@npmcli/arborist
Advanced tools
@npmcli/arborist - npm Package Compare versions
Comparing version 0.0.28 to 0.0.29
@@ -24,2 +24,3 @@ // add and remove dependency specs to/from pkg manifest | ||
| case 'peerOptional': | ||
| others.delete('devDependencies') | ||
| others.delete('peerDependencies') | ||
@@ -48,5 +49,5 @@ others.delete('peerDependenciesMeta') | ||
| const type = saveType === 'prod' ? 'dependencies' | ||
| : saveType === 'dev' ? 'devDependencies' | ||
| : saveType === 'optional' ? 'optionalDependencies' | ||
| : saveType === 'peer' || saveType === 'peerOptional' ? 'peerDependencies' | ||
| : saveType === 'dev' ? 'devDependencies' | ||
| : /* istanbul ignore next */ null | ||
@@ -67,2 +68,6 @@ | ||
| } | ||
| // peerDeps are often also a devDep, so that they can be tested when | ||
| // using package managers that don't auto-install peer deps | ||
| if (pkg.devDependencies && pkg.devDependencies[name] !== undefined) | ||
| pkg.devDependencies[name] = pkg.peerDependencies[name] | ||
| } | ||
@@ -88,7 +93,3 @@ | ||
| if (devDeps && devDeps[name] !== undefined) | ||
| return 'dev' | ||
| else if (optDeps && optDeps[name] !== undefined) | ||
| return 'optional' | ||
| else if (peerDeps && peerDeps[name] !== undefined) { | ||
| if (peerDeps && peerDeps[name] !== undefined) { | ||
| if (peerDepsMeta && peerDepsMeta[name] && peerDepsMeta[name].optional) | ||
@@ -98,3 +99,7 @@ return 'peerOptional' | ||
| return 'peer' | ||
| } else | ||
| } else if (devDeps && devDeps[name] !== undefined) | ||
| return 'dev' | ||
| else if (optDeps && optDeps[name] !== undefined) | ||
| return 'optional' | ||
| else | ||
| return 'prod' | ||
@@ -101,0 +106,0 @@ } |
@@ -11,2 +11,3 @@ // Arborist.rebuild({path = this.path}) will do all the binlinks and | ||
| const {resolve} = require('path') | ||
| const { isNodeGypPackage } = require('@npmcli/node-gyp') | ||
@@ -26,2 +27,3 @@ const boolEnv = b => b ? '1' : '' | ||
| const _addToBuildSet = Symbol('addToBuildSet') | ||
| const _checkBins = Symbol.for('checkBins') | ||
| const _queues = Symbol('queues') | ||
@@ -131,2 +133,14 @@ const _scriptShell = Symbol('scriptShell') | ||
| async [_checkBins] (node) { | ||
| // if the node is a global top, and we're not in force mode, then | ||
| // any existing bins need to either be missing, or a symlink into | ||
| // the node path. Otherwise a package can have a preinstall script | ||
| // that unlinks something, to allow them to silently overwrite system | ||
| // binaries, which is unsafe and insecure. | ||
| if (!node.globalTop || this[_force]) | ||
| return | ||
| const { path, package: pkg } = node | ||
| await binLinks.checkBins({ pkg, path, top: true, global: true }) | ||
| } | ||
| async [_addToBuildSet] (node, set) { | ||
@@ -167,4 +181,13 @@ if (set.has(node)) | ||
| if (bin || preinstall || install || postinstall) | ||
| if (bin || preinstall || install || postinstall) { | ||
| if (bin) | ||
| await this[_checkBins](node) | ||
| set.add(node) | ||
| } else if (!install && !preinstall && await isNodeGypPackage(node.path)) { | ||
| // Rebuild node-gyp dependencies lacking an install or preinstall script | ||
| // note that 'scripts' might be missing entirely. | ||
| scripts.install = 'node-gyp rebuild' | ||
| node.package.scripts = scripts | ||
| set.add(node) | ||
| } | ||
| } | ||
@@ -171,0 +194,0 @@ |
@@ -45,2 +45,4 @@ // mixin implementing the reify method | ||
| const _extractOrLink = Symbol('extractOrLink') | ||
| // defined by rebuild mixin | ||
| const _checkBins = Symbol.for('checkBins') | ||
| const _symlink = Symbol('symlink') | ||
@@ -381,2 +383,3 @@ const _warnDeprecated = Symbol('warnDeprecated') | ||
| const p = Promise.resolve() | ||
| .then(() => this[_checkBins](node)) | ||
| .then(() => this[_extractOrLink](node)) | ||
@@ -383,0 +386,0 @@ .then(() => this[_warnDeprecated](node)) |
| { | ||
| "name": "@npmcli/arborist", | ||
| "version": "0.0.28", | ||
| "version": "0.0.29", | ||
| "description": "Manage node_modules trees", | ||
| "dependencies": { | ||
| "@npmcli/installed-package-contents": "^1.0.5", | ||
| "@npmcli/map-workspaces": "0.0.0-pre.1", | ||
| "@npmcli/map-workspaces": "^1.0.1", | ||
| "@npmcli/metavuln-calculator": "^1.0.0", | ||
| "@npmcli/name-from-folder": "^1.0.1", | ||
| "@npmcli/node-gyp": "^1.0.0", | ||
| "@npmcli/run-script": "^1.3.1", | ||
| "bin-links": "^2.1.4", | ||
| "bin-links": "^2.2.1", | ||
| "cacache": "^15.0.3", | ||
@@ -13,0 +14,0 @@ "common-ancestor-path": "^1.0.1", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.53%
275649
- Lines of code
- increased by0.45%
6676
Worsened metrics
- Dependency count
- increased by4.35%
24
Dependency changes
+ Added@npmcli/node-gyp@^1.0.0
+ Added@npmcli/map-workspaces@1.0.4(transitive)
- Removed@npmcli/map-workspaces@0.0.0-pre.1(transitive)
Updatedbin-links@^2.2.1