@npmcli/arborist
Advanced tools
Comparing version 0.0.26 to 0.0.27
@@ -371,3 +371,3 @@ // mixin implementing the buildIdealTree method | ||
const mani = await pacote.manifest(spec) | ||
const mani = await pacote.manifest(spec, { ...this.options }) | ||
// if it's a tag type, then we need to run it down to an actual version | ||
@@ -772,8 +772,40 @@ if (isTag) | ||
return [...node.edgesOut.values()] | ||
.filter(edge => !bundled.has(edge.name) && | ||
!(edge.to && this[_loadFailures].has(edge.to)) && | ||
!(edge.to && edge.to.inShrinkwrap) && | ||
(!edge.valid || !edge.to || this[_updateNames].includes(edge.name) || | ||
this[_isVulnerable](edge.to) || | ||
node.isRoot && this[_explicitRequests].has(edge.name))) | ||
.filter(edge => { | ||
// If it's included in a bundle, we take whatever is specified. | ||
if (bundled.has(edge.name)) | ||
return false | ||
// If it's already been logged as a load failure, skip it. | ||
if (edge.to && this[_loadFailures].has(edge.to)) | ||
return false | ||
// If it's shrinkwrapped, we use what the shrinkwap wants. | ||
if (edge.to && edge.to.inShrinkwrap) | ||
return false | ||
// If the edge has an error, there's a problem. | ||
if (!edge.valid) | ||
return true | ||
// If the edge has no destination, that's a problem. | ||
if (!edge.to) { | ||
return edge.type !== 'peerOptional' | ||
} | ||
// If user has explicitly asked to update this package by name, it's a problem. | ||
if (this[_updateNames].includes(edge.name)) | ||
return true | ||
// If we're fixing a security vulnerability with this package, it's a problem. | ||
if (this[_isVulnerable](edge.to)) | ||
return true | ||
// If the user has explicitly asked to install this package, it's a problem. | ||
if (node.isRoot && this[_explicitRequests].has(edge.name)) | ||
return true | ||
// No problems! | ||
return false | ||
}) | ||
} | ||
@@ -780,0 +812,0 @@ |
{ | ||
"name": "@npmcli/arborist", | ||
"version": "0.0.26", | ||
"version": "0.0.27", | ||
"description": "Manage node_modules trees", | ||
@@ -5,0 +5,0 @@ "dependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
274468
6714