Module export has unpredictable signature based on Winston dependency
bra1n opened this issue · 0 comments
Hi,
I've run into a rather peculiar problem: winston-logstash exports a module signature that depends on the implicit Winston module version. This is usually not a problem, but causes code to fail when there are multiple Winston dependencies in different packages. (with NPM 3.10.8)
Here's an example:
I have 2 NPM packages in my Node project that require different versions of Winston:
- oldPackage requires Winston 0.8.3
- newPackage requires Winston 2.3.0 and winston-logstash
When I run NPM Install, I'll end up with the following structure:
node_modules/
newPackage/
node_modules/
winston/ <-- 2.3.0
oldPackage/
winston/ <-- 0.8.3
winston-logstash/
newPackage runs this code on initialization: new winston.transports.Logstash(logStashConfig);
This will throw an error: TypeError: winston.transports.Logstash is not a constructor
Debugging yields the following root cause: winston-logstash uses its own require("winston"), which, due to the lenient package dependency and aforementioned structure, will cause Winston 0.8.3 to be loaded. For newPackage, on the other hand, the loaded Winston will be 2.3.0. This causes a compatibility clash, as winston-logstash suddenly has a different Winston engine than the newPackage code that I'm trying to use in my project, which subsequently fails.
My suggestion would be, to either release a new winston-logstash version with a more recent Winston pin, ensuring that the module signature / engine is always compatible, or to let me pass the Winston engine I'd like to use into winston-logstash. Either way, one of those solutions will be necessary to avoid any version conflicts of winston-logstash's too lenient dependency pinning.
Thanks!