fix: move @typescript-eslint/utils to production dependencies #1910
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When this plugin is installed with a package manager that enforces isolated
node_modules
, which is the default behavior of pnpm, the plugin fails with the following error:This plugin has a production dependency on
@typescript-eslint/utils
here, so this change moves that package fromdevDependencies
todependencies
. This change should ensure that all package managers treat this dependency as a production dependency, and makes this package usable withpnpm
's strict isolatednode_modules
.This issue is likely masked when using
npm
oryarn
because those package managers produce flatnode_modules
directories containing all transitive dependencies of the project. It is highly likely that another ESLint plugin package in an end-user's project has specified@typescript-eslint/utils
as a production dependency (eslint-plugin-jest
is one such example), resulting in this package being present innode_modules
andeslint-plugin-drizzle
being able to resolve it.The maintainer of
pnpm
has written about this scenario here: pnpms strictness helps to avoid silly bugs. Without this fix, users of this plugin are effectively relying on a phantom dependency which could be removed by other packages at any time without notice.