Npm install gives errors and warning. Use latest package versions.

[PawelWozniak]

Summary

There are wrong dependencies defined in package.json when I create new project with sf project generate --name MyProject then npm install fails.

Steps To Reproduce

1. With latest CLI 2.86.9 create a new project sf project generate --name MyProject
2. cd to that folder cd .\MyProject\
3. run npm install
4. you will see this error

PS D:\MyProject> npm install
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: salesforce-app@1.0.0
npm error Found: @lwc/eslint-plugin-lwc@1.9.0
npm error node_modules/@lwc/eslint-plugin-lwc
npm error   dev @lwc/eslint-plugin-lwc@"^1.1.2" from the root project
npm error
npm error Could not resolve dependency:
npm error peer @lwc/eslint-plugin-lwc@"^2.0.0" from @salesforce/eslint-config-lwc@3.7.2
npm error node_modules/@salesforce/eslint-config-lwc
npm error   dev @salesforce/eslint-config-lwc@"^3.2.3" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error

5. To solve that, you need to change in package.json "@lwc/eslint-plugin-lwc": "^1.1.2", to "@lwc/eslint-plugin-lwc": "^2.0.0",
6. run npm install it will install packages with those warnings, maybe there are some possibilities to improve that, but this is not the scope of this report:

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm warn deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm warn deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm warn deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm warn deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.

7. If you don't have npm-check-updates install it with npm i npm-check-updates and run ncu. Output informs us that there are minor new versions of packages @lwc/eslint-plugin-lwc , @salesforce/eslint-config-lwc, @salesforce/eslint-plugin-lightning and eslint:

PS D:\MyProject> ncu
Checking D:\MyProject\package.json
[====================] 13/13 100%

 @lwc/eslint-plugin-lwc                ^2.0.0  →    ^3.0.0
 @prettier/plugin-xml                  ^3.2.2  →    ^3.4.1
 @salesforce/eslint-config-lwc         ^3.2.3  →    ^4.0.0
 @salesforce/eslint-plugin-aura        ^2.0.0  →    ^2.1.0
 @salesforce/eslint-plugin-lightning   ^1.0.0  →    ^2.0.0
 eslint                                8.57.1  →    9.25.1
 eslint-plugin-import                 ^2.25.4  →   ^2.31.0
 eslint-plugin-jest                   ^28.8.1  →  ^28.11.0
 husky                                 ^9.1.5  →    ^9.1.7
 lint-staged                          ^15.1.0  →   ^15.5.1
 prettier                              ^3.1.0  →    ^3.5.3
 prettier-plugin-apex                  ^2.0.1  →    ^2.2.6

Run ncu -u to upgrade package.json

8. To use those latest versions, we run ncu -u, which will update our package.json
9. Then run npm install, result:

PS D:\MyProject> npm install
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: salesforce-app@1.0.0
npm error Found: @lwc/eslint-plugin-lwc@2.2.0
npm error node_modules/@lwc/eslint-plugin-lwc
npm error   dev @lwc/eslint-plugin-lwc@"^3.0.0" from the root project
npm error   peer @lwc/eslint-plugin-lwc@"^2.0.0" from @salesforce/eslint-config-lwc@3.7.2
npm error   node_modules/@salesforce/eslint-config-lwc
npm error     dev @salesforce/eslint-config-lwc@"^4.0.0" from the root project
npm error
npm error Could not resolve dependency:
npm error dev @lwc/eslint-plugin-lwc@"^3.0.0" from the root project
npm error
npm error Conflicting peer dependency: eslint@9.25.1
npm error node_modules/eslint
npm error   peer eslint@"^9" from @lwc/eslint-plugin-lwc@3.0.0
npm error   node_modules/@lwc/eslint-plugin-lwc
npm error     dev @lwc/eslint-plugin-lwc@"^3.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.

10. Now we are stuck because of some dependency conflicts.

Expected result

When I create new project I want to use latest version of packages without a need to solve dependency errors.

Actual result

With the current default configuration of the package,json user must fix manually dependency error then when he want to use latest version of all packages there are even more errors to solve. That creates bad user experience.

Additional information

System Information

{
  "architecture": "win32-x64",
  "cliVersion": "@salesforce/cli/2.86.9",
  "nodeVersion": "node-v22.15.0",
  "osVersion": "Windows_NT 10.0.26100",
  "rootPath": "C:\\Users\\pwozn\\AppData\\Roaming\\npm\\node_modules\\@salesforce\\cli",
  "shell": "powershell",
  "pluginVersions": [
    "@oclif/plugin-autocomplete 3.2.27 (core)",
    "@oclif/plugin-commands 4.1.24 (core)",
    "@oclif/plugin-help 6.2.27 (core)",
    "@oclif/plugin-not-found 3.2.49 (core)",
    "@oclif/plugin-plugins 5.4.36 (core)",
    "@oclif/plugin-search 1.2.23 (core)",
    "@oclif/plugin-update 4.6.38 (core)",
    "@oclif/plugin-version 2.2.27 (core)",
    "@oclif/plugin-warn-if-update-available 3.1.38 (core)",
    "@oclif/plugin-which 3.2.34 (core)",
    "@salesforce/cli 2.86.9 (core)",
    "apex 3.6.13 (core)",
    "api 1.3.3 (core)",
    "auth 3.6.113 (core)",
    "code-analyzer 5.0.0 (user) published 2 days ago (Tue Apr 29 2025)",
    "data 4.0.27 (core)",
    "deploy-retrieve 3.22.4 (core)",
    "info 3.4.54 (core)",
    "limits 3.3.52 (core)",
    "marketplace 1.3.8 (core)",
    "org 5.7.3 (core)",
    "packaging 2.13.1 (core)",
    "schema 3.3.59 (core)",
    "settings 2.4.24 (core)",
    "sobject 1.4.55 (core)",
    "telemetry 3.6.38 (core)",
    "templates 56.3.45 (core)",
    "trust 3.7.83 (core)",
    "user 3.6.18 (core)",
    "@salesforce/sfdx-scanner 4.11.0 (user) published 37 days ago (Tue Mar 25 2025) (latest is 4.12.0)",
    "sfdmu 4.38.0 (user) published 124 days ago (Sun Dec 29 2024)"
  ]
}

[github-actions]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[cristiand391]

👋🏼
I'll close this a a dup of #3222

See: #3222 (comment)

[PawelWozniak]

I confirm that with those changes, the issue is solved, and I was able to update all npm packages to the latest versions.