How do I identify which npm packages are just peer dependencies?

Asked 24/9, 2019 at 14:41 Answered 2/12, 2019 at 22:30

node.js npm node-modules package.json peer-dependencies

I'm trying to remove unused packages from the package.json files for a few projects but I'm running into issues with peer dependencies. There are some tools, such as depcheck, which try to list all of the "unused" packages, but it doesn't differentiate between actual unused packages, and packages that are unused because they're peer dependencies.

Is there a package out there, or some npm command I'm not familiar with, that will allow me to either list all peer dependencies in my project or, at the very least, allow me to type in a package name and see if that package is installed because it's a peer dependency of another package?

For posterity, here's an example of just the dependencies for one of my projects. In this project, I know for instance that reflect-metadata is a peer dependency of @nestjs/common, but I only discovered that after uninstalling it.

"dependencies": {
    "@google-cloud/storage": "^3.2.1",
    "@google-cloud/vision": "^1.3.0",
    "@google/maps": "^0.5.5",
    "@nestjs/common": "^6.6.7",
    "@nestjs/core": "^6.6.7",
    "@nestjs/platform-express": "^6.6.7",
    "@slack/webhook": "^5.0.1",
    "@typeform/api-client": "^1.5.1",
    "algoliasearch": "^3.34.0",
    "array-uniq": "^2.1.0",
    "basic-auth": "^2.0.1",
    "child-process-promise": "^2.2.1",
    "class-transformer": "^0.2.3",
    "class-validator": "^0.10.0",
    "express": "^4.17.1",
    "firebase-admin": "^8.5.0",
    "firebase-functions": "^3.2.0",
    "geoip-lite": "^1.3.8",
    "geolib": "^3.0.4",
    "glob": "^7.1.4",
    "hbs": "^4.0.4",
    "hubspot-api": "^2.2.10",
    "json2csv": "^4.5.3",
    "lodash": "^4.17.15",
    "luxon": "^1.17.2",
    "node-fetch": "^2.6.0",
    "postmark": "^2.2.9",
    "promise-settle": "^0.3.0",
    "qrcode": "^1.4.1",
    "redux": "^4.0.4",
    "reflect-metadata": "^0.1.13",
    "rxjs": "^6.5.3",
    "sales-tax": "^2.0.10",
    "sanitize-filename": "^1.6.3",
    "sharp": "^0.23.0",
    "stripe": "^7.9.0"
  },

Astrict answered 24/9, 2019 at 14:41 Comment(2)

Please show your package.json – Northwester 24/9, 2019 at 16:51

I've posted the dependencies from the package.json – Astrict 24/9, 2019 at 16:55

This is a great question, not sure why it was downvoted. Unfortunately I don't know of an existing, nicely automated way to do this.

You can test an individual package like so:

npm uninstall some-package && npm ls

If there are any peer dependency violations, they will be printed out and the command will exit nonzero.

So you could combine this with the output of one of the other tools mentioned, iterate through the candidates for orphaned packages, remove them one-by-one, and test the output between each change. Then do an npm uninstall --save to commit the ones that didn't produce an error, or npm install to roll back the ones that do. This could be automated, but I will leave that as an exercise to the reader.

Infernal answered 2/12, 2019 at 22:30 Comment(0)

-2

check-peer-deps

Verifies that the peerDependency requirements of all top level dependencies are satisfied.

Installation

You can install this on your system with:

npm i -g check-peer-deps

Please note that this utility requires npm to be available.

Usage

Simply change into the directory of the project you wish to check the peerDependencies of and run the program.

cd foobar

check-peer-deps

If the minimum versions of all your top level peerDependencies are satisfied then there will be no output, otherwise you will see something similar to this:

check-peer-deps A dependency satisfying eslint-config-airbnb-base's peerDependency of 'eslint@^4.9.0' was not found! Current: eslint@^4.6.0 Package dependencies can satisfy the peerDependency? Yes

This tells you that eslint-config-airbnb-base is requiring eslint@^4.9.0 as a peerDependency, but the project currently only specifies eslint@^4.6.0, allowing a potential issue to arise if [email protected] was installed and not updated before installing. The output also tells you that although the minimum allowed version is too low, the maximum allowed version does satisfy the peerDependencies requirement.

install-peers-cli

CLI to install project's peerDependencies, without side effects. Works with npm, yarn. Supports yarn workspaces flow.

Install yarn

$ yarn add --dev install-peers-cli npm

$ npm install --save-dev install-peers-cli

Usage Add package.json script:

{ "scripts": { "install-peers": "install-peers" } }

Then run yarn install-peers (or npm run install-peers) to install peer dependencies of your project. It won't update lock files or modify package.json, keeping your setup pure and clean. Any other lifecycle script could be used depending on your use case.

You still may see "unmet peer dependency" warnings during regular install phase, due to installation flow of npm/yarn.

Hodgkin answered 24/9, 2019 at 17:27 Comment(1)

This is a great response but it doesn't answer my question - I need to know if a specific package is a peer dependency of some other package in my project. – Astrict 25/9, 2019 at 18:15

-3

There will be a file called package-lock.json after once you do npm install. By analyzing package-lock.json file, you can understand the dependencies of each package. For more details this blog can be referred.

Dependencies of a package are required for the correct running of the package. But there are some optional dependencies, which can be skipped. You can use --no-optional argument while installing so these extra packages will not be installed. But make sure your application is working fine without these optional packages.

Erminna answered 24/9, 2019 at 14:52 Comment(1)

package-lock.json does not display peer dependencies, and that blog post doesn't even contain the word "peer" – Astrict 24/9, 2019 at 16:50

Recommended topics

Hot tags