Limit peerDependencies to true externals that the host application is responsible for #4364
Description
Firstly, thank you for all your hard work!
Describe the solution you'd like
Please limit peerDependencies to true externals that the host application is responsible for. Internal and tightly coupled modules should be declared under dependencies so consumers don’t need to manage them manually.
Additional context
The package declares a large number of peerDependencies, including internal Box components, utility libraries, formatting helpers, and other implementation-level modules. This creates friction for consumers because many of these packages are not meant to be application-level dependencies.
Key problems:
-
Unnecessary manual installation of internal modules
A consumer must explicitly install dozens of packages that the library itself directly depends on. These packages are not optional integrations; they are core parts of this library’s functionality and should be managed internally. -
Peer deps used for non-shared, non-extensible components
Many of the listed peers are not meant to be substituted or controlled by the host application. They are tightly coupled implementation details. Using peerDependencies here provides no practical benefit. -
Higher integration risk
Relying on such a large peer surface area increases the chance of mismatched or incompatible versions, even when consumers follow the documentation. This complicates upgrades unnecessarily. -
Not aligned with standard library patterns
Component libraries typically use peerDependencies only for React, ReactDOM, and other framework-level externals. Internal modules, utility packages, and UI subcomponents are normally regular dependencies. -
Customization stays
If a consumer needs to override a specific dependency version, they can still do so using the package manager’s override or resolution mechanisms (npm overrides, Yarn resolutions, pnpm overrides), so moving these packages to dependencies does not limit customization.