I often find people getting confused between these two terms, “Dependencies” and “Peer Dependencies”. What is the purpose behind defining these two objects in package.json? Is it not enough to just have a dependencies object? Why peerDependencies?
To answer these questions, let us assume that you have developed and published one angular library project ‘libxyz’ using angular/core: 8.1.1 and bootstrap 5.0.0.
To develop this module you made use of npm packages such as moment, jsoneditor, etc. Since library ‘libxyz’ is depending on some other npm modules, they are dependencies of the library.
Now, I am willing to consume your published library ‘libxyz’ in my app. The app is using moment: 2.28.0, so I already have one of the dependencies that you have. Oh… but the version seems to be different!
What do you expect? Should I request you to change the version? Or do I downgrade the version in my code?
It should not be the app developer’s responsibility to know which npm packages you are using in your library project. Those packages should be somehow installed automatically and this magic happens via dependencies object. The developer of the library project will just have to mention which npm packages are used in the implementation of the library along with the version of the package.
So, in short, I don’t have to bother about what you are using in your package but npm install will take care of it. My job is to just run command npm install libxyz and everything should get set up in the background.
When I install your library, npm will look into the dependencies object.
> If package moment with version 2.20.0 is not present in node modules, then install it in node modules of the app.
> If package moment with version 2.20.0 already exists in node modules, then skip installation.
> If package moment already exists in node modules but with a different version then install it in node module under libxyz package.
In this case, npm solves the version conflict issue where the app will point to the package moment from node modules under the app and the library libxyz will point to the package moment from node modules under itself.
Regarding peer dependencies as we said we developed a library using @angular/core 8.1.1 and bootstrap 5.0.0.
This info can go into the peerDependencies object where we don’t want to install anything but just warn or inform the user that we have developed our library with angular 8 and bootstrap 5. So please install these versions of packages in your app with your choice, so that the library works perfectly fine. This doesn’t mean that your package will not work in the app with angular 10 or other versions of bootstrap.
To conclude, dependencies are the package references that are used by your library without which it cannot work and to be installed along with your library installation automatically.
While looking at peerDependencies, npm will just throw a warning message in case the specified packages are not found in node modules. It will not install any package for you.
I hope you find this article useful.
Feel free to add questions down in the comments.
Happy Coding!
