@npmcli/arborist - npm Package Compare versions

Comparing version 0.0.0-pre.13 to 0.0.0-pre.14

lib/arborist/build-ideal-tree.js

@@ -188,7 +188,4 @@ // mixin implementing the buildIdealTree method
       .then(root => this[_global] ? root
-        : this[_updateAll] ? Shrinkwrap.load({ path: this.path }).then(meta => {
-          meta.reset()
-          root.meta = meta
-          return root
-        })
+        : this[_updateAll] ? Shrinkwrap.reset({ path: this.path })
+            .then(meta => Object.assign(root, {meta}))
         : this.loadVirtual({ root }))
@@ -195,0 +192,0 @@

lib/arborist/reify.js

@@ -58,2 +58,3 @@ // mixin implementing the reify method
 const _symlink = Symbol('symlink')
+const _warnDeprecated = Symbol('warnDeprecated')
 const _recheckEngineAndPlatform = Symbol('recheckEngineAndPlatform')
@@ -283,3 +284,3 @@ const _checkEngine = Symbol('checkEngine')
         if (failures.length)
-          this.emit('warn', 'Failed to clean up some directories', failures)
+          this.log.warn('Failed to clean up some directories', failures)
       })
@@ -332,2 +333,3 @@ .then(() => this[_rollbackRetireShallowNodes](er))
       .then(() => this[_extractOrLink](node))
+      .then(() => this[_warnDeprecated](node))
       .then(() => this[_recheckEngineAndPlatform](node))
@@ -344,5 +346,23 @@ .then(() => this[_binLinks](node))
   [_extractOrLink] (node) {
+    // in normal cases, node.resolved should *always* be set by now.
+    // however, it is possible when a lockfile is damaged, or very old,
+    // or in some other race condition bugs in npm v6, that a previously
+    // bundled dependency will have just a version, but no resolved value,
+    // and no 'bundled: true' setting.
+    // Do the best with what we have, or else remove it from the tree
+    // entirely, since we can't possibly reify it.
+    const res = node.resolved ? this[_registryResolved](node.resolved)
+      : node.package.version ? `${node.package.name || node.name}@${node.package.version}`
+      : null
+
+    // no idea what this thing is.  remove it from the tree.
+    if (!res) {
+      node.parent = null
+      this[_addNodeToTrashList](node)
+      return
+    }
+
     return node.isLink
       ? rimraf(node.path).then(() => this[_symlink](node))
-      : pacote.extract(this[_registryResolved](node.resolved), node.path, {
+      : pacote.extract(res, node.path, {
           ...this.options,
@@ -361,2 +381,8 @@ resolved: node.resolved,
 
+  [_warnDeprecated] (node) {
+    const {_id, deprecated} = node.package
+    if (deprecated)
+      this.log.warn('deprecated', `${_id}: ${deprecated}`)
+  }
+
   [_recheckEngineAndPlatform] (node) {
@@ -397,3 +423,3 @@ // If we're loading from a v1 lockfile, then need to do this again later
       } catch (er) {
-        this.emit('log', 'warn', er)
+        this.log.warn(er)
       }
@@ -722,3 +748,3 @@ }
       if (failures.length)
-        this.emit('warn', 'Failed to clean up some directories', failures)
+        this.log.warn('Failed to clean up some directories', failures)
     })
@@ -725,0 +751,0 @@ }

lib/node.js

@@ -31,3 +31,3 @@ // inventory, path, realpath, root, and parent
 
-const nameFromFolder = require('./name-from-folder.js')
+const nameFromFolder = require('@npmcli/name-from-folder')
 const Edge = require('./edge.js')
@@ -34,0 +34,0 @@ const Inventory = require('./inventory.js')

lib/shrinkwrap.js

@@ -34,2 +34,3 @@ // a module that manages a shrinkwrap file (npm-shrinkwrap.json or
 const writeFile = promisify(fs.writeFile)
+const stat = promisify(fs.stat)
 const link = promisify(fs.link)
@@ -78,2 +79,12 @@ const { resolve, dirname, basename } = require('path')
 
