Bug: peerDependencies from monorepo packages cause npm resolution errors

[etrepum]

Lexical version: All versions since #1396 through at least v0.14.2

Steps To Reproduce

1. Create a package.json that depends on an older version of lexical, with at least one associated package from the monorepo that uses peerDependencies, and install it to create an initial package-lock.json e.g. npm install lexical@0.14.1 @lexical/react@0.14.1
2. Attempt to upgrade to a newer version of lexical, e.g. npm install lexical@latest @lexical/react@latest and get a resolution failure

Link to code example:

https://github.com/facebook/lexical/tree/main/examples/react-rich (or any of the other examples)

The current behavior

Dependency resolution fails with an error

# npm resolution error report

While resolving: @lexical/react-rich-example@0.14.2
Found: @lexical/react@0.13.1
node_modules/@lexical/react
  @lexical/react@"0.14.2" from the root project

Could not resolve dependency:
@lexical/react@"0.14.2" from the root project

Conflicting peer dependency: lexical@0.14.2
node_modules/lexical
  peer lexical@"0.14.2" from @lexical/react@0.14.2
  node_modules/@lexical/react
    @lexical/react@"0.14.2" from the root project

Fix the upstream dependency conflict, or retry
this command with --force or --legacy-peer-deps
to accept an incorrect (and potentially broken) dependency resolution.

The expected behavior

npm install succeeds and updates the lexical packages.

Per the node blog on peerDependencies https://nodejs.org/en/blog/npm/peer-dependencies -

One piece of advice: peer dependency requirements, unlike those for regular dependencies, should be lenient. You should not lock your peer dependencies down to specific patch versions. It would be really annoying if one Chai plugin peer-depended on Chai 1.4.1, while another depended on Chai 1.5.0, simply because the authors were lazy and didn't spend the time figuring out the actual minimum version of Chai they are compatible with.

I think it doesn't really make sense in practice to use peerDependencies with all of these packages being updated in lock-step, and likely having interdependencies that are not based on the stable public API. Outside of the monorepo, when packages are not updated in lock-step, it would likely make sense to use peerDependencies on lexical and its associated monorepo packages (although at a glance I haven't found any lexical community packages doing this correctly!)

Discord thread

[etrepum]

I added a commit to #5774 that should address this

[astegmaier]

For those who may visit this issue in the future, I wanted to share some useful information:

• the fix checked in above will affect @lexical-scoped packages with versions 0.14.3+. It was not backported.
• if you're in a monorepo that uses yarn, and some of your packages (but not all) depend on earlier versions of lexical (i.e. pre 0.14.3), you can get into a state where yarn hoisting behavior will cause node to resolve the wrong package version - see this simplified reproduction
• pnpm does not have the same issue - it will allow you to specify peerDependencies in monorepo packages that you control - and respect them in a deterministic way - see fix to the simplified reproduction using pnpm instead of yarn

[etrepum]

fwiw, lexical never backports anything (nor would that have helped anyone for this issue in particular), and it is a requirement that for any packages to interoperate they must all be linked with the exact same build of lexical.

[astegmaier]

fwiw, lexical never backports anything

No shade here for not backporting - just wanted to clarify the scope for others.

and it is a requirement that for any packages to interoperate they must all be linked with the exact same build of lexical.

Totally understand that. The challenge we were hitting was meeting this requirement in a large monorepo where one package wants @lexical stuff vX and another wants @lexical stuff vY. (In our case there was no build or run-time interaction between these dependency graphs, it was just two packages that happened to live in the same repo). I think it's really a problem with yarn, not lexical TBH.