Duplicate modules with * versioning

[ArnaudBarre]

With this package.json

{
  "name": "test",
  "devDependencies": {
    "@types/react": "^17.0.39",
    "@types/react-dom": "^17.0.11"
  }
}

I get:

"@types/react@*":
 version "16.14.23"
 resolved "https://registry.npmjs.org/@types/react/-/react-16.14.23.tgz"
 integrity sha512-WngBZLuSkP4IAgPi0HOsGCHo6dn3CcuLQnCfC17VbA7YBgipZiZoTOhObwl/93DsFW0Y2a/ZXeonpW4DxirEJg==
 dependencies:
   "@types/prop-types" "*"
   "@types/scheduler" "*"
   csstype "^3.0.2"

"@types/react@^17.0.39":
 version "17.0.39"
 resolved "https://registry.npmjs.org/@types/react/-/react-17.0.39.tgz"
 integrity sha512-UVavlfAxDd/AgAacMa60Azl7ygyQNRwC/DsHZmKgNvPmRR5p70AJ5Q9EAmL2NWOJmeV+vVUI4IAP7GZrN8h8Ug==
 dependencies:
   "@types/prop-types" "*"
   "@types/scheduler" "*"
   csstype "^3.0.2"

"@types/react-dom@^17.0.11":
 version "17.0.11"
 resolved "https://registry.npmjs.org/@types/react-dom/-/react-dom-17.0.11.tgz"
 integrity sha512-f96K3k+24RaLGVu/Y2Ng3e1EbZ8/cVJvypZWd7cy0ofCBaf2lcM46xNhycMZ2xGwbBjRql7hOlZ+e2WlJ5MH3Q==
 dependencies:
   "@types/react" "*"

This creates issues with typescript due to 2 versions of React types.

And thanks for bringing frontend development to the next level! 🔥

[Jarred-Sumner]

Hmmmm

I will tweak how "*" is resolved to better match yarn & npm behavior. IIRC, it's choosing earliest rather than latest because doing that makes installs faster however that clearly doesn't work

[ArnaudBarre]

The issue for me is not using the earliest, it's to not use the same version resolved by another module. I would like more often than the output of yarn was the same than what I get after using https://github.com/atlassian/yarn-deduplicate

Edit: In this case, it will make the install faster because writing less files to disk

[birkskyum]

I don't know know how to print the bun lockfile in plaintext. When using bun install -y, the yarn.lock gives:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
# bun ./bun.lockb --hash: 7BA92E9440ED29D0-e79e8cec35e9ff70-51C6D23E56CDF79D-f37d776e888a6d35


"@types/prop-types@*":
  version "15.7.5"
  resolved "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz"
  integrity sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w==

"@types/react@^17", "@types/react@^17.0.39":
  version "17.0.65"
  resolved "https://registry.npmjs.org/@types/react/-/react-17.0.65.tgz"
  integrity sha512-oxur785xZYHvnI7TRS61dXbkIhDPnGfsXKv0cNXR/0ml4SipRIFpSMzA7HMEfOywFwJ5AOnPrXYTEiTRUQeGlQ==
  dependencies:
    "@types/prop-types" "*"
    "@types/scheduler" "*"
    csstype "^3.0.2"

"@types/react-dom@^17.0.11":
  version "17.0.20"
  resolved "https://registry.npmjs.org/@types/react-dom/-/react-dom-17.0.20.tgz"
  integrity sha512-4pzIjSxDueZZ90F52mU3aPoogkHIoSIDG+oQ+wQK7Cy2B9S+MvOqY0uEA/qawKz381qrEDkvpwyt8Bm31I8sbA==
  dependencies:
    "@types/react" "^17"

"@types/scheduler@*":
  version "0.16.3"
  resolved "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.3.tgz"
  integrity sha512-5cJ8CB4yAx7BH1oMvdU0Jh9lrEXyPkar6F9G/ERswkCuvP4KQZfZkSjcMbAICCpQTN4OuZn8tz0HiKv9TGZgrQ==

csstype@^3.0.2:
  version "3.1.2"
  resolved "https://registry.npmjs.org/csstype/-/csstype-3.1.2.tgz"
  integrity sha512-I7K1Uu0MBPzaFKg4nI5Q7Vs2t+3gWWW648spaF+Rg7pI9ds18Ugn+lvg4SHczUdKlHI5LWBXyqfS8+DufyBsgQ==

Which doesn't appear to have two versions of @types/react

[ArnaudBarre]

Yeah theses packages don't use * anymore. You can try to repro by using fixed version like 17.0.11 and 17.0.39 (not tested recently tbh, bun missing yarn-deduplicate makes it a no go for most project currently (on that point, is there is a functionality to do go from yarn.lock to bun.lockb, it enough for me to to wrap both functionality into a bun-deduplicate))

[Jarred-Sumner]

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
# bun ./bun.lockb --hash: 11CBDFCAF8E655B1-5f3952c6c9482145-766F8728BD04EDF3-6344cdbf03e7f6c3


"@types/prop-types@*":
  version "15.7.12"
  resolved "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.12.tgz"
  integrity sha512-5zvhXYtRNRluoE/jAp4GVsSduVUzNWKkOZrCDBWYtE7biZywwdC2AcEzg+cSMLFRfVgeAFqpfNabiPjxFddV1Q==

"@types/react@^17", "@types/react@^17.0.39":
  version "17.0.80"
  resolved "https://registry.npmjs.org/@types/react/-/react-17.0.80.tgz"
  integrity sha512-LrgHIu2lEtIo8M7d1FcI3BdwXWoRQwMoXOZ7+dPTW0lYREjmlHl3P0U1VD0i/9tppOuv8/sam7sOjx34TxSFbA==
  dependencies:
    "@types/prop-types" "*"
    "@types/scheduler" "^0.16"
    csstype "^3.0.2"

"@types/react-dom@^17.0.11":
  version "17.0.25"
  resolved "https://registry.npmjs.org/@types/react-dom/-/react-dom-17.0.25.tgz"
  integrity sha512-urx7A7UxkZQmThYA4So0NelOVjx3V4rNFVJwp0WZlbIK5eM4rNJDiN3R/E9ix0MBh6kAEojk/9YL+Te6D9zHNA==
  dependencies:
    "@types/react" "^17"

"@types/scheduler@^0.16":
  version "0.16.8"
  resolved "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.8.tgz"
  integrity sha512-WZLiwShhwLRmeV6zH+GkbOFT6Z6VklCItrDioxUnv+u4Ll+8vKeFySoFyK/0ctcRpOmwAicELfmys1sDc/Rw+A==

csstype@^3.0.2:
  version "3.1.3"
  resolved "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz"
  integrity sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==

No longer reproduces as of Bun v1.1.8 or earlier