Bun not able to be used in place of npm for install due to peerDependency resolution strategy

[Stono]

What version of Bun is running?

1.1.38+bf2f153f5

What platform is your computer?

macosx

What steps can reproduce the bug?

Hey!
So I really want to use bun, and we're getting tantalisingly close to being able to. All my apps now run with bun, which is mega, however i cannot use bun install. I have to use npm i, then use bun to start it - which is a shame as bun i is much faster.

This appears to be because bun is not honouring peer dependencies in the same way... let me try and explain.

Given this structure:

myApp:
  - devDependency: some-module

some-module:
  - peerDependency: eslint@8

Where some-module has a peerDependency for, say eslint@8. If I bun i, then I correctly get eslintv8.

However if that peer is 2 deep, and i have another module which also has a peer (albeit looser):

myApp:
- devDependency: some-other-module

some-other-module:
- peerDependency: some-module 
- peerDependency: and-another-module 

and-another-module:
  - peerDependency: eslint@8 || eslint@9
some-module:
  - peerDependency: eslint@8

Then it seems to pull in the latest eslint (v9), not the one that satisfies both. You can see it complaining about it during the output of bun i:

❯ bun i
[0.07ms] ".env"
bun install v1.1.38 (bf2f153f)
warn: incorrect peer dependency "[email protected]"

warn: incorrect peer dependency "[email protected]"

warn: incorrect peer dependency "[email protected]"

warn: incorrect peer dependency "[email protected]"

warn: incorrect peer dependency "[email protected]"

warn: incorrect peer dependency "[email protected]"

warn: incorrect peer dependency "[email protected]"

+ @at/[email protected]
+ @at/[email protected]
+ @at/[email protected]
+ @at/[email protected]
+ @at/[email protected]
+ [email protected] (v5.6.0 available)

752 packages installed [3.64s]

Blocked 2 postinstalls. Run `bun pm untrusted` for details.

I've attached the output of 2 npm ls --tree commands, one from the result of the npm install and the other from the result of bun install

bun.txt
npm.txt

Looking at the output I see:

│ ├─┬ [email protected]
│ │ └─┬ @typescript-eslint/[email protected]
│ │   ├── @eslint-community/[email protected] deduped
│ │   ├─┬ @typescript-eslint/[email protected]
│ │   │ ├── @typescript-eslint/[email protected] deduped
│ │   │ └─┬ @typescript-eslint/[email protected]
│ │   │   ├── @typescript-eslint/[email protected] deduped
│ │   │   └── [email protected] deduped
│ │   ├── @typescript-eslint/[email protected]
│ │   ├─┬ @typescript-eslint/[email protected]
│ │   │ ├── @typescript-eslint/[email protected] deduped
│ │   │ ├─┬ @typescript-eslint/[email protected]
│ │   │ │ ├── @typescript-eslint/[email protected] deduped
│ │   │ │ └── [email protected] deduped
│ │   │ ├── [email protected] deduped
│ │   │ ├── [email protected] deduped
│ │   │ ├── [email protected] deduped
│ │   │ ├─┬ [email protected]
│ │   │ │ └── [email protected] deduped
│ │   │ ├── [email protected] deduped
│ │   │ ├── [email protected] deduped
│ │   │ └── [email protected] deduped
│ │   ├── [email protected] deduped invalid: "8.57.0" from node_modules/@at/eslint-config-infrastructure, "^8.56.0" from node_modules/@darraghor/eslint-plugin-nestjs-typed, "^8.56.0" from node_modules/@typescript-eslint/eslint-plugin, "^8.56.0" from node_modules/@typescript-eslint/parser

If you look at @typescript-eslint/utils, their package.json is:

  "peerDependencies": {
    "eslint": "^8.57.0 || ^9.0.0",
    "typescript": ">=4.8.4 <5.8.0"
  },

So here it looks like bun is deciding to install v9, but that subsequently conflicts with the peerDependency of v8. However deciding to pick v8 here would satisfy both - which is what npm must be doing.

What is the expected behavior?

I would expect dependencies to be resolved in broadly the same way as npm, to make it feasible to use bun as a replacement for npm.

What do you see instead?

No response

Additional information

No response