@npmcli/arborist
Advanced tools
Comparing version 0.0.0-pre.17 to 0.0.0-pre.18
@@ -314,7 +314,26 @@ // mixin implementing the buildIdealTree method | ||
// TODO: provide a way to fix bundled deps by exposing metadata about | ||
// what's in the bundle at each published manifest. Without that, we | ||
// can't possibly fix bundled deps without breaking a ton of other stuff, | ||
// and leaving the user subject to getting it overwritten later anyway. | ||
[_queueVulnDependents] (options) { | ||
for (const [name, {nodes}] of this.auditReport.entries()) { | ||
for (const node of nodes) { | ||
const bundler = node.getBundler() | ||
// XXX this belongs in the audit report itself, not here. | ||
// We shouldn't even get these things here, and they shouldn't | ||
// be printed by npm-audit-report as if they can be fixed, because | ||
// they can't. | ||
if (bundler) { | ||
this.log.warn(`audit fix ${node.name}@${node.package.version}`, | ||
`${node.location}\nis a bundled dependency of\n${ | ||
bundler.name}@${bundler.package.version} at ${bundler.location}\n` + | ||
'It cannot be fixed automatically.\n' + | ||
`Check for updates to the ${bundler.name} package.`) | ||
continue | ||
} | ||
for (const edge of node.edgesIn) { | ||
this.addTracker('buildIdealTree', edge.from.name, edge.from.location) | ||
this.addTracker('idealTree', edge.from.name, edge.from.location) | ||
this[_depsQueue].push(edge.from) | ||
@@ -398,3 +417,3 @@ } | ||
for (const edge of node.edgesIn) { | ||
this.addTracker('buildIdealTree', edge.from.name, edge.from.location) | ||
this.addTracker('idealTree', edge.from.name, edge.from.location) | ||
this[_depsQueue].push(edge.from) | ||
@@ -971,2 +990,3 @@ } | ||
link.target.fsParent = node | ||
this.addTracker('idealTree', link.target.name, link.target.location) | ||
this[_depsQueue].push(link.target) | ||
@@ -980,4 +1000,6 @@ p = -1 | ||
// link targets, so go ahead and process it. | ||
if (this[_follow] && !link.target.parent && !link.target.fsParent) | ||
if (this[_follow] && !link.target.parent && !link.target.fsParent) { | ||
this.addTracker('idealTree', link.target.name, link.target.location) | ||
this[_depsQueue].push(link.target) | ||
} | ||
} | ||
@@ -984,0 +1006,0 @@ |
@@ -847,2 +847,5 @@ // mixin implementing the reify method | ||
const pj = resolve(this.idealTree.path, 'package.json') | ||
if (this.idealTree.meta.yarnLock) | ||
this.idealTree.meta.yarnLock.fromTree(this.idealTree) | ||
return Promise.all([ | ||
@@ -849,0 +852,0 @@ this.idealTree.meta.save(), |
@@ -280,3 +280,3 @@ // inventory, path, realpath, root, and parent | ||
getBundler (path) { | ||
getBundler (path = []) { | ||
// made a cycle, definitely not bundled! | ||
@@ -319,3 +319,3 @@ if (path.includes(this)) | ||
get inBundle () { | ||
return !!this.getBundler([]) | ||
return !!this.getBundler() | ||
} | ||
@@ -322,0 +322,0 @@ |
@@ -562,3 +562,2 @@ // a module that manages a shrinkwrap file (npm-shrinkwrap.json or | ||
this[_awaitingUpdate].set(loc, node) | ||
return | ||
} | ||
@@ -565,0 +564,0 @@ |
{ | ||
"name": "@npmcli/arborist", | ||
"version": "0.0.0-pre.17", | ||
"version": "0.0.0-pre.18", | ||
"description": "Manage node_modules trees", | ||
"dependencies": { | ||
"@npmcli/installed-package-contents": "^1.0.5", | ||
"@npmcli/map-workspaces": "0.0.0-pre.1", | ||
"@npmcli/name-from-folder": "^1.0.1", | ||
"@npmcli/map-workspaces": "0.0.0-pre.1", | ||
"@npmcli/run-script": "^1.3.1", | ||
@@ -16,3 +16,3 @@ "bin-links": "^2.1.2", | ||
"npm-pick-manifest": "^6.1.0", | ||
"pacote": "^11.1.6", | ||
"pacote": "^11.1.9", | ||
"parse-conflict-json": "^1.0.0", | ||
@@ -19,0 +19,0 @@ "promise-all-reject-late": "^1.0.0", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
224083
5385
Updatedpacote@^11.1.9