Skip to content

fix(deps): use workspace:^ to allow analytics-core dedupe (SDKW-8)#1740

Draft
Mercy811 wants to merge 3 commits intomainfrom
cursor/dedupe-analytics-core-workspace-caret-0a8b
Draft

fix(deps): use workspace:^ to allow analytics-core dedupe (SDKW-8)#1740
Mercy811 wants to merge 3 commits intomainfrom
cursor/dedupe-analytics-core-workspace-caret-0a8b

Conversation

@Mercy811
Copy link
Copy Markdown
Contributor

@Mercy811 Mercy811 commented May 7, 2026
edited by cursor Bot
Loading

Summary

Fixes SDKW-8: installing @amplitude/analytics-browser@2.42.1 ends up with two copies of @amplitude/analytics-core (e.g. 2.48.0 and 2.48.1) because the SDK and its plugins each pin different exact versions of analytics-core.

Root cause

All @amplitude/* cross-package dependencies in this monorepo were declared as "workspace:*". With pnpm, workspace:* is rewritten to the exact version of the workspace dependency at publish time (e.g. 2.48.1). Because analytics-browser and each of its plugins are published at slightly different cadences via lerna (lerna.json has "exact": true), every package ends up pinning a different exact analytics-core version. Consumers' package managers therefore cannot dedupe and install multiple copies, bloating the bundle.

Fix

Change every published package's @amplitude/* runtime dependencies from workspace:* to workspace:^. With pnpm, workspace:^ is rewritten on publish to a caret range (e.g. ^2.48.1), which lets npm/pnpm/yarn dedupe to a single shared analytics-core (and other) install.

Also updates @amplitude/analytics-react-native's exact analytics-core pin (2.41.5) to a caret range (^2.41.5) for the same reason.

packages/analytics-client-common is intentionally not modified because it is on the deprecated-packages list and scripts/check-deprecated-packages.sh blocks code changes there. Other plugins that depend on analytics-client-common still benefit (their workspace specifier on analytics-client-common is now caret-based and consumers can dedupe to one copy).

Verified locally by pnpm pack-ing analytics-browser and inspecting the resulting package.json:

"dependencies": {
  "@amplitude/analytics-core": "^2.48.1",
  "@amplitude/plugin-autocapture-browser": "^1.27.1",
  "@amplitude/plugin-network-capture-browser": "^1.10.0",
  "@amplitude/plugin-page-view-tracking-browser": "^2.11.0",
  ...
}

devDependencies and private/internal test packages were intentionally left as workspace:* because they do not affect published consumer dependency trees.

Checklist

  • Does your PR title have the correct title format?
  • Does your PR have a breaking change?: No

Linear Issue: SDKW-8

Open in Web Open in Cursor 

@cursoragent
fix(deps): use workspace:^ to allow analytics-core dedupe (SDKW-8)
1f1d2ae 
Switch all @amplitude/* cross-package dependency specifiers from
workspace:* to workspace:^ in published packages.

With pnpm, workspace:* is replaced at publish time with the exact
version of the workspace dependency (e.g. analytics-core@2.48.1).
Because plugins inside analytics-browser are published at slightly
different cadences, each ends up pinning a different exact version
of analytics-core, which prevented the consumer's package manager
from deduplicating it. Installing analytics-browser@2.42.1 produced
two copies of analytics-core (e.g. 2.48.0 and 2.48.1) and shipped
duplicated bundle code.

Using workspace:^ tells pnpm to publish the dependency as a caret
range (e.g. ^2.48.0), allowing consumers to dedupe to a single
analytics-core install.

Also bumps analytics-react-native's exact analytics-core pin to a
caret range for the same reason. devDependencies and private
package internals are left as workspace:* since they do not affect
published consumer trees.
@linear
Copy link
Copy Markdown

linear Bot commented May 7, 2026

SDKW-8

@cursoragent
fix(deps): revert analytics-client-common workspace specifier
aad4396 
The deprecated-packages CI check disallows any code changes to
packages/analytics-client-common. Revert the workspace:* -> workspace:^
specifier change there so the check passes. Other published packages
keep the caret upgrade for analytics-core dedupe.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026
edited
Loading

Session Replay Browser E2E Results

passed  109 passed

Details

stats  109 tests across 8 suites
duration  2 minutes, 12 seconds
commit  66e060c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mercy811 @cursoragent