Allow prerelease versions when checking peer deps#3361
Merged
Conversation
Uses lower-level APIs in node-semver to allow prerelease versions when checking peer deps. This honors the intent of library authors e.g. when they write a React component that asks for `"react": ">=15.0.0"` they're saying OK with `react@16.0.0` (partly because the React team specifically has said that if you don't have any warnings in version N, then version N+1 should work for you). By extension and modulo bugs, `react@16.0.0-alpha` works too (if the user explicitly installs it). Test Plan: Added unit tests for the new semver utility. Tested in a real project that uses React 16.0.0-alpha.11 and verified I didn't get any peer dep warnings that usually appear from libraries that ask for `"react": ">=15.0.0"`. Downgraded React to 0.14.0 (too low) and saw peer dep warnings come back as expected.
Member
|
Thanks, @ide. |
node-semver converts ~ and ^ ranges into pairs of >= and < ranges but the upper bounds don't properly exclude prerelease versions. For example, "^1.0.0" is converted to ">=1.0.0 <2.0.0", which includes "2.0.0-pre" since prerelease versions are lower than their non-prerelease counterparts. As a practical workaround we make upper-bound ranges exclude prereleases and convert "<2.0.0" to "<2.0.0-0", for example. Added unit tests as well.
Contributor
|
Can this be made to work with yarn/src/package-compatibility.js Lines 58 to 88 in fe34bb0 $ node --version
v8.2.0-rc.1
$ yarn
yarn install v0.24.6
[1/4] 🔍 Resolving packages...
[2/4] 🚚 Fetching packages...
error ansi-styles@3.0.0: The engine "node" is incompatible with this module. Expected version ">=4".
error Found incompatible module
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.EDIT: Workaround: |
Member
|
@SimenB I think it is a good idea, would you send a PR? |
4 tasks
ramonclaudio
added a commit
to ramonclaudio/bun-fork
that referenced
this pull request
Apr 18, 2026
Prerelease versions like `56.0.0-canary-20260212-4f61309` incorrectly trigger "incorrect peer dependency" warnings when checked against ranges like `>=14.0.4` or `*`. The strict semver `pre_matched` gate in `List.satisfiesPre` requires comparators to share the same major.minor.patch with a prerelease tag, which fails for ranges without prerelease comparators. Yarn v1 fixed the same issue in 2017 (yarnpkg/yarn#3361) via `satisfiesWithPrereleases`. node-semver exposes `{ includePrerelease: true }` as a built-in option. npm/rfcs#397 has been open since 2021 proposing similar semantics. Add `satisfiesIncludePrerelease` methods to `List` and `Group` in `SemverQuery.zig` that skip the `pre_matched` gate, then call from `resolutionSatisfiesDependency` which is exclusively used for peer dependency validation. Strict semver resolution path stays strict. Fixes oven-sh#29444 Relates to oven-sh#26076, oven-sh#15711
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Uses lower-level APIs in node-semver to allow prerelease versions when checking peer deps. This honors the intent of library authors e.g. when they write a React component that asks for
"react": ">=15.0.0"they're saying OK toreact@16.0.0(partly because the React team specifically has said that if you don't have any warnings in version N, then version N+1 should work for you). By extension and modulo bugs,react@16.0.0-alphaworks too if the user explicitly installs it.Fixes #2760
Test plan
Added unit tests for the new semver utility.
Tested in a real project that uses React 16.0.0-alpha.11 and verified I didn't get any peer dep warnings that usually appear from libraries that ask for
"react": ">=15.0.0". Downgraded React to 0.14.0 (too low) and saw peer dep warnings come back as expected.