+const maybeStatFile = file => {
+  return stat(file).then(st => st.isFile(), er => {
+    /* istanbul ignore else - can't test without breaking module itself */
+    if (er.code === 'ENOENT')
+      return null
+    else
+      throw er
+  })
+}
+
 const pkgMetaKeys = [
@@ -97,2 +108,3 @@ 'name',
   'bin',
+  'deprecated',
 ]
@@ -126,2 +138,6 @@
 const _fixDependencies = Symbol('_fixDependencies')
+
+const _filenameSet = Symbol('_filenameSet')
+const _maybeRead = Symbol('_maybeRead')
+const _maybeStat = Symbol('_maybeStat')
 class Shrinkwrap {
@@ -132,2 +148,19 @@ static load (options) {
 
+  static reset (options) {
+    // still need to know if it was loaded from the disk, but don't
+    // bother reading it if we're gonna just throw it away.
+    const s = new Shrinkwrap(options)
+    s.reset()
+
+    return s[_maybeStat]().then(([sw, lock]) => {
+      s.filename = resolve(s.path,
+        (s.hiddenLockfile ? 'node_modules/.package-lock'
+          : s.shrinkwrapOnly || sw && !lock ? 'npm-shrinkwrap'
+          : 'package-lock') + '.json')
+      s.loadedFromDisk = sw || lock
+      s.type = basename(s.filename)
+      return s
+    })
+  }
+
   static metaFromNode (node, path) {
@@ -206,15 +239,30 @@ if (node.isLink)
 
+  [_filenameSet] () {
+    return this.shrinkwrapOnly ? [
+      this.path + '/npm-shrinkwrap.json',
+    ] : this.hiddenLockfile ? [
+      null,
+      this.path + '/node_modules/.package-lock.json',
+    ] : [
+      this.path + '/npm-shrinkwrap.json',
+      this.path + '/package-lock.json',
+      this.path + '/yarn.lock',
+    ]
+  }
+
+  [_maybeRead] () {
+    return Promise.all(this[_filenameSet]().map(fn => fn && maybeReadFile(fn)))
+  }
+
+  [_maybeStat] () {
+    // throw away yarn, we only care about lock or shrinkwrap when checking
+    // this way, since we're not actually loading the full lock metadata
+    return Promise.all(this[_filenameSet]().slice(0, 2)
+      .map(fn => fn && maybeStatFile(fn)))
+  }
+
   load () {
     // we don't need to load package-lock.json except for top of tree nodes,
     // only npm-shrinkwrap.json.
-    return Promise.all(this.shrinkwrapOnly ? [
-      maybeReadFile(this.path + '/npm-shrinkwrap.json'),
-    ] : this.hiddenLockfile ? [
-      null,
-      maybeReadFile(this.path + '/node_modules/.package-lock.json'),
-    ] : [
-      maybeReadFile(this.path + '/npm-shrinkwrap.json'),
-      maybeReadFile(this.path + '/package-lock.json'),
-      maybeReadFile(this.path + '/yarn.lock'),
-    ]).then(([sw, lock, yarn]) => {
+    return this[_maybeRead]().then(([sw, lock, yarn]) => {
       const data = lock || sw || ''
@@ -228,7 +276,6 @@ // don't use detect-indent, just pick the first line.
       // TODO: emit a warning here or something if both are present.
-      this.filename = `${this.path}/${
-        this.hiddenLockfile ? 'node_modules/.package-lock'
+      this.filename = resolve(this.path,
+        (this.hiddenLockfile ? 'node_modules/.package-lock'
           : this.shrinkwrapOnly || sw && !lock ? 'npm-shrinkwrap'
-          : 'package-lock'
-      }.json`
+          : 'package-lock') + '.json')
       this.type = basename(this.filename)
@@ -235,0 +282,0 @@ this.loadedFromDisk = !!data

package.json

 {
   "name": "@npmcli/arborist",
-  "version": "0.0.0-pre.13",
+  "version": "0.0.0-pre.14",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@npmcli/installed-package-contents": "^1.0.5",
+    "@npmcli/name-from-folder": "^1.0.1",
     "@npmcli/run-script": "^1.2.1",
@@ -8,0 +9,0 @@ "bin-links": "^2.1.2",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

196669

increased by1.06%

Lines of code

4651

increased by1.2%

Worsened metrics

Dependency count

16

increased by6.67%

Number of package files

30

decreased by-3.23%

Dependency changes

• + Added@npmcli/name-from-folder@^1.0.1

• + Added@npmcli/name-from-folder@1.0.1(transitive)