Npm: 何时使用“—— force”和“—— Heritage-peer-deps”

小开

最佳答案

在 npm (v7)的新版本中，默认情况下，当遇到冲突的 同伴依赖关系时，npm install将失败。以前不是这样的。

查看给你以获得更多关于 npm v7中对等依赖关系的信息。

两者的区别如下-

--legacy-peer-deps: 在安装时忽略所有 同伴依赖关系，使用 npm 版本4到版本6的风格。
--strict-peer-deps: 遇到任何冲突的 同伴依赖关系时，失败并终止安装过程。默认情况下，npm 只会因为根项目的直接依赖关系导致的 同伴依赖关系冲突而崩溃。
--force: 将强制 npm 获取远程资源，即使磁盘上存在本地副本。

小开

在 现在 npm 7已经普遍可用了的文章中,

您可以选择使用 --force重试以绕过冲突或 --legacy-peer-deps命令完全忽略对等依赖关系 (这种行为类似于版本4-6)。

我同意这句话不是很清楚，但是“完全忽略同伴依赖”听起来不太好。让我们用一个真实的例子:

下面是我在 npm install时遇到的一个对等依赖错误:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: mobile@undefined
npm ERR! Found: react@17.0.1
npm ERR! node_modules/react
npm ERR!   react@"17.0.1" from the root project
npm ERR!   peer react@">=16.0.0" from @testing-library/react-native@7.2.0
npm ERR!   node_modules/@testing-library/react-native
npm ERR!     dev @testing-library/react-native@"7.2.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer react@"16.13.1" from react-native@0.63.2
npm ERR! node_modules/react-native
npm ERR!   react-native@"https://github.com/expo/react-native/archive/sdk-39.0.4.tar.gz" from the root project
npm ERR!   peer react-native@">=0.59" from @testing-library/react-native@7.2.0
npm ERR!   node_modules/@testing-library/react-native
npm ERR!     dev @testing-library/react-native@"7.2.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /Users/me/.npm/eresolve-report.txt for a full report.


npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/me/.npm/_logs/2021-03-13T00_10_33_813Z-debug.log
npm ERR! code 1
npm ERR! path /Users/me/my-app
npm ERR! command failed
npm ERR! command sh -c sh ./bin/setup.sh


npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/me/.npm/_logs/2021-03-13T00_10_33_860Z-debug.log

下面是 --legacy-peer-deps和 --force之间的 包裹锁定 Json差异。

如果我运行 npm install --legacy-peer-deps，它会在我的 包裹锁定 Json中添加以下内容:

"node_modules/@unimodules/react-native-adapter": {
"version": "5.7.0",
"resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
"integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
"dependencies": {
"invariant": "^2.2.4",
"lodash": "^4.5.0"
},
"peerDependencies": {
"react-native": "*",
"react-native-web": "~0.13.7"
}
},


...


"@unimodules/react-native-adapter": {
"version": "5.7.0",
"resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
"integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
"requires": {
"invariant": "^2.2.4",
"lodash": "^4.5.0"
}
},

如果我使用 npm install --force，它会添加

"node_modules/expo/node_modules/@unimodules/react-native-adapter": {
"version": "5.7.0",
"resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
"integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
"dependencies": {
"invariant": "^2.2.4",
"lodash": "^4.5.0"
},
"peerDependencies": {
"react-native": "*",
"react-native-web": "~0.13.7"
}
},
"node_modules/expo/node_modules/inline-style-prefixer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/inline-style-prefixer/-/inline-style-prefixer-5.1.2.tgz",
"integrity": "sha512-PYUF+94gDfhy+LsQxM0g3d6Hge4l1pAqOSOiZuHWzMvQEGsbRQ/ck2WioLqrY2ZkHyPgVUXxn+hrkF7D6QUGbA==",
"peer": true,
"dependencies": {
"css-in-js-utils": "^2.0.0"
}
},
"node_modules/expo/node_modules/react-native-web": {
"version": "0.13.18",
"resolved": "https://registry.npmjs.org/react-native-web/-/react-native-web-0.13.18.tgz",
"integrity": "sha512-WR/0ECAmwLQ2+2cL2Ur+0/swXFAtcSM0URoADJmG6D4MnY+wGc91JO8LoOTlgY0USBOY+qG/beRrjFa+RAuOiA==",
"peer": true,
"dependencies": {
"array-find-index": "^1.0.2",
"create-react-class": "^15.6.2",
"deep-assign": "^3.0.0",
"fbjs": "^1.0.0",
"hyphenate-style-name": "^1.0.3",
"inline-style-prefixer": "^5.1.0",
"normalize-css-color": "^1.0.2",
"prop-types": "^15.6.0",
"react-timer-mixin": "^0.13.4"
},
"peerDependencies": {
"react": ">=16.5.1",
"react-dom": ">=16.5.1"
}
},


...


"dependencies": {
"@unimodules/react-native-adapter": {
"version": "5.7.0",
"resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
"integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
"requires": {
"invariant": "^2.2.4",
"lodash": "^4.5.0"
}
},
"inline-style-prefixer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/inline-style-prefixer/-/inline-style-prefixer-5.1.2.tgz",
"integrity": "sha512-PYUF+94gDfhy+LsQxM0g3d6Hge4l1pAqOSOiZuHWzMvQEGsbRQ/ck2WioLqrY2ZkHyPgVUXxn+hrkF7D6QUGbA==",
"peer": true,
"requires": {
"css-in-js-utils": "^2.0.0"
}
},
"react-native-web": {
"version": "0.13.18",
"resolved": "https://registry.npmjs.org/react-native-web/-/react-native-web-0.13.18.tgz",
"integrity": "sha512-WR/0ECAmwLQ2+2cL2Ur+0/swXFAtcSM0URoADJmG6D4MnY+wGc91JO8LoOTlgY0USBOY+qG/beRrjFa+RAuOiA==",
"peer": true,
"requires": {
"array-find-index": "^1.0.2",
"create-react-class": "^15.6.2",
"deep-assign": "^3.0.0",
"fbjs": "^1.0.0",
"hyphenate-style-name": "^1.0.3",
"inline-style-prefixer": "^5.1.0",
"normalize-css-color": "^1.0.2",
"prop-types": "^15.6.0",
"react-timer-mixin": "^0.13.4"
}
}
}
},

正如您所看到的，npm install --force仍然插入许多更严格的依赖版本。

小开

对于那些想知道哪个更安全的人，答案是 --force

--legacy-peer-deps完全忽略对等依赖关系，这可能会破坏依赖关系解析。

另一方面，--force只是为冲突的依赖关系设置不同的对等依赖关系版本

但是使用强制并不总是理想的，因为每个依赖版本都占用额外的空间。使用具有许多依赖关系的强制将增加您的总空间需求量。