fix(overrides): move invalid peers to prod deps

[KSXGitHub]

Fixes #8978

[zkochan]

I don't think it is the right way to fix this. Maybe in the overrider instead. If a peer is overriden with a link or file, override it by adding such entries to "dependencies" instead of adding the link/file to "peerDependencies"

[KSXGitHub]

I don't think it is the right way to fix this. Maybe in the overrider instead. If a peer is overriden with a link or file, override it by adding such entries to "dependencies" instead of adding the link/file to "peerDependencies"

There are still use case for overriding peerDependencies #8978 (comment). We want to support overriding dependencies outside the range of declared peerDependencies.

[zkochan]

OK, as I said, you can change it just for the link/file overrides

[KSXGitHub]

@zkochan I have changed it. Now overrides would move invalid peer versions from peerDependencies to dependencies. The logic that is used to detect invalid peer versions is now its own package.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@pnpm/builder.policy@3.0.0	filesystem	0	13.6 kB	zkochan
npm/@pnpm/byline@1.0.0	None	0	9.73 kB	zkochan
npm/@pnpm/colorize-semver-diff@1.0.1	None	0	6.58 kB	zkochan
npm/@pnpm/config.env-replace@3.0.0	None	0	11.7 kB	zkochan
npm/@pnpm/exec@2.0.0	environment Transitive: filesystem, shell	+2	1.24 MB	zkochan
npm/@pnpm/fs.packlist@2.0.0	None	0	4.32 kB	zkochan
npm/@pnpm/hosted-git-info@1.0.0	None	0	22.9 kB	zkochan
npm/@pnpm/log.group@3.0.0	None	0	19.7 kB	zkochan
npm/@pnpm/logger@5.1.0	None	0	8.76 kB	zkochan
npm/@pnpm/meta-updater@2.0.3	filesystem, unsafe Transitive: environment, network	+39	393 kB	zkochan
npm/@pnpm/network.agent@2.0.0	Transitive: environment, eval, network	+12	303 kB	zkochan
npm/@pnpm/node-fetch@1.0.0	network	+2	247 kB	zkochan
npm/@pnpm/nopt@0.2.1	environment	+1	31.8 kB	zkochan
npm/@pnpm/npm-conf@3.0.0	environment, filesystem Transitive: network	+5	114 kB	zkochan
npm/@pnpm/npm-lifecycle@1000.0.1	environment, filesystem, shell	+10	820 kB	zkochan
npm/@pnpm/npm-package-arg@1.0.0	None	+1	38.2 kB	zkochan
npm/@pnpm/os.env.path-extender@2.0.0	Transitive: environment, filesystem	+4	207 kB	zkochan
npm/@pnpm/patch-package@0.0.0	environment, filesystem	+1	313 kB	zkochan
npm/@pnpm/ramda@0.28.1	None	0	1.11 MB	zkochan
npm/@pnpm/registry-mock@3.48.0	environment, filesystem Transitive: network, shell	+6	571 kB	pnpmuser
npm/@pnpm/semver-diff@1.1.0	None	0	5.14 kB	zkochan
npm/@pnpm/tabtab@0.5.4	environment, filesystem	+1	904 kB	zkochan
npm/@pnpm/tgz-fixtures@0.0.0	None	0	13.5 MB	zkochan
npm/@pnpm/util.lex-comparator@3.0.0	None	0	7.63 kB	zkochan
npm/@pnpm/which@3.0.1	environment	0	7.55 kB	zkochan
npm/@pnpm/workspace.find-packages@4.0.6	Transitive: environment, filesystem, network	+43	738 kB	zkochan
npm/@pnpm/workspace.read-manifest@2.2.0	None	+2	25.6 kB	pnpmuser
npm/@reflink/reflink@0.1.18	filesystem, shell	0	12.9 kB	ialdama
npm/@rushstack/worker-pool@0.4.9	None	0	29 kB	odspnpm
npm/@types/adm-zip@0.5.5	None	+1	2.24 MB	types
npm/@types/archy@0.0.33	None	0	3.69 kB	types
npm/@types/byline@4.2.36	None	+1	2.22 MB	types
npm/@types/cross-spawn@6.0.6	None	+1	2.22 MB	types
npm/@types/fs-extra@9.0.13	None	+1	2.24 MB	types
npm/@types/graceful-fs@4.1.9	None	+1	2.22 MB	types
