un-ts · B4nan · Apr 11, 2026 · Apr 13, 2026 · coderabbitai · Apr 11, 2026
diff --git a/src/rules/no-extraneous-dependencies.ts b/src/rules/no-extraneous-dependencies.ts
@@ -69,45 +69,57 @@ function getDependencies(context: RuleContext, packageDir?: string | string[]) {
   let paths: string[] = []
 
   try {
-    let packageContent: PackageDeps = {
+    const packageContent: PackageDeps = {
       dependencies: {},
       devDependencies: {},
       optionalDependencies: {},
       peerDependencies: {},
       bundledDependencies: [],
     }
 
+    // Always merge in deps from the closest `package.json` relative to the
+    // linted file. Without this, setting `packageDir` to point at a root
+    // (shared) `package.json` in a monorepo makes the rule ignore the
+    // workspace package's own deps — every dep declared in the workspace
+    // package's `package.json` gets flagged as "should be listed in the
+    // project's dependencies". Checking the closest package.json first
+    // restores the expected behavior in lerna / npm-workspaces / pnpm-
+    // workspaces layouts.
+    const closestPackageJsonPath = pkgUp({
+      cwd: context.physicalFilename,
+    })
+
+    if (closestPackageJsonPath) {
+      const closestPackageContent = getPackageDepFields(
+        closestPackageJsonPath,
+        false,
+      )
+      if (closestPackageContent) {
+        for (const depsKey of Object.keys(packageContent)) {
+          const key = depsKey as keyof PackageDeps
+          Object.assign(packageContent[key], closestPackageContent[key])
+        }
+      }
+    }
+
     if (packageDir && packageDir.length > 0) {
       paths = Array.isArray(packageDir)
         ? packageDir.map(dir => path.resolve(dir))
         : [path.resolve(packageDir)]
     }
 
-    if (paths.length > 0) {
-      // use rule config to find package.json
-      for (const dir of paths) {
-        const packageJsonPath = path.resolve(dir, 'package.json')
-        const packageContent_ = getPackageDepFields(
-          packageJsonPath,
-          paths.length === 1,
-        )
-        if (packageContent_) {
-          for (const depsKey of Object.keys(packageContent)) {
-            const key = depsKey as keyof PackageDeps
-            Object.assign(packageContent[key], packageContent_[key])
-          }
-        }
-      }
-    } else {
-      // use closest package.json
-      const packageJsonPath = pkgUp({
-        cwd: context.physicalFilename,
-      })!
-
-      const packageContent_ = getPackageDepFields(packageJsonPath, false)
-
+    // Layer in any deps from `packageDir` on top of the closest match.
+    for (const dir of paths) {
+      const packageJsonPath = path.resolve(dir, 'package.json')
+      const packageContent_ = getPackageDepFields(
+        packageJsonPath,
+        paths.length === 1,
+      )
       if (packageContent_) {
-        packageContent = packageContent_
+        for (const depsKey of Object.keys(packageContent)) {
+          const key = depsKey as keyof PackageDeps
+          Object.assign(packageContent[key], packageContent_[key])
+        }
       }
     }
 

diff --git a/test/rules/no-extraneous-dependencies.spec.ts b/test/rules/no-extraneous-dependencies.spec.ts
@@ -238,6 +238,31 @@ ruleTester.run('no-extraneous-dependencies', rule, {
         { packageDir: packageDirMonoRepoRoot, whitelist: ['not-a-dependency'] },
       ],
     }),
+
+    // Closest package.json is always merged when packageDir is set.
+    // File is inside nested-package/ which has react, so react is found
+    // even though packageDir only points to monorepo root (which lacks react).
+    tValid({
+      code: 'import react from "react";',
+      filename: path.join(packageDirMonoRepoWithNested, 'foo.js'),
+      options: [{ packageDir: packageDirMonoRepoRoot }],
+    }),
+
+    // Deps from both the closest package.json AND packageDir are merged.
+    // right-pad is only in monorepo root, react is only in nested-package.
+    // File is in nested-package, packageDir points to root — both should be found.
+    tValid({
+      code: 'import rightpad from "right-pad";',
+      filename: path.join(packageDirMonoRepoWithNested, 'foo.js'),
+      options: [{ packageDir: packageDirMonoRepoRoot }],
+    }),
+
+    // When closest package.json IS the packageDir, behavior is unchanged.
+    tValid({
+      code: 'import rightpad from "right-pad";',
+      filename: path.join(packageDirMonoRepoRoot, 'foo.js'),
+      options: [{ packageDir: packageDirMonoRepoRoot }],
+    }),
   ],
   invalid: [
     tInvalid({
@@ -370,12 +395,6 @@ ruleTester.run('no-extraneous-dependencies', rule, {
       filename: path.join(packageDirMonoRepoRoot, 'foo.js'),
       errors: [{ messageId: 'missing', data: { packageName: 'react' } }],
     }),
-    tInvalid({
-      code: 'import react from "react";',
-      filename: path.join(packageDirMonoRepoWithNested, 'foo.js'),
-      options: [{ packageDir: packageDirMonoRepoRoot }],
-      errors: [{ messageId: 'missing', data: { packageName: 'react' } }],
-    }),
     tInvalid({
       code: 'import "react";',
       filename: path.join(packageDirWithEmpty, 'index.js'),