Overly restrictive engines.pnpm causes errors

[mikestopcontinues]

It looks like engines.pnpm recently jumped from 7.0.0 to 8.6.0. Is this strictly necessary for the package to function? Now, when I try to pnpm install, I get the following error:

 ERR_PNPM_UNSUPPORTED_ENGINE  Unsupported environment (bad pnpm and/or Node.js version)

Your pnpm version is incompatible with "/eslint-define-config/1.21.0".

Expected version: >= 8.6.0
Got: 8.5.1

This is happening because the package's manifest has an engines.pnpm field specified.
To fix this issue, install the required pnpm version globally.

To install the latest version of pnpm, run "pnpm i -g pnpm".
To check your pnpm version, run "pnpm -v".

I didn't know pnpm concerned itself with engines.pnpm of upstream deps until now. Given that it does, is it possible to rollback the config?

[Shinigami92]

There are multiple options:

1. you just upgrade your pnpm as described in the log message and benefits already from all the new features and the new v6.1 lock-file format
2. you set engines-strict to false
3. we remove the pnpm entry from engines, but this is not recommended because then someone could contribute a wrong lock-file or theoretically even worse GitHub actions could mess up
4. you stick to 1.20.0 until you did point 1, as you will do this anyway sometimes this year 🤷
   Why updating eslint-define-config but not your overhaul package manager, you know 😅

Edit: pnpm v7 could read v6.0 lock file format, but not v6.1

[mikestopcontinues]

The reason is I use homebrew to manage pnpm, and they haven't released the new version yet.

I pinned 1.20 for the time being, but I don't understand why you're requiring such a recent version. Doesn't your package work perfectly going all the way back to much earlier pnpm versions? Shouldn't people, who for any number of reasons can't immediately update, get the benefit of your recent releases?

[Shinigami92]

8.6.0 was already released nearly one month ago
8.6.0 brought a new lock file version (you can read about this in the pnpm changelog)
As you want to be on the newest eslint-define-config version, I want to be on the latest ecosystem versions 🤷 I hope this is understandable
I use homebrew myself and I'm on 8.6.2 🤔

The homebrew side already said 8.6.3!
Maybe just run brew update && brew upgrade --greedy

[mikestopcontinues]

Weird, I'll try "--greedy".

The new lock version barely varies at all from the previous. Though I still don't see why it should matter for an end user of this package. You can use whatever pnpm versions you want without adding a hard requirement to your users. It's the arbitrary nature of the choice I don't understand.

[Shinigami92]

Yeah, I always didn't liked how the package.json field is handled
It should be more like devDependencies instead of dependencies
But I'm not in a position to change how package.json works
And as I already wrote above, the min pnpm version is based on the lock file version

As homebrew already has 8.6.3 I will close this issue now as not planned

[Shinigami92]

Furthermore reading:

https://docs.npmjs.com/cli/v9/configuring-npm/package-json#engines

So as you didn't get just a warning but an error, I highly assume you have set engine-strict to true e.g. in your ~/.npmrc
And if you did that, you are on your own and on how you configured your environment and it's not an issue for the package owner anymore, I'm sorry 🤷

If anything is different from that, please open an issue at pnpm or ask the nodejs/npm team

[mikestopcontinues]

Thanks, I appreciate the help. Cheers!