verifyPackageTree is checking dependencies in parent directories

[mcampa]

I'm upgrading a project to use version 2.0.0 and found the following issue:

yarn start
yarn run v1.10.1
$ react-scripts start

There might be a problem with the project dependency tree.
It is likely not a bug in Create React App, but something you need to fix locally.

The react-scripts package provided by Create React App requires a dependency:

  "webpack": "4.19.1"

Don't try to install it manually: your package manager does it automatically.
However, a different version of webpack was detected higher up in the tree:

  /Users/mcampa/myproject/node_modules/webpack (version: 3.8.1)

Manually installing incompatible versions is known to cause hard-to-debug issues.
To fix the dependency tree, try following the steps below in the exact order:

  1. Delete package-lock.json (not package.json!) and/or yarn.lock in your project folder.

  2. Delete node_modules in your project folder.

  3. Remove "webpack" from dependencies and/or devDependencies in the package.json file in your project folder.

  4. Run npm install or yarn, depending on the package manager you use.

In most cases, this should be enough to fix the problem.
If this has not helped, there are a few other things you can try:

  5. If you used npm, install yarn (http://yarnpkg.com/) and repeat the above steps with it instead.
     This may help because npm has known issues with package hoisting which may get resolved in future versions.

  6. Check if /Users/mcampa/myproject/node_modules/webpack is outside your project directory.
     For example, you might have accidentally installed something in your home folder.

  7. Try running npm ls webpack in your project folder.
     This will tell you which other package (apart from the expected react-scripts) installed webpack.

If nothing else helps, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.
That would permanently disable this preflight check in case you want to proceed anyway.

P.S. We know this message is long but please read the steps above :-) We hope you find them helpful!

error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

The problem is that my project is nested inside a legacy repository that contains a different node_modules at the root.

Something like this:

repository-root/
├── node_modules/
├── package.json
├── client-apps/
    ├── my-react-app/
         ├── node_modules/
         └── package.json

verifyPackageTree.js is checking dependencies at the root level instead of stopping my-react-app/

Workaround

SKIP_PREFLIGHT_CHECK=true yarn start

Fix

Stop going up the directory tree until it gets to the current directory process.cwd()

[facebook-github-bot]

Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need the corporate CLA signed.

If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!

[facebook-github-bot]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks!

[Timer]

This is the intended functionality because the Node module resolution algorithm doesn't stop at the process' cwd.

We'd like to err to the conservative side and keep this behavior.
Is there a reason you're not using a monorepo structure to prevent unrelated packages from being higher up in the tree?

What about when/if you accidentally import a package from the root repo instead of your client's project?

[gaearon]

I expect this will come up a lot so maybe we should revisit and make the check more conservative. We should just make sure it still covers reported issues for which it was added first. We should still have links to them.

[gaearon]

I do think it was related to the monorepo support. @Timer While I know we don't compile monorepos now, do we still allow to put CRA inside a monorepo with hoisted node_modules? If we do then this check is probably still useful.

[gaearon]

We might want to make this part more prominent:

If nothing else helps, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.

This doesn't block you when that setup is intentional. I think it'll still be helpful to people as a way to stop cryptic issues.

[Timer]

do we still allow to put CRA inside a monorepo with hoisted node_modules

Yes, or we should, at least. I can test this more but it works afaik.

[gaearon]

We should have tests for this.

[JustinTRoss]

I'm hitting this use case as well. The provided warnings are very helpful, and the workaround instructions regarding SKIP_PREFLIGHT_CHECK are clear enough. Is there any way to retain the warnings without imposing restrictions on the dependencies of parent repos.

For context, I am encountering this issue from using a local development workflow manager repo which depends on jest of a lower version. This repo is a parent to all the applications I work on. As is, this warnings will trigger unless all my applications are running dependencies of the same version.