@npmcli/arborist
Advanced tools
Comparing version 0.0.0-pre.18 to 0.0.0-pre.19
@@ -596,2 +596,17 @@ // mixin implementing the buildIdealTree method | ||
} | ||
const { yarnLock } = this.idealTree.meta | ||
const fromYarn = yarnLock && yarnLock.entries.get(spec.raw) | ||
if (fromYarn && fromYarn.version) { | ||
// if it's the yarn or npm default registry, use the version as | ||
// our effective spec. if it's any other kind of thing, use that. | ||
const yarnRegRe = /^https?:\/\/registry.yarnpkg.com\// | ||
const npmRegRe = /^https?:\/\/registry.npmjs.org\// | ||
const {resolved, version} = fromYarn | ||
const isYarnReg = yarnRegRe.test(resolved) | ||
const isnpmReg = !isYarnReg && npmRegRe.test(resolved) | ||
const yspec = (isYarnReg || isnpmReg) && version || resolved | ||
if (yspec) | ||
spec = npa(`${spec.name}@${yspec}`) | ||
} | ||
const p = pacote.manifest(spec, options) | ||
@@ -598,0 +613,0 @@ this[_manifests].set(spec.raw, p) |
@@ -171,6 +171,14 @@ // an object representing the set of vulnerabilities in a tree | ||
// required, then the dep range is entirely vulnerable. | ||
return pickManifest(paku, spec, { | ||
...this.options, | ||
avoid, | ||
})._shouldAvoid | ||
try { | ||
return pickManifest(paku, spec, { | ||
...this.options, | ||
before: null, | ||
avoid, | ||
})._shouldAvoid | ||
} catch (er) { | ||
// not vulnerable per se, but also not installable, so best avoided | ||
// this can happen when dep versions are unpublished. | ||
/* istanbul ignore next */ | ||
return true | ||
} | ||
} | ||
@@ -192,2 +200,3 @@ | ||
...this.options, | ||
before: null, | ||
avoid, | ||
@@ -194,0 +203,0 @@ avoidStrict: true, |
@@ -84,3 +84,3 @@ const procLog = require('./proc-log.js') | ||
if (key.match(new RegExp(section + ':'))) { | ||
this[_onError](`Tracker "${section}" contains unfinished child: ${key}`) | ||
this.finishTracker(section, key) | ||
} | ||
@@ -107,3 +107,3 @@ } | ||
else if (hasTracker && !hasSubtracker) { | ||
this[_onError](`Subtracker "${subsection}" does not exist`) | ||
return | ||
} | ||
@@ -110,0 +110,0 @@ |
{ | ||
"name": "@npmcli/arborist", | ||
"version": "0.0.0-pre.18", | ||
"version": "0.0.0-pre.19", | ||
"description": "Manage node_modules trees", | ||
@@ -5,0 +5,0 @@ "dependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
224989
5408