bun install warns on valid prereleases in peer deps

[ramonclaudio]

What version of Bun is running?

1.3.x (reproduces on current main)

What platform is your computer?

macOS arm64 (pure semver logic, hits every platform)

What steps can reproduce the bug?

Any prerelease version validated against a peer range with no prerelease comparator on the same major.minor.patch.

Real-world hit: installing canary/nightly releases of the RN + Expo + React stack together. Verified:

bun add expo@canary react-native@nightly react@19.3.0-canary-3e319a94-20260126
# 21 × warn: incorrect peer dependency ...
# one for each package in the transitive tree whose non-prerelease peer range
# meets a canary/nightly version

Minimal self-contained repro (verified against vanilla oven-sh/bun@main and the fix in #27085):

mkdir -p /tmp/repro-29444/{producer,consumer} && cd /tmp/repro-29444

cat > producer/package.json <<'PKG'
{
  "name": "peer-consumer-pkg",
  "version": "1.0.0",
  "peerDependencies": { "react": ">=18.0.0" }
}
PKG

cat > consumer/package.json <<'PKG'
{
  "name": "consumer",
  "version": "1.0.0",
  "dependencies": {
    "peer-consumer-pkg": "file:../producer",
    "react": "19.3.0-canary-3e319a94-20260126"
  }
}
PKG

cd consumer && bun install
# warn: incorrect peer dependency "react@19.3.0-canary-3e319a94-20260126"
# 19.3.0-canary is clearly > 18.0.0, this is a false positive

What is the expected behavior?

19.3.0-canary-3e319a94-20260126 satisfies >=18.0.0. 56.0.0-canary.1 satisfies >=14.0.4. 19.2.0-rc.1 satisfies ^19.0.0. No warning.

Matches yarn v1 (satisfiesWithPrereleases) and node-semver { includePrerelease: true }, which is what every dev on a canary channel expects.

What do you see instead?

incorrect peer dependency warning on every valid prerelease.

List.satisfiesPre in src/semver/SemverQuery.zig gates on pre_matched, which only flips true when a comparator in the range has a prerelease tag on the same major.minor.patch. So 56.0.0-canary fails against >=14.0.4 because the range has no prerelease comparator, even though 56 > 14.

Additional information

Hits every npm package on a -canary/-rc/-next/-nightly channel against a non-prerelease peer range. React Native nightlies, Expo canary packages, any lib shipping prerelease tags that another lib peer-depends on.

Prior art:

• yarn v1 fixed this in 2017 (Allow prerelease versions when checking peer deps yarnpkg/yarn#3361, satisfiesWithPrereleases)
• npm RFC RFC: Peer dependencies should be able to match a full range of prerelease versions npm/rfcs#397 still open since 2021
• node-semver has { includePrerelease: true } as a built-in option

Bun auto-installs peer deps, so there's no --include-prerelease escape hatch. Users see the warning and can't silence it.

Fix: #27085 adds List.satisfiesIncludePrerelease / Group.satisfiesIncludePrerelease alongside existing satisfiesPre, and switches resolutionSatisfiesDependency (only called from peer-dep validation) to the new method. Strict semver resolution path stays strict.

[github-actions]

Found 1 possible duplicate issue:

1. error: No version matching "^x.x.x-next.0||^x.x.x" found for specifier "@x/x" (but package exists) #11424

This issue will be automatically closed as a duplicate in 3 days.

• If your issue is a duplicate, please close it and 👍 the existing issue instead
• To prevent auto-closure, add a comment or 👎 this comment

🤖 Generated with Claude Code

[ramonclaudio]

Not a dup of #11424. That was a specifier-range resolution bug (^3.0.0-next.0||^3.0.0 couldn't find matching versions on install), fixed in #11387. The follow-up comments there were cache invalidation noise, resolved with bun pm cache rm.

This one is peer-dep validation. Install succeeds, but bun emits incorrect peer dependency when the installed version has a prerelease tag and the peer range doesn't. Hits resolutionSatisfiesDependency, which routes through satisfiesPre's pre_matched gate.

Fix is #27085: new satisfiesIncludePrerelease scoped to the peer-dep path. Strict semver resolution stays strict.

Body updated with a verified minimal repro.