What does npm install --legacy-peer-deps do exactly? When is it recommended / What's a potential use case?
Solution 1
Here's how I solved this problem:
First, what's happening: react-hook-mousetrap is looking for [email protected], but it is not finding it. Instead it is finding @react17.0.1, which is a newer version. For some reason mousetrap doesn't like this newer version, and you are being notified (it is not a big deal, but they decided it was worth stopping your build).
One solution: forcibly install the specific version of react that mousetrap wants:
yarn add [email protected]
What this does is roll back your react version to a slightly older one that is compatible with mousetrap. You won't notice any difference, and in future iterations, hopefully mousetrap is updated, so this goes away.
Another solution: make a sweeping decision to not install any older version dependencies:
npm add xxxx --legacy-peer-deps
What this does is ignore old dependencies for this package. It is more comprehensive, and makes a lot of the decisions for you.
Solution 2
TL;DR:
You may be arriving upon this answer if you're upgrading from NPM v6 / Node v12.
- NPM v7+ installs peerDependencies by default; this is not the case with previous versions of NPM.
- NPM modules must name specific versions of their peerDependencies
- If you already have a peerDependency installed, but not with a version named by the module, then NPM v7+ will throw an error
- Adding
--legacy-peer-deps
ignores this new requirement, at the risk of introducing breaking changes
--legacy-peer-deps restores peerDependency installation behavior from NPM v4 thru v6
One way of thinking of this flag is that it isn't doing something new; rather it's telling NPM not to do something new, since NPM v7 now installs peerDependencies by default.
In many cases, this is leading to version conflicts, which will break the installation process.
The --legacy-peer-deps
flag was introduced with v7 as a way to bypass peerDependency auto-installation; it tells NPM to ignore peer deps and proceed with the installation anyway. This is how things used to be with NPM v4 thru v6.
If you're unclear about the difference between regular deps and peer deps, here is a bit of context:
Dependencies vs peerDependencies
Dependencies: Libraries or modules that an NPM module needs in order to work in production. (Example: I recently built a pie chart mocking library that uses Chance.js to calculate random numbers within a specified range; Chance is therefore a dependency of my module.)
peerDependencies: A peer dependency is a specific version or set of versions of a third-party software library that a module is designed to work with. They're similar in concept to the relationship between a browser extension and a browser. (Example: react-redux has two quite logical peerDependencies: react
and redux
.)
This issue is being driven, in part, by React v17
Due to the large number of modules that haven't specifically added React v17 as a peerDependency, it's now commonplace to encounter the unable to resolve dependency tree
error when running npm installs within a v17 React application.
This error will fire whenever a module (or any of its own dependencies) lists a previous version of React as a peerDependency without specifically including React v17 as well.
(Note: Similar behavior will occur with the major-version update of any other framework or library.)
How to check peerDependencies for any given module
NPM itself doesn't list peer deps on the pages of a given module. However, there is a simple workaround to check for peer deps, either before or after install. Simply run:
npm info name-of-module peerDependencies
This command will return the name of each peerDependency along with all compatible version(s).
Solution 3
I resolved (with yarn) adding the following to package.json
"resolutions": {
"**/react": "17.0.2",
"**/react-dom": "17.0.2"
},
Solution 4
If you don't want to block installing older dependencies, you can make npm neglect those warnings by forcing the script you're running. --force
antonwilhelm
Updated on July 08, 2022Comments
-
antonwilhelm almost 2 years
Just ran into this error:
npm ERR! code ERESOLVE npm ERR! ERESOLVE unable to resolve dependency tree npm ERR! npm ERR! While resolving: [email protected] npm ERR! Found: [email protected] npm ERR! node_modules/react npm ERR! react@"17.0.1" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer react@"^16.8.0" from [email protected] npm ERR! node_modules/react-hook-mousetrap npm ERR! react-hook-mousetrap@"*" from the root project npm ERR!
The module I am trying to install seems to have a different peer dependency from what I have installed. It seems like npm changed its behaviour in this regard and now lets the install fail.
What can I do now to fix this? I don't want to downgrade my React version for this.
I know there is a flag called
--legacy-peer-deps
but I am not sure what exactly this does and whether it's recommended to use it / what the potential disadvantages are? I assume there is a reason npm did let the install fail.It's just strange because I was using
yarn
up until very recently and everything was fine.-
antonwilhelm about 3 yearsI just did
npm install xxxx --legacy-peer-deps
. The install worked, but I'm not sure whether it was a good idea to solve it this way, because I don't quite understand the flag, that's why I'm asking. But haven't yet found out what the flag really does! :( -
The Red Pea over 2 yearsSpecifically I wonder how
--legacy-peer-deps
is different than--force
, because mynpm
recommends using either approach:npm ERR! Fix the upstream dependency conflict, or retry this command with --force, or --legacy-peer-deps
-
-
Daniel Tabuenca about 3 years--legacy-peer-deps does not roll back any dependencies to any version. It simply just doesn't try to install peer dependencies automatically.
-
Izzi about 3 years@dtabuenc - I've updated. Please edit, if you think this is still incorrect / misleading. Thx
-
redevill almost 3 yearsWhat I don't understand is that npm.anvaka.com/#/view/2d/react-hook-mousetrap does not show such a dependency in the first place?!
-
redevill almost 3 yearsVery nice explanation! But am still confused by: "Conflicting peer dependency: @angular/[email protected]" which is in my root. It apparently conflicts with "@angular/[email protected]" which states a need for a compatible version of: "peer @angular/platform-browser-dynamic@"^9.0.0 || ^10.0.0 || ^11.0.0" - Why the error? These don't appear to be in conflict?
-
Chris Perry almost 3 years@redevill Can you send a CodeSandbox that reproduces the issue? I'm happy to take a look
-
redevill almost 3 yearsIn another thread - I had someone else pointed out that npm 7.11.? needed to be updated, and that was the probable cause. I have not proved this, due to time constraints I pulled the --legacy flag. Will try and return when I have a moment. Thank you!
-
xpcrts AKA Rithisak over 2 yearsis there any way that we can just change version of any package and do it with npm install only?
-
xpcrts AKA Rithisak over 2 yearsis there a way that we can use with npm install only and change any package version in package.json?
-
Nelson Teixeira about 2 yearsdoes this works for yarn ? I didn't see this flag in yarn's help
-
csvan about 2 years@NelsonTeixeira no, because Yarn 1.x treats peer dependencies the same way as npm 4-6, so no flag is needed
-
DFSFOT almost 2 yearsWhy can't there be two versions and each dep using the peerdep version that they need? Or am I thinking wrong?
-
Valentin almost 2 years@redevill Peer dependencies are unfortunately not shown on npmjs.com, you need to look at the
package.json
file of the library itself. -
Vu TrongNghia almost 2 yearsQuick Question: So, as I dev with React 17, it makes sense to use --legacy-peer-deps flag despite the risk?
-
Carmine Tambascia almost 2 yearsnpm info name-of-module peerDependencies is not found in my npm, the global one is one of the latest
-
Chris Perry almost 2 years@CarmineTambascia are you replacing
name-of-module
with the actual module name? Try runningnpm info react-redux peerDependencies
to see if that gets you a result. -
Chris Perry almost 2 years@VuTrongNghia I wouldn't recommend that approach in a production environment.
-
Carmine Tambascia almost 2 years@ChrisPerry definitely