npm:何时使用 `--force` 和 `--legacy-peer-deps`

Posted

技术标签:

【中文标题】npm:何时使用 `--force` 和 `--legacy-peer-deps`【英文标题】:npm: When to use `--force` and `--legacy-peer-deps` 【发布时间】:2021-05-07 06:56:30 【问题描述】:

我是 npm 新手,正在尝试了解重新创建 node_modules 目录以进行部署的工作原理。

我们使用npm ci 而不是npm install 来确保部署过程中的干净状态。但是,当我们在没有任何标志的情况下运行它时,会出现以下错误:

修复上游依赖冲突,或使用--force 或--legacy-peer-deps 重试此命令以接受不正确(且可能损坏)的依赖解析。

npm installdocumentation 如下(npm ci@ 上没有标志987654322@):

-f 或 --force 参数将强制 npm 获取远程资源,即使磁盘上存在本地副本。

同时,--legacy-peer-deps 的文档说:

--legacy-peer-deps:安装时忽略所有peerDependencies,采用npm 4到6的风格。

似乎这两个标志都会让npm ci 生成node_modules 目录没有任何问题,但我仍然不清楚两者之间的区别。

据我了解,--force 听起来像是基于最后下载的依赖项,并将覆盖任何以前下载的依赖项。同时,--legacy-peer-deps 听起来它在安装过程中总是会跳过对等依赖项(无论是什么),即使没有问题。

这两个标志有什么区别,我们应该什么时候使用它们?

【问题讨论】:

【参考方案1】:

当项目出现 NPM 版本冲突和错误提示时。

错误

An unhandled exception occurred: The 'buildOptimizer' option cannot be used without 'aot'.

.npmrc 文件中

legacy-peer-deps true

命令提示符

npm install

【讨论】:

【参考方案2】:

在新版本的 npm (v7) 中,默认情况下,npm install 在遇到冲突 peerDependencies 时会失败。以前不是这样的。

查看here 了解有关 npm v7 中对等依赖项的更多信息。

两者的区别如下-

--legacy-peer-deps:安装时忽略所有peerDependencies,采用npm 4到6的风格。

--strict-peer-deps:遇到任何冲突的peerDependencies 时失败并中止安装过程。默认情况下,npm 只会在根项目的直接依赖引起的 peerDependencies 冲突时崩溃。

【讨论】:

每个 OP 的 --force 是什么?是否有一个优于另一个或整体重复数据包等的性能优势?【参考方案3】:

在https://github.blog/2021-02-02-npm-7-is-now-generally-available/的文章中

您可以选择使用--force 重试以绕过冲突或 --legacy-peer-deps 命令完全忽略对等依赖项 (此行为类似于版本 4-6)。

我同意这句话不是很清楚,但是“完全忽略对等依赖项”听起来不太好。让我们用一个真实的例子:

这是我npm install时遇到的peer依赖错误:

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: mobile@undefined
npm ERR! Found: react@17.0.1
npm ERR! node_modules/react
npm ERR!   react@"17.0.1" from the root project
npm ERR!   peer react@">=16.0.0" from @testing-library/react-native@7.2.0
npm ERR!   node_modules/@testing-library/react-native
npm ERR!     dev @testing-library/react-native@"7.2.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer react@"16.13.1" from react-native@0.63.2
npm ERR! node_modules/react-native
npm ERR!   react-native@"https://github.com/expo/react-native/archive/sdk-39.0.4.tar.gz" from the root project
npm ERR!   peer react-native@">=0.59" from @testing-library/react-native@7.2.0
npm ERR!   node_modules/@testing-library/react-native
npm ERR!     dev @testing-library/react-native@"7.2.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /Users/me/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/me/.npm/_logs/2021-03-13T00_10_33_813Z-debug.log
npm ERR! code 1
npm ERR! path /Users/me/my-app
npm ERR! command failed
npm ERR! command sh -c sh ./bin/setup.sh

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/me/.npm/_logs/2021-03-13T00_10_33_860Z-debug.log

下面是--legacy-peer-deps--force之间的package-lock.json区别。

    如果我运行 npm install --legacy-peer-deps,它会将其添加到我的 package-lock.json
"node_modules/@unimodules/react-native-adapter": 
  "version": "5.7.0",
  "resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
  "integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
  "dependencies": 
    "invariant": "^2.2.4",
    "lodash": "^4.5.0"
  ,
  "peerDependencies": 
    "react-native": "*",
    "react-native-web": "~0.13.7"
  
,

...

