[Bug?]: YN0002 peer dependency error in production install when peer is provided by ancestor workspace

[georgewitteman]

Self-service

• I'd be willing to implement a fix

Describe the bug

When using yarn workspaces focus --production, peer dependencies that are satisfied by an ancestor workspace's production dependencies fail validation if the intermediate package only has the peer in devDependencies.

Specifically:

• Package A (@repro/config) has a dependency (zod-validation-error) that requires zod as a peer
• Package A declares zod as a peerDependency and has it in devDependencies for local development
• Package B (@repro/server) depends on Package A and has zod in its production dependencies

Full install works because devDependencies are installed, satisfying the peer requirement.

Production install (yarn workspaces focus --production) fails with YN0002 because:

1. devDependencies are stripped from Package A
2. Yarn checks that Package A provides zod to zod-validation-error
3. Even though Package B has zod in production dependencies, Yarn doesn't consider ancestors when validating peer requirements

The peer dependency IS available at runtime due to hoisting, but the validation fails before installation completes.

To reproduce

Minimal reproduction repository: https://github.com/georgewitteman/yarn-YN0002

Clone and test

git clone https://github.com/georgewitteman/yarn-YN0002
cd yarn-YN0002
corepack enable
yarn install                                      # ✓ Succeeds
yarn workspaces focus --production @repro/server  # ✗ Fails with YN0002

Error:

YN0002: @repro/config@workspace:packages/config doesn't provide zod, requested by zod-validation-error

Environment

System:
  OS: Linux 6.8 Debian GNU/Linux 11 (bullseye) 11 (bullseye)
  CPU: (8) x64 AMD EPYC 7763 64-Core Processor
Binaries:
  Node: 20.19.2 - /tmp/xfs-0c52103d/node
  Yarn: 4.12.0 - /tmp/xfs-0c52103d/yarn
  npm: 10.8.2 - /usr/local/bin/npm

Additional context

.yarnrc.yml configuration:

• nodeLinker: node-modules
• logFilters: [{code: YN0002, level: error}]

The dependency tree is:

@repro/server
├─D> zod (production dependency)
└─D> @repro/config (peerDep: zod, devDep: zod)
└─D> zod-validation-error (peerDep: zod)

According to https://yarnpkg.com/configuration/yarnrc#logFilters and https://dev.to/arcanis/implicit-transitive-peer-dependencies-ed0, Yarn enforces peer dependencies at every level. However, this creates an impossible situation for production installs where:

1. A library package wants consumers to provide a peer dependency
2. The library has a dependency that also needs that peer
3. The library cannot satisfy its own dependency's peer requirement in production without duplicating the dependency

[arcanis]

The peer dependency IS available at runtime due to hoisting, but the validation fails before installation completes.

It doesn't matter that it would work by happenstance - if it's not guaranteed to work, if it may fail as you add more unrelated packages that complexify your hoisting, Yarn will report the issue.

[georgewitteman]

I agree, but I'm not sure why it wouldn't be guaranteed to work. It wouldn't work if the root package removed the dependency, but since it's always in the root package it will always work.

Also, wouldn't it defeat the purpose of having peer dependencies to only have them apply one layer deep? If the only solution is to add the dependency at both layers then it could result in multiple instances of the dependency being loaded.