fix: accept loose peer ranges in peers check#12150
Conversation
Run peer dependency range checks with semver loose parsing while preserving prerelease inclusion. This prevents pnpm peers check from reporting react-native-reanimated@4.4.0 as unmet for ranges like >=3.16.0 || >=4.0.0-. Add a lockfile regression fixture for pnpm#12149 and a patch changeset for the peer checker and pnpm CLI. Closes pnpm#12149. Co-authored-by: OpenAI Codex <codex@openai.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (4)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
🧰 Additional context used📓 Path-based instructions (2)**/*.{ts,tsx}📄 CodeRabbit inference engine (AGENTS.md)
Files:
**/*.test.{ts,tsx}📄 CodeRabbit inference engine (AGENTS.md)
Files:
🧠 Learnings (3)📚 Learning: 2026-05-05T23:03:04.286ZApplied to files:
📚 Learning: 2026-05-14T09:04:00.133ZApplied to files:
📚 Learning: 2026-05-26T21:01:06.666ZApplied to files:
🔇 Additional comments (4)
📝 WalkthroughWalkthroughThis PR fixes a bug where ChangesLoose peer dependency range support
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Review Summary by QodoAccept loose peer dependency ranges in pnpm peers check
WalkthroughsDescription• Enable loose semver parsing in peer dependency range checks • Accept non-standard ranges like >=3.16.0 || >=4.0.0- when satisfied • Add regression test fixture for react-native-reanimated peer range • Preserve existing prerelease inclusion behavior Diagramflowchart LR
A["Peer Range Check"] -->|"Add loose: true"| B["Semver Satisfies"]
B -->|"Parse >=3.16.0 || >=4.0.0-"| C["Accept v4.4.0"]
D["Test Fixture"] -->|"Verify Fix"| C
File Changes1. deps/inspection/peers-checker/src/checkPeerDependencies.ts
|
There was a problem hiding this comment.
Pull request overview
This PR fixes pnpm peers check incorrectly reporting unmet peers when a package declares a loosely formatted semver peer range (e.g. >=4.0.0-) that is satisfied by the installed peer version. It does so by enabling semver “loose” parsing during peer-range satisfaction checks while preserving the existing includePrerelease: true behavior.
Changes:
- Enable
semver.satisfies(..., { includePrerelease: true, loose: true })for peer dependency range checks. - Add a regression test fixture and test case covering a loose peer range (
>=3.16.0 || >=4.0.0-) satisfied by an installed peer. - Add a changeset to publish patch releases for
pnpmand@pnpm/deps.inspection.peers-checker.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| deps/inspection/peers-checker/src/checkPeerDependencies.ts | Enables loose semver parsing for peer range satisfaction. |
| deps/inspection/peers-checker/test/checkPeerDependencies.test.ts | Adds regression coverage for satisfied loose peer ranges. |
| deps/inspection/peers-checker/test/fixtures/with-loose-peer-range/pnpm-lock.yaml | New lockfile fixture reproducing the reported loose peer range scenario. |
| deps/inspection/peers-checker/test/fixtures/with-loose-peer-range/package.json | New fixture manifest matching the lockfile scenario. |
| .changeset/loose-peers-check.md | Records the patch release notes for the fix. |
Files not reviewed (1)
- deps/inspection/peers-checker/test/fixtures/with-loose-peer-range/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
What
Fixes
pnpm peers checkso it accepts loose semver peer ranges such as>=3.16.0 || >=4.0.0-when the installed peer version satisfies the range.The peer checker now keeps the existing
includePrerelease: truebehavior and also enables semver loose parsing for peer range satisfaction.Why
@gorhom/bottom-sheet@5.2.14declaresreact-native-reanimatedas>=3.16.0 || >=4.0.0-. With strict semver parsing,react-native-reanimated@4.4.0was reported as unmet even though loose parsing accepts the range.Closes #12149.
Tests
PATH=/tmp/pnpm-12149-bin:$PATH pnpm --filter @pnpm/deps.inspection.peers-checker test test/checkPeerDependencies.test.ts -t "loose"— regression test passesPATH=/tmp/pnpm-12149-bin:$PATH pnpm --filter @pnpm/deps.inspection.peers-checker test— 7 passed./node_modules/.bin/cspell .changeset/loose-peers-check.md deps/inspection/peers-checker/test/checkPeerDependencies.test.ts --no-progress— 0 issuesgit diff --check— no whitespace errorsAI assistance
OpenAI Codex helped reproduce the bug, draft the regression test, and prepare the initial patch. I reviewed the diff, verified the semver behavior, reran the targeted tests above, and take responsibility for the change.
Summary by CodeRabbit
pnpm peers checkto properly validate loose peer dependency ranges. Installations with peer versions that satisfy the specified range now pass validation correctly.