-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conflicts between bundled WordPress packages and private APIs opt-in strings. #63657
Comments
Could these packages be included as wp-script dependencies and the build script modified to account for the need to include them in plugins rather than via the It's possible that the dependency version constraints would need to be modified to account for this, see discussion #52814, as the constraint settings can cause a mismatch when installing packages. I'd rather avoid never updating the private API opt-in string as I think it could result in the old problem - the private APIs would end up being used despite the opt-in string an end up become faux stable. If the wp-scripts pathe isn't an option then I think a linting error preventing the usee of private APIs in these types of packages could be an option. |
I'm not sure I understand, that's the case here these packages are included within the plugin scripts and that's what causing the problems because those scripts contain old "strings" where the WP string has been updated.
I understand and I would agree, but I think the problem at hand creates way more backward compatibility issues than "not updating the string". I'd love to find other alternatives, but can't think of any at the moment.
That doesn't seem like an option to me, because it's an issue that can happen for all packages, there's no distinction. It just happens at the moment a plugin author decides to bundle a core package within its code. |
This error appears if I upgrade the dataviews package to anything higher than 2.1.0, even on WordPress 6.5.5. |
@pdewouters yes, unfortunately, there's nothing we can do for previous versions now.
We should make sure to avoid this in the future though and any dataviews (or other package relying on private apis) version can be used both with 6.6 and WP > 6.6. |
I think I get it: dataviews and icons are intended to be included with plugins rather than enqueued via a version included in WP Core. Is that correct? I'm of the view that including a bundled package from one version of WP (components in the example above) and expecting them to work with packages from different versions of WP are operating out of warranty. The packages are a collection intended to work together. The JSX changes in WP 6.6 is an example of why this can't be gaurented. I'd like to know more about the use case of including components or other packages from a particular version of WP, though. If it's required for a reason then I may change my mind. |
I know WooCommerce used to bundle the components package. I'm not sure exactly about the reasons... |
@youknowriad I've been thinking about how to approach this and the best approach I could come up with was in two stages
cc @noisysocks as we discussed this via DM. |
That feels like a user decision for me and not a developer's decision. If I use a package through npm, I should expect it to work regardless of how it's built internally. It is generally the case for all our packages though. The problem is that we also ship The downside/lint rule/constraint is that you can't use bundled packages in WordPress unless you're certain that these packages don't rely on singletons (like stores...) because otherwise you end up with duplication. The other downside is the bundle size, we'll probably end up with the same component multiple times in the page for instance. |
Yes, that is what I am suggesting, you mentioned that icons and some other packages are designed to be included in plugins rather than registered in WP. The effect of the decision is that in order to meet the expectation that they work it prevents WordPress contributors from using the private APIs in those packages. |
What's the use-case for bundling |
|
Aha, thank you for clarifying. Here's my understanding of the situation:
Does that sound right? If yes, that last steps effectively replaces the dependency graph used by One solution would be for all the dataviews-reliant plugins to require the Gutenberg plugin after all. Then, instead of bundling the package we could perform the substitution to |
The bundled
That happens in Core, the Gutenberg plugin does not have this double registration check. Also, I think this discussion is focusing too much on the consent string. The real problem is that the DataViews package uses the |
Yes, more and more, I'm starting to wonder whether encouraging people to actually use It seems this obfuscation for us (core) is helpful because we actually ship npm packages that work together as regular npm dependencies do, but consumers are not. Maybe my ideal at this point would be to:
Obviously this solution is a departure from how people are used to building scripts. So maybe it's too late for it? or maybe there's a way to provide a codemod for everyone or something. |
What would be a better approach for using WP packages in a plugin @youknowriad? |
The imports also make it reasonable to do not-strictly-unit testing without going all the way to E2Es. If globals are used directly instead of imports, Jest would have to be configured with all the necessary globals filled in with appropriate implementations/mocks. So if you do go that route, please provide some package that can be loaded into a Jest configuration to set the necessary globals. P.S. And please make it all possible to do without being forced to use |
With 66825 this is mitigated because plugin authors are now encouraged to use the That said, it's an ok solution for now, so I'm closing this issue. |
Description
If a plugin uses an old WordPress package like
@wordpress/dataviews
2.1 with WordPress 6.6, you may see the following error:This issue is prominent when using "bundled" packages like dataviews, icons, interface for instance as it's the way to use these packages in your plugins is to bundle them in your own code. But the reality is that the issue can actually happen with any package. For instance, I know that some plugins bundled the
@wordpress/components
package instead of usingwp.components
(they have their reasons).The root of the issue is that our npm packages can rely on private APIs from other packages that are distributed in WordPress. In the first example above
dataviews
package actually uses private APIs fromcomponents
to name just one and to opt-in to private APIs from other packages, you have to call something likeThe problem is that the "string" that you pass to this function to opt-in into private APIs is subject to change over time. We actually have a guideline to update this string on each WordPress release.
For the moment, I only see one solution:
Let me know if you have other ideas.
The text was updated successfully, but these errors were encountered: