package peerDependencies are written into the lock file as if they were dependencies.

[ZakaryCode]

Verify latest release

• I verified that the issue exists in the latest pnpm release

pnpm version

version 7、8、9

Which area(s) of pnpm are affected? (leave empty if unsure)

Lockfile, Package manager compatibility

Link to the code that reproduces this issue or a replay of the bug

No response

Reproduction steps

Rely on a dependency in the project that includes peerDependencies configuration.

Project
|-- dependencies
|-- A: 1.0.0
|    |-- peerDependencies
|    |-- B: 1.0.0-beta.75
|-- B: 1.0.0-beta.75

Sorry, the verification project includes internal dependencies, and providing links also cannot be used properly.

Describe the Bug

Because B relies on being set as A's dependency in lock file, rather than depending on it from the project directory, if we link B's dependency in the project, it will cause A's dependencies to still use the installed dependencies, rather than the linked B dependencies.

Expected Behavior

When there is a clearly declared B dependency in the project dependencies, A's peerDependencies should not be locked into dependencies.

Which Node.js version are you using?

18.19.1

Which operating systems have you used?

• macOS
• Windows
• Linux

If your OS is a Linux based, which one it is? (Include the version if relevant)

No response

[ZakaryCode]

This problem can be circumvented with afterAllResolved, but it is still a bug in pnpm and should be fixed!

// .pnpmfile.cjs
module.exports = {
  hooks: {
    afterAllResolved: async (lockfile) => {
      Object.values(lockfile.packages).forEach(pkg => {
        Object.keys(pkg.peerDependencies || {}).forEach(name => {
          if (pkg.dependencies && pkg.dependencies[name]) {
            let version = pkg.dependencies[name].replace(/\(.+\)/g, '')
            if (version === pkg.peerDependencies[name]) {
              delete pkg.dependencies[name]
            }
          }
        })
      })
      return lockfile
    }
  }
}