dependencies on other @types packages are specified as "*"

[1000hz]

See DefinitelyTyped/DefinitelyTyped#38624 (comment)

Given some @types package P that depends on another @types package Q,
P's dependencies are implicitly published as

"dependencies": {
  "@types/q": "*"
}

Assume there is an update Q' and an update P' that depends on Q'.

Consumers of P who update to P' do not get Q' installed, because the old version of Q in the consumer's lockfile satisfies the dependency of "*". This leaves consumers of P to either manually edit their lockfile or explicitly depend on Q' in their application, both of which are not ideal solutions.

Definitely Typed should implicitly add the newest version of other DT packages to the published package.json.

Related: microsoft/types-publisher#11 microsoft/types-publisher#12 microsoft/types-publisher#360

[JulianG]

Thank you for adding this issue, @1000hz. I think you described the problem correctly. However I'm not convinced the solution proposed would be ideal.

Please correct me if I'm wrong. I'm trying to understand:

Taking your example above where a @types/p depends on @types/q, imagine there's an update to P and an unrelated update to Q. In this case I'm not sure it would be necessary to add the latest version of Q as a dependency in the generated package.json for P.

The problem I came across when manually creating a package.json was this error:

Error: In package.json: Don't use a 'package.json' for @types dependencies unless this package relies on
an old version of types that have since been moved to the source repo.

I think this restriction should be lifted, so that @types/p can express its dependency on @types/q in the most accurate way needed.

But again, I'm happy to be told why this would not be desirable.

Thanks again!