Drizzle ORM Version compatibility issues (npm ERESOLVE)
I am using better-auth in my project and have been for a while now (love it btw). Today though, it seems I have hit an issue that oddly did now arise before when bulding my docker image in ghcr...
Unfortunately currently it seems to be failing with an ERESOLVE on clean install when building my image.
The issue:
While resolving:
Found:
Could not resolve dependency:
My project specifies:
-
-
Why this likely surfaced now:
- CI/Docker performs fresh installs (no cache / no existing node_modules)
- The caret range (^1.3.7) allowed better-auth@1.4.7 to be pulled in
- npm v7+ enforces peer dependency mismatches as hard errors
In terms of reproducing the issue, my github actions job was just running a simple image build that has been working perfectly fine up to now...
So what I am trying to figure out is whether I need to downgrade either library and is that even a safe idea with all the vulnerabilities going around lately...
A few questions regarding that:
- Is support for Drizzle ORM 0.42+ planned in an upcoming Better Auth release?
- For now, is the recommended approach to pin drizzle-orm to ^0.41.x to satisfy peer deps?
- Is using --legacy-peer-deps considered acceptable short term, or discouraged?
I’m trying to avoid bypassing peer checks if possible, but also want to make sure pinning older versions is the intended solution.
Unfortunately currently it seems to be failing with an ERESOLVE on clean install when building my image.
The issue:
While resolving:
better-auth@1.4.7Found:
drizzle-orm@0.42.0Could not resolve dependency:
peerOptional drizzle-orm@^0.41.0 from better-auth@1.4.7My project specifies:
-
"better-auth": "^1.3.7"-
"drizzle-orm": "^0.42.0"Why this likely surfaced now:
- CI/Docker performs fresh installs (no cache / no existing node_modules)
- The caret range (^1.3.7) allowed better-auth@1.4.7 to be pulled in
- npm v7+ enforces peer dependency mismatches as hard errors
In terms of reproducing the issue, my github actions job was just running a simple image build that has been working perfectly fine up to now...
So what I am trying to figure out is whether I need to downgrade either library and is that even a safe idea with all the vulnerabilities going around lately...
A few questions regarding that:
- Is support for Drizzle ORM 0.42+ planned in an upcoming Better Auth release?
- For now, is the recommended approach to pin drizzle-orm to ^0.41.x to satisfy peer deps?
- Is using --legacy-peer-deps considered acceptable short term, or discouraged?
I’m trying to avoid bypassing peer checks if possible, but also want to make sure pinning older versions is the intended solution.
