@npmcli/arborist - npm Package Compare versions

Comparing version 0.0.0-pre.17 to 0.0.0-pre.18

lib/arborist/build-ideal-tree.js

		@@ -314,7 +314,26 @@ // mixin implementing the buildIdealTree method

		// TODO: provide a way to fix bundled deps by exposing metadata about
		// what's in the bundle at each published manifest. Without that, we
		// can't possibly fix bundled deps without breaking a ton of other stuff,
		// and leaving the user subject to getting it overwritten later anyway.
		[_queueVulnDependents] (options) {
		for (const [name, {nodes}] of this.auditReport.entries()) {
		for (const node of nodes) {
		const bundler = node.getBundler()

		// XXX this belongs in the audit report itself, not here.
		// We shouldn't even get these things here, and they shouldn't
		// be printed by npm-audit-report as if they can be fixed, because
		// they can't.
		if (bundler) {
		this.log.warn(`audit fix ${node.name}@${node.package.version}`,
		`${node.location}\nis a bundled dependency of\n${
		bundler.name}@${bundler.package.version} at ${bundler.location}\n` +
		'It cannot be fixed automatically.\n' +
		`Check for updates to the ${bundler.name} package.`)
		continue
		}

		for (const edge of node.edgesIn) {
		this.addTracker('buildIdealTree', edge.from.name, edge.from.location)
		this.addTracker('idealTree', edge.from.name, edge.from.location)
		this[_depsQueue].push(edge.from)
		@@ -398,3 +417,3 @@ }
		for (const edge of node.edgesIn) {
		this.addTracker('buildIdealTree', edge.from.name, edge.from.location)
		this.addTracker('idealTree', edge.from.name, edge.from.location)
		this[_depsQueue].push(edge.from)
		@@ -971,2 +990,3 @@ }
		link.target.fsParent = node
		this.addTracker('idealTree', link.target.name, link.target.location)
		this[_depsQueue].push(link.target)
		@@ -980,4 +1000,6 @@ p = -1
		// link targets, so go ahead and process it.
		if (this[_follow] && !link.target.parent && !link.target.fsParent)
		if (this[_follow] && !link.target.parent && !link.target.fsParent) {
		this.addTracker('idealTree', link.target.name, link.target.location)
		this[_depsQueue].push(link.target)
		}
		}
		@@ -984,0 +1006,0 @@

lib/arborist/reify.js

		@@ -847,2 +847,5 @@ // mixin implementing the reify method
		const pj = resolve(this.idealTree.path, 'package.json')
		if (this.idealTree.meta.yarnLock)
		this.idealTree.meta.yarnLock.fromTree(this.idealTree)

		return Promise.all([
		@@ -849,0 +852,0 @@ this.idealTree.meta.save(),

lib/node.js

		@@ -280,3 +280,3 @@ // inventory, path, realpath, root, and parent

		getBundler (path) {
		getBundler (path = []) {
		// made a cycle, definitely not bundled!
		@@ -319,3 +319,3 @@ if (path.includes(this))
		get inBundle () {
		return !!this.getBundler([])
		return !!this.getBundler()
		}
		@@ -322,0 +322,0 @@

lib/shrinkwrap.js

		@@ -562,3 +562,2 @@ // a module that manages a shrinkwrap file (npm-shrinkwrap.json or
		this[_awaitingUpdate].set(loc, node)
		return
		}
		@@ -565,0 +564,0 @@

package.json

		{
		"name": "@npmcli/arborist",
		"version": "0.0.0-pre.17",
		"version": "0.0.0-pre.18",
		"description": "Manage node_modules trees",
		"dependencies": {
		"@npmcli/installed-package-contents": "^1.0.5",
		"@npmcli/map-workspaces": "0.0.0-pre.1",
		"@npmcli/name-from-folder": "^1.0.1",
		"@npmcli/map-workspaces": "0.0.0-pre.1",
		"@npmcli/run-script": "^1.3.1",
		@@ -16,3 +16,3 @@ "bin-links": "^2.1.2",
		"npm-pick-manifest": "^6.1.0",
		"pacote": "^11.1.6",
		"pacote": "^11.1.9",
		"parse-conflict-json": "^1.0.0",
		@@ -19,0 +19,0 @@ "promise-all-reject-late": "^1.0.0",

@npmcli/arborist - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes