In the process of learning nest.js, I've run into an npm dependency tree issue.

I'm attempting to do something like npm install --save-dev @types/bcrypt @types/passport @types/passport-jwt. This (and similar npm commands) will throw this error:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: @nestjs/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/passport
npm ERR!   passport@"^0.6.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer passport@"^0.4.0 || ^0.5.0" from @nestjs/[email protected]
npm ERR! node_modules/@nestjs/passport
npm ERR!   @nestjs/passport@"^8.2.1" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/passport
npm ERR!   peer passport@"^0.4.0 || ^0.5.0" from @nestjs/[email protected]
npm ERR!   node_modules/@nestjs/passport
npm ERR!     @nestjs/passport@"^8.2.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

I've traced the problem to the following:

• I currently have version 8.2.1 of @nestjs/passport installed - this was released on Feb 16
• I can see in my local folder of node_modules/@nestjs/passport/package.json that it has the dependency "passport": "^0.4.0 || ^0.5.0 , as the terminal error implies
• In the current Github version of @nestjs/passport, however, I see that they've updated that line to include || ^0.6.0 in late May link

@nestjs/passport hasn't created a new release with this (and other) updates yet though.

Two things I'm wondering:

1. How can I resolve this dependency issue now, before the maintainers of @nestjs/passport publish their next release?
2. Why doesn't it work for me to go into my local node_modules/@nestjs/passport/package.json file and manually change it to include ^0.6.0? (After doing that, saving the file, and trying the npm commands again, I still get the same dependency errors)

CodePudding user response：

NPM has already answered the question for you, there are two solution you can try, either run :

1. npm install --legacy-peer-deps

This section from the npm blog explains what that command does: We have identified automatic peerDependencies installation as a potentially disruptive change for many users (albeit one that we are confident is the correct behavior for a package manager), we have some tools to minimize this disruption, based on the feedback we get. We are confident that resolving package trees such that peerDependencies are properly accounted for is the right thing to do. After all, an error here can result in a production issue that’s very difficult to debug later, especially if it occurs deep in a node_modules tree. However, years of not resolving peerDependencies has allowed many projects to fail to notice these problems. In order to get unblocked and install your project in spite of peerDependencies conflicts, you can use the --legacy-peer-deps flag at install time. It may be that the disruption is too great to take all at once, and we have to have this flag enabled by default for a while as projects gradually update their conflicting dependencies. Our intent is to let the beta give us some more data points to help make that decision carefully.

Or force passport into installing (I'm not sure that is recommended)

2. npm install [package] --force

This will force npm to fetch remote resources even if a local copy exists on disk.

Good Luck.