Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Peer dependency on firebase-tools #3171

Unanswered
pascalbe-humanize asked this question in Q&A
Discussion options

Hey,
I see, @angular/fire has listed an optional peer dependency on firebase-tools. I would like to understand, why this is the case. For me, the packages serve completely different use cases. Of course, they might often be used together, but I would expect @angular/fire to perfectly work without the other.

The problem I see with this connection is, that we can not upgrade firebase-tools to the latest version without breaking the peer dependency relation. AFAIK, optional dependencies are ignored, when they are not present, but if the dependency exists in a different version than listed in the peer dependencies, then we get an error about a not fitting peer dependency.

Firebase-tools in version 9.9.0 (which is the one required by @angular/fire) brings some security issues, which should be resolved.

So finally, why do we have this peer dependency on firebase-tools at all?

by the way: thanks for this nice library :)
You must be logged in to vote

Replies: 1 comment 1 reply

Comment options

Sorry about that, we should update the peer dependency to support 10 series as we are compatible.

ng deploy uses AngularFire's schematics, so we have an optional peer dependency to support deploying Angular Universal apps to Firebase Hosting & Cloud Functions. ng add @angular/fire also uses firebase-tools to populate the auto-complete and for fetching of the project configuration.

The current advice however, is to not have firebase-tools as a devDependency, rather a globally installed library. As it's gotten far more strict with its own dependencies (pinning specific versions due to recent supply chain attacks) and has been growing in size (with the addition of the emulators and emulator UI).
You must be logged in to vote
1 reply
Comment options

Thanks for the explanation. Got it :)

Hm. Can for sure install firebase-tools separately. I'm just a fan of having all deps listed in the package.json. Otherwise, it adds complexity to the CI pipeline and also might end up in different versions locally for each dev and in the CI env (can pin it when installing though).

Will still follow your advice 👍 Thanks for taking the time.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet

AltStyle によって変換されたページ (->オリジナル) /