npm/@types/hosted-git-info@3.0.5	None	0	5.43 kB	types
npm/@types/ini@1.3.31	None	0	4.57 kB	types
npm/@types/is-gzip@2.0.0	None	0	2.62 kB	types
npm/@types/is-windows@1.0.2	None	0	3.14 kB	types
npm/@types/isexe@2.0.2	None	+1	2.22 MB	types
npm/@types/jest@29.5.12	None	+2	253 kB	types
npm/@types/js-yaml@4.0.9	None	0	9.12 kB	types
npm/@types/lodash.clonedeep@4.5.9	None	+1	870 kB	types
npm/@types/lodash.throttle@4.1.7	None	+1	870 kB	types
npm/@types/micromatch@4.0.7	None	+1	31.7 kB	types
npm/@types/node@18.19.34 🔁 npm/@types/node@10.12.9, npm/@types/node@20.11.26	None	0	1.97 MB	types
npm/@types/normalize-path@3.0.2	None	0	2.81 kB	types
npm/@types/object-hash@3.0.6	None	0	6.67 kB	types
npm/@types/parse-json@4.0.2	None	0	2.95 kB	types
npm/@types/proxyquire@1.3.31	None	0	3.25 kB	types
npm/@types/ramda@0.29.12	None	0	34.8 kB	types
npm/@types/retry@0.12.5	None	0	7.57 kB	types
npm/@types/rimraf@3.0.2	None	+3	2.24 MB	types
npm/@types/semver@7.5.3	None	0	23.8 kB	types
npm/@types/shell-quote@1.7.5	None	0	6.09 kB	types
npm/@types/signal-exit@3.0.4	None	0	3.49 kB	types
npm/@types/sinon@10.0.20	None	+1	93 kB	types
npm/@types/ssri@7.1.5	None	+1	2.22 MB	types
npm/@types/table@6.0.0	None	0	4.67 kB	types
npm/@types/tar-stream@2.2.3	None	+1	2.22 MB	types
npm/@types/tar@6.1.13	None	+1	2.24 MB	types
npm/@types/touch@3.1.5	None	+1	2.22 MB	types
npm/@types/uuid@8.3.4	None	0	6.67 kB	types
npm/@types/validate-npm-package-name@4.0.2	None	0	4.45 kB	types
npm/@types/which@2.0.2	None	0	6.06 kB	types
npm/@types/write-file-atomic@4.0.3	None	+1	2.22 MB	types
npm/@types/yarnpkg__lockfile@1.1.9	None	0	3.71 kB	types
npm/@typescript-eslint/eslint-plugin@6.18.1	Transitive: environment, filesystem	+17	6.17 MB	jameshenry
npm/@typescript-eslint/parser@6.18.1	Transitive: environment, filesystem	+10	1.52 MB	jameshenry
npm/@yao-pkg/pkg@5.12.0	environment, filesystem, shell, unsafe Transitive: network	+22	6.02 MB	roberts_lando
npm/@yarnpkg/core@4.0.5	environment, eval, filesystem, network, unsafe	+33	5.63 MB	yarnbot
npm/@yarnpkg/extensions@2.0.3	None	0	35.9 kB	yarnbot
npm/@yarnpkg/lockfile@1.1.0	environment, eval, filesystem	0	280 kB	arcanis
npm/@yarnpkg/nm@4.0.5	Transitive: environment, eval, filesystem, network, unsafe	+37	8.33 MB	yarnbot
npm/@yarnpkg/parsers@3.0.0	None	0	197 kB	yarnbot
npm/@yarnpkg/pnp@4.0.6	environment, filesystem, unsafe	+2	2.82 MB	yarnbot
npm/@zkochan/cmd-shim@6.0.0	environment	0	37.5 kB	zkochan
npm/@zkochan/diable@1.0.2	environment	0	7.59 kB	zkochan
npm/@zkochan/js-yaml@0.0.7	Transitive: environment, filesystem	+1	557 kB	zkochan
npm/@zkochan/retry@0.2.0	None	0	15 kB	zkochan
npm/@zkochan/rimraf@3.0.2	filesystem	0	2.87 kB	zkochan
npm/@zkochan/table@2.0.1	Transitive: eval	+4	1.72 MB	zkochan
npm/adm-zip@0.5.14	filesystem	0	105 kB	cthackers
npm/ansi-diff@1.1.1	None	+2	17.1 kB	mafintosh
npm/archy@1.0.0	None	0	8.42 kB	substack
npm/better-path-resolve@1.0.0	None	0	3.06 kB	zkochan
npm/bin-links@4.0.4	filesystem	+1	32.8 kB	npm-cli-ops
npm/bole@5.0.14	None	+2	86.4 kB	rvagg
npm/boxen@5.1.2	None	+2	32.2 kB	sindresorhus
npm/c8@7.14.0	filesystem, unsafe Transitive: shell	+5	640 kB	oss-bot
npm/camelcase-keys@6.2.2	None	+1	16.3 kB	sindresorhus
npm/camelcase@6.3.0 🔁 npm/camelcase@1.2.1, npm/camelcase@3.0.0	None	0	11.7 kB	sindresorhus
