@npmcli/arborist
Advanced tools
Comparing version 0.0.25 to 0.0.26
@@ -89,2 +89,3 @@ // mixin implementing the buildIdealTree method | ||
const _retrieveSpecName = Symbol('retrieveSpecName') | ||
const _strictPeerDeps = Symbol('strictPeerDeps') | ||
@@ -116,5 +117,7 @@ // used for the ERESOLVE error to show the last peer conflict encountered | ||
packageLock = true, | ||
strictPeerDeps = false, | ||
} = options | ||
this[_force] = !!force | ||
this[_strictPeerDeps] = !!strictPeerDeps | ||
@@ -763,2 +766,5 @@ this.idealTree = options.idealTree | ||
// problems than a few unnecessary packument fetches. | ||
// also skip over any nodes in the tree that failed to load, since those | ||
// will crash the install later on anyway. | ||
const bd = node.isRoot ? null : node.package.bundleDependencies | ||
@@ -769,2 +775,3 @@ const bundled = new Set(bd || []) | ||
.filter(edge => !bundled.has(edge.name) && | ||
!(edge.to && this[_loadFailures].has(edge.to)) && | ||
!(edge.to && edge.to.inShrinkwrap) && | ||
@@ -916,4 +923,5 @@ (!edge.valid || !edge.to || this[_updateNames].includes(edge.name) || | ||
} | ||
const override = this[_force] || !this[_strictPeerDeps] | ||
if (this[_force] && expl.fixWithForce) { | ||
if (override && expl.fixWithForce) { | ||
this.log.warn('ERESOLVE', 'overriding peer dependency', expl) | ||
@@ -920,0 +928,0 @@ return [] |
@@ -13,2 +13,3 @@ // Arborist.rebuild({path = this.path}) will do all the binlinks and | ||
const boolEnv = b => b ? '1' : '' | ||
const sortNodes = (a, b) => (a.depth - b.depth) || a.path.localeCompare(b.path) | ||
@@ -116,4 +117,3 @@ const _rebuildBundle = Symbol('rebuildBundle') | ||
// than another, but sorting *somehow* makes it consistent. | ||
const queue = [...set].sort((a, b) => | ||
(a.depth - b.depth) || a.path.localeCompare(b.path)) | ||
const queue = [...set].sort(sortNodes) | ||
@@ -239,3 +239,5 @@ for (const node of queue) { | ||
const promises = [] | ||
for (const node of queue) { | ||
// sort the queue by node path, so that the module-local collision | ||
// detector in bin-links will always resolve the same way. | ||
for (const node of queue.sort(sortNodes)) { | ||
promises.push(this[_createBinLinks](node)) | ||
@@ -242,0 +244,0 @@ } |
@@ -332,3 +332,3 @@ // mixin implementing the reify method | ||
if (failures.length) | ||
this.log.warn('Failed to clean up some directories', failures) | ||
this.log.warn('cleanup', 'Failed to remove some directories', failures) | ||
}) | ||
@@ -485,3 +485,7 @@ .then(() => process.emit('timeEnd', 'reify:rollback:createSparse')) | ||
} catch (er) { | ||
this.log.warn(er) | ||
this.log.warn(er.code, er.message, { | ||
package: er.pkgid, | ||
required: er.required, | ||
current: er.current, | ||
}) | ||
} | ||
@@ -807,3 +811,3 @@ } | ||
if (failures.length) | ||
this.log.warn('Failed to clean up some directories', failures) | ||
this.log.warn('cleanup', 'Failed to remove some directories', failures) | ||
}) | ||
@@ -810,0 +814,0 @@ .then(() => process.emit('timeEnd', 'reify:trash')) |
@@ -67,2 +67,6 @@ // An object representing a vulnerability either as the result of an | ||
for (const v of this.via) { | ||
// don't blow up on loops | ||
if (v.fixAvailable === f) | ||
continue | ||
if (f === false) | ||
@@ -69,0 +73,0 @@ v.fixAvailable = f |
{ | ||
"name": "@npmcli/arborist", | ||
"version": "0.0.25", | ||
"version": "0.0.26", | ||
"description": "Manage node_modules trees", | ||
@@ -8,7 +8,9 @@ "dependencies": { | ||
"@npmcli/map-workspaces": "0.0.0-pre.1", | ||
"@npmcli/metavuln-calculator": "^1.0.0", | ||
"@npmcli/name-from-folder": "^1.0.1", | ||
"@npmcli/run-script": "^1.3.1", | ||
"bin-links": "^2.1.2", | ||
"bin-links": "^2.1.4", | ||
"cacache": "^15.0.3", | ||
"common-ancestor-path": "^1.0.1", | ||
"json-parse-even-better-errors": "^2.3.1", | ||
"json-stringify-nice": "^1.1.1", | ||
@@ -27,5 +29,3 @@ "mkdirp-infer-owner": "^2.0.0", | ||
"treeverse": "^1.0.4", | ||
"walk-up-path": "^1.0.0", | ||
"json-parse-even-better-errors": "^2.3.1", | ||
"@npmcli/metavuln-calculator": "^1.0.0" | ||
"walk-up-path": "^1.0.0" | ||
}, | ||
@@ -32,0 +32,0 @@ "devDependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
273555
6691
Updatedbin-links@^2.1.4