Removal of peerDependencies

[tyler-johnson]

Since this package includes all of the different validators in the peerDependencies in the package.json, I get warnings from yarn and NPM that look like this:

warning "@pagedip/tool-test-api > @pagedip/api > samlify@2.6.2" has unmet peer dependency "@authenio/samlify-libxml-xsd@^1.0.1".
warning "@pagedip/tool-test-api > @pagedip/api > samlify@2.6.2" has unmet peer dependency "@authenio/samlify-validate-with-xmllint@^1.0.1".
warning "@pagedip/tool-test-api > @pagedip/api > samlify@2.6.2" has unmet peer dependency "@authenio/samlify-xsd-schema-validator@^1.0.2".

I think these packages should be removed from peer dependencies and instead just rely on the runtime error you have to signal that a user needs to install one of the validators.

By putting these packages into peer dependencies, you are forcing me to either install all 4 packages (which is unnecessary since I only need one), or forcing my users to have to interpret (and ignore) the warnings on install.

[tngan]

@tyler-johnson NPM won’t install all those validator modules automatically unless you specify those in dependencies section. It’s just a reference to tell end users which version of those validators that are compatible with samlify.

[tyler-johnson]

Correct, but that is an improper use of peer dependencies. See the NPM reference on peer dependencies. https://nodejs.org/en/blog/npm/peer-dependencies/

Peer dependencies are way to signal that a package needs a required shared package, so in this case the validators should have samlify as a peer dependency, not the other way around.

[tngan]

@tyler-johnson Yes, I have read through the documentation. The usage of peer dependencies is not correct inside samlify. I will modify it soon and also those validator modules. Thanks for pointing out.

[big-kahuna-burger]

@tngan publish 2.6.3?

[tngan]

@big-kahuna-burger Yes, I have just published 2.6.3.