@npmcli/arborist - npm Package Compare versions

Comparing version 0.0.26 to 0.0.27

lib/arborist/build-ideal-tree.js

@@ -371,3 +371,3 @@ // mixin implementing the buildIdealTree method
 
-    const mani = await pacote.manifest(spec)
+    const mani = await pacote.manifest(spec, { ...this.options })
     // if it's a tag type, then we need to run it down to an actual version
@@ -772,8 +772,40 @@ if (isTag)
     return [...node.edgesOut.values()]
-      .filter(edge => !bundled.has(edge.name) &&
-        !(edge.to && this[_loadFailures].has(edge.to)) &&
-        !(edge.to && edge.to.inShrinkwrap) &&
-        (!edge.valid || !edge.to || this[_updateNames].includes(edge.name) ||
-          this[_isVulnerable](edge.to) ||
-          node.isRoot && this[_explicitRequests].has(edge.name)))
+      .filter(edge => {
+
+        // If it's included in a bundle, we take whatever is specified.
+        if (bundled.has(edge.name))
+          return false
+
+        // If it's already been logged as a load failure, skip it.
+        if (edge.to && this[_loadFailures].has(edge.to))
+          return false
+
+        // If it's shrinkwrapped, we use what the shrinkwap wants.
+        if (edge.to && edge.to.inShrinkwrap)
+          return false
+
+        // If the edge has an error, there's a problem.
+        if (!edge.valid)
+          return true
+
+        // If the edge has no destination, that's a problem.
+        if (!edge.to) {
+          return edge.type !== 'peerOptional'
+        }
+
+        // If user has explicitly asked to update this package by name, it's a problem.
+        if (this[_updateNames].includes(edge.name))
+          return true
+
+        // If we're fixing a security vulnerability with this package, it's a problem.
+        if (this[_isVulnerable](edge.to))
+          return true
+
+        // If the user has explicitly asked to install this package, it's a problem.
+        if (node.isRoot && this[_explicitRequests].has(edge.name))
+          return true
+
+        // No problems!
+        return false
+      })
   }
@@ -780,0 +812,0 @@

package.json

 {
   "name": "@npmcli/arborist",
-  "version": "0.0.26",
+  "version": "0.0.27",
   "description": "Manage node_modules trees",
@@ -5,0 +5,0 @@ "dependencies": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

274468

increased by0.33%

Lines of code

6714

increased by0.34%

No dependency changes