npm/can-link@2.0.0	filesystem	0	3.9 kB	zkochan
npm/can-write-to-dir@1.1.1	filesystem	0	3.92 kB	zkochan
npm/chalk@4.1.2	None	+3	85.9 kB	sindresorhus
npm/ci-info@3.9.0	environment	0	26.1 kB	sibiraj-s
npm/cli-columns@4.0.0	None	0	8.2 kB	shannonmoeller
npm/cli-truncate@2.1.0	None	0	10.4 kB	sindresorhus
npm/cmd-extension@1.0.2	environment	0	2.27 kB	zkochan
npm/comver-to-semver@1.0.0	None	0	2.54 kB	zkochan
npm/concurrently@8.2.1	environment, filesystem	+2	7.05 MB	gustavohenke
npm/cross-env@7.0.3	environment	0	29.1 kB	kentcdodds
npm/cross-spawn@7.0.5	environment, filesystem, shell	0	16.1 kB	satazor
npm/cspell@7.3.8	environment, filesystem, network Transitive: shell	+88	5.83 MB	jason-dent
npm/deep-require-cwd@1.0.0	None	+2	13 kB	zkochan
npm/delay@5.0.0	None	0	11.2 kB	sindresorhus
npm/detect-libc@2.0.3	filesystem, shell	0	23.6 kB	lovell
npm/didyoumean2@6.0.1	None	+2	366 kB	foray1010
npm/dint@5.1.0	filesystem	0	6.09 kB	zkochan
npm/dir-is-case-sensitive@2.0.0	filesystem	0	5.18 kB	zkochan
npm/encode-registry@3.0.1	None	0	3.34 kB	zkochan
npm/enquirer@2.4.1	environment	+1	215 kB	jonschlinkert
npm/esbuild@0.19.12	environment, filesystem, network, shell	0	133 kB	evanw
npm/escape-string-regexp@4.0.0	None	0	3.79 kB	sindresorhus
npm/eslint-config-standard-with-typescript@39.1.1	None	+1	33.8 kB	mightyiam
npm/eslint-plugin-import@2.30.0	environment, filesystem, unsafe Transitive: eval	+44	4.66 MB	ljharb
npm/eslint-plugin-n@16.6.2	filesystem Transitive: unsafe	+14	1.96 MB	weiran.zsd
npm/eslint-plugin-node@11.1.0	filesystem	+4	846 kB	mysticatea
npm/eslint-plugin-promise@6.6.0	None	0	72.5 kB	eslint-community-bot
npm/eslint@8.57.0	environment, filesystem Transitive: eval, unsafe	+34	8.85 MB	eslintbot
npm/exists-link@2.0.0	filesystem	0	4.07 kB	zkochan
npm/fast-glob@3.3.2	filesystem	+5	211 kB	mrmlnc
npm/filenamify@4.3.0	None	+1	10.8 kB	sindresorhus
npm/find-up@5.0.0 🔁 npm/find-up@1.1.2	None	0	11.8 kB	sindresorhus
npm/fs-extra@11.2.0	None	0	54.9 kB	ryanzim
npm/fuse-native@2.2.6	environment, filesystem, shell	+4	8.39 MB	mafintosh
npm/get-npm-tarball-url@2.1.0	None	0	8.52 kB	zkochan
npm/get-port@5.1.1	network	0	8.74 kB	sindresorhus
npm/ghooks@2.0.4	environment, filesystem Transitive: shell	+3	92.3 kB	gtramontina
npm/graceful-git@4.0.0	None	0	4.19 kB	zkochan
npm/graph-cycles@1.2.1	None	+1	35.8 kB	grantila
npm/https-proxy-server-express@0.1.2	network Transitive: environment, eval, filesystem	+26	3.46 MB	ialdama
npm/husky@9.1.5	None	0	0 B
npm/hyperdrive-schemas@2.0.0	None	0	19.7 kB	andrewosh
npm/ini@4.1.1	None	0	12.7 kB	npm-cli-ops

🚮 Removed packages: npm/@pnpm.e2e/pkg-with-1-dep@100.0.0, npm/@zkochan/not-exists@1.2.0, npm/bar@1.0.0, npm/es6-iterator@2.0.1, npm/expire-fs@2.2.3, npm/foo@1.0.0, npm/is-negative@1.0.0, npm/ms@1.0.0, npm/react-dom@18.2.0, npm/react@18.2.0, npm/rimraf@2.5.1, npm/svgicons2svgfont@5.0.2, npm/symlink-dir@2.0.2, npm/typescript@4.8.4, npm/typescript@5.4.2, npm/webpack@2.7.0, npm/webpack@5.65.0, npm/write-json-file@2.3.0, npm/write-pkg@7.0.0

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[KSXGitHub]

It's not exactly a "refactor" if the behavior changes.

[zkochan]

Right, but the commits will be squashed anyway to a single commit. So, it doesn't matter that much what are in these commit messages.