fix(install): suppress spurious dependency warning when tool is configured#8923
fix(install): suppress spurious dependency warning when tool is configured#8923
Conversation
…gured When a mise.toml configures both node and an npm package (e.g., npm:renovate), mise would show "npm may be required but was not found" during version resolution because node hadn't been installed yet. Now the warning is suppressed when the dependency tool is already configured in the toolset and will be installed. Fixes #8919 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request introduces a mechanism to suppress spurious warnings about missing system dependencies when those dependencies are already configured within the mise toolset. It includes a new end-to-end test to verify that the 'npm' warning is correctly suppressed when 'node' is present in the configuration. Feedback indicates that the current implementation is overly broad, as it suppresses warnings if any dependency is configured rather than specifically checking for the missing program. Additionally, a performance improvement was suggested to avoid redundant calls to the dependency toolset resolution logic.
| if let Ok(ts) = self.dependency_toolset(config).await { | ||
| if !ts.list_current_versions().is_empty() { | ||
| return; | ||
| } | ||
| } |
There was a problem hiding this comment.
The current implementation suppresses the warning if any dependency of the backend is configured in the toolset. This is too broad and can lead to missing warnings for unrelated dependencies. For example, if a backend depends on both node and git, and only node is configured, a warning about git being missing from the system would be suppressed.
Additionally, dependency_toolset is called here again, even though it was already called inside dependency_which on line 1346. Since dependency_toolset performs version resolution (which can involve network requests), calling it twice is inefficient.
Consider making the check more specific to the program being requested by checking if the toolset contains a tool that matches the program name or is related via registry overrides.
if let Ok(ts) = self.dependency_toolset(config).await {
let is_configured = ts.list_current_versions().iter().any(|(b, _)| {
b.id() == program || b.tool_name() == program ||
REGISTRY.get(program).is_some_and(|rt| {
rt.overrides.iter().any(|o| *o == b.id() || *o == b.tool_name())
})
});
if is_configured {
return;
}
}
Greptile SummaryThis PR fixes a spurious The fix adds a
Confidence Score: 5/5PR is safe to merge — the fix is targeted, logically correct, and verified by a new regression test The No files require special attention; Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[warn_if_dependency_missing called] --> B{dependency_which: binary found on PATH?}
B -- Yes --> C[No warning]
B -- No --> D{Windows? Check .cmd/.exe extensions}
D -- Found --> C
D -- Not found --> E{dependency_toolset: any key in provided_by\nconfigured in toolset?}
E -- Yes --> F[Suppress warning\nwill be installed as dep]
E -- No --> G[Show warning:
'program may be required but was not found']
style F fill:#90ee90
style C fill:#90ee90
style G fill:#ffcccb
Reviews (6): Last reviewed commit: "perf: check toolset keys directly instea..." | Re-trigger Greptile |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 4689ec9. Configure here.
Address review feedback: the suppression check now only matches tools known to provide the specific missing program (e.g., node→npm, rust→cargo, ruby→gem) instead of suppressing the warning when any dependency is configured. Also fix e2e test to fail rather than silently skip when npm is unexpectedly in PATH. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Hyperfine Performance
|
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.4 x -- echo |
22.5 ± 0.6 | 21.6 | 26.0 | 1.00 |
mise x -- echo |
23.0 ± 0.5 | 22.0 | 25.1 | 1.02 ± 0.03 |
mise env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.4 env |
22.0 ± 0.7 | 21.2 | 27.3 | 1.00 |
mise env |
22.5 ± 1.0 | 21.6 | 40.5 | 1.02 ± 0.06 |
mise hook-env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.4 hook-env |
22.5 ± 0.4 | 21.8 | 24.5 | 1.00 |
mise hook-env |
23.1 ± 0.5 | 22.3 | 25.1 | 1.03 ± 0.03 |
mise ls
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.4.4 ls |
19.8 ± 0.4 | 19.2 | 21.6 | 1.00 |
mise ls |
20.5 ± 0.5 | 19.6 | 23.6 | 1.03 ± 0.03 |
xtasks/test/perf
| Command | mise-2026.4.4 | mise | Variance |
|---|---|---|---|
| install (cached) | 149ms | 149ms | +0% |
| ls (cached) | 79ms | 78ms | +1% |
| bin-paths (cached) | 83ms | 83ms | +0% |
| task-ls (cached) | 819ms | 800ms | +2% |
…parameter Instead of hardcoding which tools provide which programs inside warn_if_dependency_missing, add a provided_by parameter that each caller specifies. This keeps the knowledge at the call site where the relationship is already known (e.g., cargo backend knows "cargo" is provided by "rust"). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use ts.versions.keys() to check if a provider tool is configured, avoiding the allocation and backend resolution that list_current_versions() performs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
