chore: remove duplicate esbuild devDependencies#19499
Conversation
pnpm has got itself in a state it can't seem to get out of. basically, it has 3 versions of esbuild install (0.23.x, 0.27.x, 0.25.x) thanks to the fact we have `tsx` installed. we don't depend on `tsx` anywhere, nor do any dependencies in the entire tree. pnpm is holding onto it for no reason. it is an _optional_ peer of vite and postcss-load-config (via tsup), one which we don't depend on anywhere and so it shouldn't be installed. I tried many different pnpm commands, configs, etc. Nothing seems to get pnpm to behave here. **Removing the lockfile entirely does solve the problem.** It does mean some dependencies were upgraded, but mostly just esbuild patches and what not.
43081j
changed the title
43081j
changed the title
|
FYI i caught it up as the problem still exists in main. there are multiple copies of esbuild, and tsx is installed but unused. |
|
Hey! Thanks for the PR, but removing When running
Fwiw, they are all dev-dependencies, so you are not paying for these dependencies when you install Tailwind CSS. Going to keep this as-is. |
|
indeed this is purely a DX thing for tailwind maintainers. what you said isn't quite right though. tsx is an optional peer of all of these packages. postcss-load-config: etc. tailwind itself does not use tsx - so there's no reason it is installed. it should only have installed itself if we pulled it in somewhere in a non-optional way (which would then satisfy the optional peer of both of the above). also: git clean -xdf
rm pnpm-lock.yaml
pnpm i
pnpm why -r tsx
# NO OUTPUTremoving the lockfile and reinstalling does remove tsx - because it is an optional peer, one we don't use. |
|
Yeah that makes sense. I don't believe this is a DX issue, but fewer dependencies is always better. I opened a new PR: #20102, and made sure to add you as a co-author. Thanks! |
This PR reduces the installed dependencies by cleaning up the `pnpm-lock.yaml` file. This also pins `@parcel/watcher` such that the lockfile is generated properly becauase of the patched dependencies. This is a follow-up of #19499, but up to date with the latest state of the repo. ## Test plan - Lockfile is simpler. Most dependencies stayed the same, and were published _months_ ago. There are a few cases where we have more recent published dependencies. There are 7 dependencies that were published in the last ~24 hours: `node-releases@2.0.46` (10 hours ago), `electron-to-chromium@1.5.361` (12 hours ago), `semver@7.8.1` (20 hours ago), `terser@5.48.0` (20 hours ago), `webpack-sources@3.5.0` (5 hours ago), `vite@8.0.14` (yesterday). All of these but the `terser` version used OIDC. - Socket.dev didn't report any issues with the changed dependencies - All tests still pass --------- Co-authored-by: James Garbutt <43081j@users.noreply.github.com>
3 participants
pnpm has got itself in a state it can't seem to get out of.
basically, it has 3 versions of esbuild install (0.23.x, 0.27.x, 0.25.x)
thanks to the fact we have
tsxinstalled.we don't depend on
tsxanywhere, nor do any dependencies in the entiretree. pnpm is holding onto it for no reason.
it is an optional peer of vite and postcss-load-config (via tsup), one
which we don't depend on anywhere and so it shouldn't be installed.
to fix this, i did a bunch of pnpm-fu to remove and re-add the target packages, and it now seems to have cleaned up the duplicates.
At some point, we should probably just remove the lock file and re-generate it. I think there'll be many other cases like this.
Test plan
Existing tests should cover this.