"@unimodules/react-native-adapter": 
  "version": "5.7.0",
  "resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
  "integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
  "requires": 
    "invariant": "^2.2.4",
    "lodash": "^4.5.0"
  
,
    如果我改用npm install --force,它会添加 
"node_modules/expo/node_modules/@unimodules/react-native-adapter": 
  "version": "5.7.0",
  "resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
  "integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
  "dependencies": 
    "invariant": "^2.2.4",
    "lodash": "^4.5.0"
  ,
  "peerDependencies": 
    "react-native": "*",
    "react-native-web": "~0.13.7"
  
,
"node_modules/expo/node_modules/inline-style-prefixer": 
  "version": "5.1.2",
  "resolved": "https://registry.npmjs.org/inline-style-prefixer/-/inline-style-prefixer-5.1.2.tgz",
  "integrity": "sha512-PYUF+94gDfhy+LsQxM0g3d6Hge4l1pAqOSOiZuHWzMvQEGsbRQ/ck2WioLqrY2ZkHyPgVUXxn+hrkF7D6QUGbA==",
  "peer": true,
  "dependencies": 
    "css-in-js-utils": "^2.0.0"
  
,
"node_modules/expo/node_modules/react-native-web": 
  "version": "0.13.18",
  "resolved": "https://registry.npmjs.org/react-native-web/-/react-native-web-0.13.18.tgz",
  "integrity": "sha512-WR/0ECAmwLQ2+2cL2Ur+0/swXFAtcSM0URoADJmG6D4MnY+wGc91JO8LoOTlgY0USBOY+qG/beRrjFa+RAuOiA==",
  "peer": true,
  "dependencies": 
    "array-find-index": "^1.0.2",
    "create-react-class": "^15.6.2",
    "deep-assign": "^3.0.0",
    "fbjs": "^1.0.0",
    "hyphenate-style-name": "^1.0.3",
    "inline-style-prefixer": "^5.1.0",
    "normalize-css-color": "^1.0.2",
    "prop-types": "^15.6.0",
    "react-timer-mixin": "^0.13.4"
  ,
  "peerDependencies": 
    "react": ">=16.5.1",
    "react-dom": ">=16.5.1"
  
,

...

  "dependencies": 
    "@unimodules/react-native-adapter": 
      "version": "5.7.0",
      "resolved": "https://registry.npmjs.org/@unimodules/react-native-adapter/-/react-native-adapter-5.7.0.tgz",
      "integrity": "sha512-L557/+sc8ZKJVgo1734HF1QNCxrt/fpqdmdNgySJT+kErux/AJNfPq3flsK0fyJduVmniTutYIMyW48cFoPKDA==",
      "requires": 
        "invariant": "^2.2.4",
        "lodash": "^4.5.0"
      
    ,
    "inline-style-prefixer": 
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/inline-style-prefixer/-/inline-style-prefixer-5.1.2.tgz",
      "integrity": "sha512-PYUF+94gDfhy+LsQxM0g3d6Hge4l1pAqOSOiZuHWzMvQEGsbRQ/ck2WioLqrY2ZkHyPgVUXxn+hrkF7D6QUGbA==",
      "peer": true,
      "requires": 
        "css-in-js-utils": "^2.0.0"
      
    ,
    "react-native-web": 
      "version": "0.13.18",
      "resolved": "https://registry.npmjs.org/react-native-web/-/react-native-web-0.13.18.tgz",
      "integrity": "sha512-WR/0ECAmwLQ2+2cL2Ur+0/swXFAtcSM0URoADJmG6D4MnY+wGc91JO8LoOTlgY0USBOY+qG/beRrjFa+RAuOiA==",
      "peer": true,
      "requires": 
        "array-find-index": "^1.0.2",
        "create-react-class": "^15.6.2",
        "deep-assign": "^3.0.0",
        "fbjs": "^1.0.0",
        "hyphenate-style-name": "^1.0.3",
        "inline-style-prefixer": "^5.1.0",
        "normalize-css-color": "^1.0.2",
        "prop-types": "^15.6.0",
        "react-timer-mixin": "^0.13.4"
      
    
  
,

如您所见,npm install --force 仍然固定了许多更严格的依赖版本。

因此,对于 npm 7,如果 npm install 由于对等依赖问题而失败,您可能会首先尝试 npm install --force

【讨论】:

当我使用yarn 而不是npm install 时,它似乎没有出现任何错误,并且它安装软件包而不提示任何错误?使用yarn 代替npm 有什么问题吗? 这是npm特有的 我不太明白,--legacy-peer-deps 只是没有安装任何对等依赖项?

以上是关于npm:何时使用 `--force` 和 `--legacy-peer-deps`的主要内容,如果未能解决你的问题,请参考以下文章

获取:npm WARN 使用 --force 禁用推荐的保护

何时在 NPM 上使用 Yarn?有啥区别?

即使在 npm clean cache --force、unlink、rm -rf node_modules 等之后,NPM 链接也会继续拉旧版本

npm install issue:27 个漏洞(16 个中等,9 个高,2 个严重)要解决所有问题,运行:npm audit fix --force

如何知道 npm `unzip` 模块何时完成解压缩文件?

Visual Studio Force Library导入C ++