### 🚀 Features - **(config)** report env files in config ls and doctor output by @SamSoldatenko in [#8853](#8853) - add support for token sources in GitLab and Forgejo by @roele in [#8868](#8868) ### 🐛 Bug Fixes - **(aqua)** prevent double .exe extension when Windows override URL already ends in .exe by @yusei-wy in [#8863](#8863) - **(bash)** avoid duplicate trust warning after cd by @timothysparg in [#8920](#8920) - **(env)** prevent config root injection into PATH via _.source by @jdx in [#8936](#8936) - **(install)** suppress spurious dependency warning when tool is configured by @jdx in [#8923](#8923) ### 📚 Documentation - **(node)** add section on pinning npm version by @jdx in [#8925](#8925) - add Windows default paths and mise.toml examples alongside CLI commands by @jdx in [#8926](#8926) - clarify common sources of confusion from GitHub discussions by @jdx in [#8927](#8927) - clarify Python venv mechanisms, JAVA_HOME behavior, and activation performance by @jdx in [#8928](#8928) - add FAQ and troubleshooting entries based on common Discord questions by @jdx in [#8930](#8930) ### New Contributors - @SamSoldatenko made their first contribution in [#8853](#8853) - @yusei-wy made their first contribution in [#8863](#8863)
Upstream release notes: https://github.com/jdx/mise/releases/tag/v2026.4.5 Changes that matter for this repo: - **Spurious dependency warnings during install are suppressed** (jdx/mise#8923). This repo's mise.toml and .devcontainer/mise-system.toml both configure a language runtime plus packages from that ecosystem: - `node` + `npm:@google/gemini-cli`, `npm:@openai/codex`, `npm:agnix`, `npm:agents-lint` - `rust` + `cargo-binstall` v2026.4.4 warned that npm/cargo were "missing" during version resolution even though node/rust were configured and would be installed first. The warnings were cosmetic but noisy in CI build logs and local `mise run` output. v2026.4.5 suppresses the warning when the providing tool is present in the toolset. - **Bash duplicate trust warning fixed** (jdx/mise#8920). Entering an untrusted project directory in bash previously printed the trust warning twice per `cd` (once from the `chpwd` hook, once from `PROMPT_COMMAND`). Fixed in v2026.4.5. Directly improves the devcontainer bash experience. Changes NOT relevant to this repo (documented for future reference): - GitLab/Forgejo token support (this repo uses GitHub only). - `mise github token` renamed to `mise token github` (we don't invoke it). - Windows aqua backend `.exe` double-suffix fix (we're linux). - `_.source` PATH root injection fix (verified via grep: we don't use `_.source` in any mise config). - Env files in `mise config ls` / `mise doctor` (we don't use `MISE_ENV_FILE` or `_.file` directives today). Files touched: - docker-bake.hcl: `MISE_VERSION` variable default → v2026.4.5 - .devcontainer/Dockerfile: `ARG MISE_VERSION` → v2026.4.5 Both references must agree at every commit (bake passes MISE_VERSION to Dockerfile via ARG, so drift would manifest as a build cache miss + a downloaded mise version ≠ the Dockerfile's pinned version). Verification (CI-only per feedback_base_image_ci_only.md): - `HK_PKL_BACKEND=pkl hk run pre-commit --all --stash none` → 0 - `grep -n 'v2026\.4\.' docker-bake.hcl .devcontainer/Dockerfile` → both at v2026.4.5 - CI will download and cache v2026.4.5 on the next base-image rebuild; CI smoke-test validates end-to-end after merge. PR scope: commit 4 of PR-1 (base-image-cookbook-and-unblock). Follows commit 3 (cookbook refactor) so the version bump is a clean, separable bisect point. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Summary
mise.tomlconfigures bothnodeand an npm package (e.g.,npm:renovate), mise would shownpm may be required but was not foundduring version resolution because node hadn't been installed yetwarn_if_dependency_missingchecks if the dependency tool is already configured in the toolset (even if not yet installed) and suppresses the warning in that caseFixes #8919
Test plan
test_npm_dep_warning_suppressedverifies no warning when node is configured alongside npm packagetest_backend_missing_depsstill passes (warning still shows when dependency is truly missing)🤖 Generated with Claude Code
Note
Medium Risk
Behavior change in shared dependency-warning logic across multiple backends; incorrect
provided_bymappings could hide legitimate warnings or reduce diagnosability.Overview
Suppresses the
"<program> may be required but was not found"warning when a tool that provides that program is already configured in the toolset (even if not yet installed), by extendingwarn_if_dependency_missingto accept aprovided_bylist and short-circuit in that case.Updates the affected backends (
npm,cargo,gem,go,dotnet,pipx,spm) to pass appropriateprovided_bymappings, and adds an e2e regression test (test_npm_dep_warning_suppressed) to ensuremise ls-remote npm:...does not emit an npm-missing warning whennodeis configured alongside the npm package.Reviewed by Cursor Bugbot for commit 5183085. Bugbot is set up for automated code reviews on this repo. Configure here.