.

So npm install doesn't break no matter what kind of dependencies nonsense you will define in your package.json. npm install module_name will break if you have nonsense in your package.json.