@npmcli/arborist - npm Package Compare versions

Comparing version 0.0.3 to 0.0.4

lib/arborist/reify.js

		@@ -610,5 +610,12 @@ // mixin implementing the reify method
		const sw = node.hasShrinkwrap
		// should inBundle differentiate if it's in the root's bundle?
		// because in that case, it should still be installed.
		if (node && !node.isRoot && !(bd && bd.length) && !sw && !node.inBundle)

		// check whether we still need to unpack this one.
		// test the inDepBundle last, since that's potentially a tree walk.
		const doUnpack = node && // can't unpack if removed!
		!node.isRoot && // root node already exists
		!(bd && bd.length) && // already unpacked to read bundle
		!sw && // already unpacked to read sw
		!node.inDepBundle // already unpacked by another dep's bundle

		if (doUnpack)
		unpacks.push(this[_reifyNode](node))
		@@ -647,6 +654,5 @@ },

		if (node.inBundle) {
		// will have been moved/unpacked along with bundler
		// will have been moved/unpacked along with bundler
		if (node.inDepBundle)
		return
		}

		@@ -653,0 +659,0 @@ this[_retiredUnchanged][retireFolder].push(node)

lib/audit-report.js

		@@ -333,21 +333,25 @@ // an object representing the set of vulnerabilities in a tree

		process.emit('time', `auditReport:add:${name}@${range}`)
		// wrap in try/finally to ensure we end the timer properly
		// and don't leave it hanging to conflict with a future one.
		try {
		process.emit('time', `auditReport:add:${name}@${range}`)

		for (const node of this.tree.inventory.query('name', name)) {
		if (vuln.nodes.has(node) \|\| !vuln.isVulnerable(node))
		continue
		for (const node of this.tree.inventory.query('name', name)) {
		if (vuln.nodes.has(node) \|\| !vuln.isVulnerable(node))
		continue

		for (const {from} of node.edgesIn) {
		this[_vulnDependents].add(from)
		for (const {from} of node.edgesIn) {
		this[_vulnDependents].add(from)
		}
		}
		}

		// if we didn't get anything, then why is this even here??
		if (vuln.nodes.size === 0)
		return this.delete(name)
		// if we didn't get anything, then why is this even here??
		if (vuln.nodes.size === 0)
		return this.delete(name)

		if (!vuln.packument)
		vuln.packument = await this[_packument](name)

		process.emit('timeEnd', `auditReport:add:${name}@${range}`)
		if (!vuln.packument)
		vuln.packument = await this[_packument](name)
		} finally {
		process.emit('timeEnd', `auditReport:add:${name}@${range}`)
		}
		}
		@@ -354,0 +358,0 @@

lib/diff.js

		@@ -42,7 +42,7 @@ // a tree representing the difference between two trees
		!ideal ? 'REMOVE'
		// bundled deps are copied over to the ideal tree when we visit it, so
		// they'll appear to be missing here. There's no need to handle them in
		// the diff, though, because they'll be replaced at reify time anyway
		// bundled meta-deps are copied over to the ideal tree when we visit it,
		// so they'll appear to be missing here. There's no need to handle them
		// in the diff, though, because they'll be replaced at reify time anyway
		// Otherwise, add the missing node.
		: !actual ? (ideal.inBundle ? null : 'ADD')
		: !actual ? (ideal.inDepBundle ? null : 'ADD')
		// always ignore the root node
		@@ -49,0 +49,0 @@ : ideal.isRoot && actual.isRoot \|\|

lib/node.js

		@@ -351,2 +351,10 @@ // inventory, path, realpath, root, and parent

		// when reifying, if a package is technically in a bundleDependencies list,
		// but that list is the root project, we still have to install it. This
		// getter returns true if it's in a dependency's bundle list, not the root's.
		get inDepBundle () {
		const bundler = this.getBundler()
		return !!bundler && bundler !== this.root
		}

		get isRoot () {
		@@ -353,0 +361,0 @@ return this === this.root

package.json

		{
		"name": "@npmcli/arborist",
		"version": "0.0.3",
		"version": "0.0.4",
		"description": "Manage node_modules trees",
		@@ -5,0 +5,0 @@ "dependencies": {

New alerts