Skip to content

refactor(deps): @bsv/sdk as peerDependency across published libraries#216

Merged
sirdeggen merged 2 commits into
mainfrom
chore/sdk-peer-deps
Jun 19, 2026
Merged

refactor(deps): @bsv/sdk as peerDependency across published libraries#216
sirdeggen merged 2 commits into
mainfrom
chore/sdk-peer-deps

Conversation

@sirdeggen

Copy link
Copy Markdown
Contributor

Why

@bsv/sdk re-exposes classes with private/protected fields, so TypeScript types them nominally. Two byte-identical copies from two different node_modules/@bsv/sdk trees are treated as incompatible types downstream:

error TS2345: '.../node_modules/@bsv/sdk/.../LookupResolver').default
  is not assignable to '.../wallet-toolbox-client/node_modules/@bsv/sdk/.../LookupResolver').default.
  Types have separate declarations of a private property 'facilitator'.

Hard-depending on @bsv/sdk with narrow ranges guarantees this fan-out the moment two libs resolve different versions. The durable fix (the React-style singleton pattern): make @bsv/sdk a peer dependency of every library that exchanges SDK types across its API boundary.

What

Across 28 published packages/** libraries, moved @bsv/sdk:

  • dependenciespeerDependencies: { "@bsv/sdk": "^2" } (wide range, never exact) + peerDependenciesMeta: { "@bsv/sdk": { optional: false } }
  • added devDependencies: { "@bsv/sdk": "workspace:^" } so each lib still builds/tests against the workspace SDK

Apps/servers (infra/**, private packages like btms-backend, wallet-toolbox-examples, example-paymail, conformance-runner-ts) keep @bsv/sdk as a regular dependency — they provide the single copy. All 28 affected libs minor-bumped for a lockstep release.

Guard

New scripts/check-sdk-peer.mjs + a blocking CI step: fails if any non-private packages/** lib declares @bsv/sdk as a regular dependency, or exact-pins the peer range. Stops the regression at PR time instead of in a downstream tsc.

Verified

  • pnpm -r build (whole workspace) — green
  • @bsv/templates 8 suites/32 tests, @bsv/overlay-topics 26 suites/247 tests — green
  • pnpm install --frozen-lockfile — clean

Release

These libs must be published in lockstep (the version bumps in this PR). Hold the line going forward: never exact-pin @bsv/sdk; coordinate any future @bsv/sdk@3 as a breaking event.

🤖 Generated with Claude Code

…ries

@bsv/sdk re-exposes classes with private/protected fields, so TypeScript
types them nominally. Two copies from two node_modules trees become
incompatible types downstream (e.g. "separate declarations of a private
property 'facilitator'"). Hard-depending on @bsv/sdk with narrow ranges
guarantees that fan-out the moment two libs pin different versions.

Move @bsv/sdk from `dependencies` to `peerDependencies: { "@bsv/sdk": "^2" }`
(+ `peerDependenciesMeta` optional:false, + `devDependencies: workspace:^`
for each lib's own build/tests) across all 28 published packages/** libraries.
Apps/servers (infra/**, private packages) keep it as a regular dependency —
they provide the single copy. All affected libraries minor-bumped for a
lockstep release.

Add scripts/check-sdk-peer.mjs + a blocking CI step: fail if any published
packages/** lib declares @bsv/sdk as a regular dependency, or exact-pins the
peer range.

Verified: full workspace build green; @bsv/templates (8/32) and
@bsv/overlay-topics (26 suites/247) tests green; pnpm install --frozen-lockfile
clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@codecov

codecov Bot commented Jun 19, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sonar flagged the execSync('find ...') in check-sdk-peer.mjs (running a
binary resolved via PATH). Replace it with a Node fs directory walk — no
child_process, no PATH dependency — matching scripts/validate-frontmatter.mjs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sirdeggen sirdeggen merged commit ff9dfe8 into main Jun 19, 2026
9 checks passed
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant