@npmcli/arborist - npm Package Compare versions

Comparing version 0.0.0-pre.18 to 0.0.0-pre.19

lib/arborist/build-ideal-tree.js

@@ -596,2 +596,17 @@ // mixin implementing the buildIdealTree method
       }
+      const { yarnLock } = this.idealTree.meta
+      const fromYarn = yarnLock && yarnLock.entries.get(spec.raw)
+      if (fromYarn && fromYarn.version) {
+        // if it's the yarn or npm default registry, use the version as
+        // our effective spec.  if it's any other kind of thing, use that.
+        const yarnRegRe = /^https?:\/\/registry.yarnpkg.com\//
+        const npmRegRe = /^https?:\/\/registry.npmjs.org\//
+        const {resolved, version} = fromYarn
+        const isYarnReg = yarnRegRe.test(resolved)
+        const isnpmReg = !isYarnReg && npmRegRe.test(resolved)
+        const yspec = (isYarnReg || isnpmReg) && version || resolved
+        if (yspec)
+          spec = npa(`${spec.name}@${yspec}`)
+      }
+
       const p = pacote.manifest(spec, options)
@@ -598,0 +613,0 @@ this[_manifests].set(spec.raw, p)

lib/audit-report.js

@@ -171,6 +171,14 @@ // an object representing the set of vulnerabilities in a tree
     // required, then the dep range is entirely vulnerable.
-    return pickManifest(paku, spec, {
-      ...this.options,
-      avoid,
-    })._shouldAvoid
+    try {
+      return pickManifest(paku, spec, {
+        ...this.options,
+        before: null,
+        avoid,
+      })._shouldAvoid
+    } catch (er) {
+      // not vulnerable per se, but also not installable, so best avoided
+      // this can happen when dep versions are unpublished.
+      /* istanbul ignore next */
+      return true
+    }
   }
@@ -192,2 +200,3 @@
         ...this.options,
+        before: null,
         avoid,
@@ -194,0 +203,0 @@ avoidStrict: true,

lib/tracker.js

@@ -84,3 +84,3 @@ const procLog = require('./proc-log.js')
         if (key.match(new RegExp(section + ':'))) {
-          this[_onError](`Tracker "${section}" contains unfinished child: ${key}`)
+          this.finishTracker(section, key)
         }
@@ -107,3 +107,3 @@ }
     else if (hasTracker && !hasSubtracker) {
-      this[_onError](`Subtracker "${subsection}" does not exist`)
+      return
     }
@@ -110,0 +110,0 @@

package.json

 {
   "name": "@npmcli/arborist",
-  "version": "0.0.0-pre.18",
+  "version": "0.0.0-pre.19",
   "description": "Manage node_modules trees",
@@ -5,0 +5,0 @@ "dependencies": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

224989

increased by0.4%

Lines of code

5408

increased by0.43%

No dependency changes