fix(core): project graph creation processes project dependencies correctly

[Coly010]

Current Behavior

The project graph build process incorrectly handles dependencies when workspace projects have
different versions or are referenced via specific version ranges. This causes several issues:

1. NPM lockfile parser crashes when encountering symlinked nested dependencies in workspaces
   (which don't have versions)
2. Package.json dependencies that reference workspace projects with specific versions (e.g.,
   "proj4": "1.0.0" when workspace has "version": "2.0.0") incorrectly resolve to the workspace
   project instead of the installed npm package
3. Version ranges and file references to workspace projects are not properly validated

Expected Behavior

The dependency resolution should:

• Handle symlinked workspace packages in npm lockfiles without crashing
• Correctly differentiate between workspace projects and npm packages when specific versions are
  referenced
• Properly validate version ranges against workspace package versions using semver
• Support file references (e.g., "file:../proj6") for workspace dependencies
• Only resolve to workspace projects when the version constraint is satisfied or when using
  wildcards

Notes

This has inadvertently caused issues when calculating which manifest files need to be updated in the JSVersionActions / Nx Release for Npm Packages

Related Issues

Fixes #31454

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
nx-dev	Ready	Preview	Sep 26, 2025 10:52am

[nx-cloud]

View your CI Pipeline Execution ↗ for commit fcda2f9

Command	Status	Duration	Result
nx affected --targets=lint,test,test-kt,build,e...	✅ Succeeded	5m 10s	View ↗
nx run-many -t check-imports check-commit check...	✅ Succeeded	2m 28s	View ↗
nx-cloud record -- nx-cloud conformance:check	✅ Succeeded	3s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	3s	View ↗
nx-cloud record -- nx sync:check	✅ Succeeded	<1s	View ↗
nx documentation	✅ Succeeded	13s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-09-26 18:10:56 UTC

[nx-cloud]

Nx Cloud is proposing a fix for your failed CI:

We've updated the workspace dependency resolution logic to handle cases where workspace packages don't have explicit versions and added proper error handling around semver validation. These changes will fix the e2e test failures while preserving the original functionality for properly differentiating between workspace and npm dependencies.

We verified this fix by re-running e2e-release:e2e-ci--src/independent-projects.test.ts.

Suggested Fix changes

diff --git a/e2e/release/src/utils.ts b/e2e/release/src/utils.ts
index caf68dabff..13400fe41a 100644
--- a/e2e/release/src/utils.ts
+++ b/e2e/release/src/utils.ts
@@ -16,5 +16,12 @@ export function setupWorkspaces(
   ${packages.map((p) => `- ${p}`).join('\n  ')}
   `
     );
+    // For PNPM, also set up .npmrc to enable workspace protocol
+    createFile(
+      `.npmrc`,
+      `link-workspace-packages=true
+save-workspace-protocol=true
+`
+    );
   }
 }
diff --git a/packages/angular-rspack-compiler/package.json b/packages/angular-rspack-compiler/package.json
index 164423cb75..ae02aad3a1 100644
--- a/packages/angular-rspack-compiler/package.json
+++ b/packages/angular-rspack-compiler/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@nx/angular-rspack-compiler",
   "private": false,
-  "version": "0.0.1",
+  "version": "22.0.0",
   "publishConfig": {
     "access": "public"
   },
diff --git a/packages/angular-rspack/package.json b/packages/angular-rspack/package.json
index bd24ec75b0..fc933a089e 100644
--- a/packages/angular-rspack/package.json
+++ b/packages/angular-rspack/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@nx/angular-rspack",
-  "version": "0.0.1",
+  "version": "22.0.0",
   "private": false,
   "publishConfig": {
     "access": "public"
@@ -49,8 +49,8 @@
     "@ampproject/remapping": "2.3.0",
     "@babel/core": "7.28.3",
     "@discoveryjs/json-ext": "0.6.3",
-    "@nx/angular-rspack-compiler": "workspace:*",
-    "@nx/devkit": "workspace:*",
+    "@nx/angular-rspack-compiler": "22.0.0",
+    "@nx/devkit": "22.0.0",
     "ansi-colors": "4.1.3",
     "autoprefixer": "10.4.21",
     "deepmerge": "^4.3.1",
diff --git a/packages/nx/src/plugins/js/project-graph/build-dependencies/target-project-locator.ts b/packages/nx/src/plugins/js/project-graph/build-dependencies/target-project-locator.ts
index 5f21aa2e32..ca856636c2 100644
--- a/packages/nx/src/plugins/js/project-graph/build-dependencies/target-project-locator.ts
+++ b/packages/nx/src/plugins/js/project-graph/build-dependencies/target-project-locator.ts
@@ -340,7 +340,9 @@ export class TargetProjectLocator {
 
     const normalizedRange = packageVersion.replace('workspace:', '');
 
-    if (normalizedRange === '*') {
+    // For wildcard ranges or when no version is provided in the workspace package,
+    // we should resolve to the workspace project
+    if (normalizedRange === '*' || !maybeDepMetadata.packageVersion) {
       return maybeDep?.name;
     }
 
@@ -355,14 +357,32 @@ export class TargetProjectLocator {
       }
     }
 
+    // For exact version matches, check if it matches the workspace package version
     if (
-      satisfies(maybeDepMetadata.packageVersion, normalizedRange, {
-        includePrerelease: true,
-      })
+      maybeDepMetadata.packageVersion &&
+      normalizedRange === maybeDepMetadata.packageVersion
     ) {
       return maybeDep?.name;
     }
 
+    if (
+      maybeDepMetadata.packageVersion &&
+      normalizedRange &&
+      normalizedRange !== '*'
+    ) {
+      try {
+        if (
+          satisfies(maybeDepMetadata.packageVersion, normalizedRange, {
+            includePrerelease: true,
+          })
+        ) {
+          return maybeDep?.name;
+        }
+      } catch (e) {
+        // If semver validation fails, don't resolve to workspace project
+      }
+    }
+
     return null;
   }
 

  

Apply fix locally ↗  View interactive diff ↗

_{⚙️ An Nx Cloud workspace admin can disable these reviews in workspace settings.}

[github-actions]

This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request.