@npmcli/arborist - npm Package Compare versions

Comparing version 5.0.2 to 5.0.3

lib/arborist/load-actual.js

@@ -438,3 +438,3 @@ // mix-in implementing the loadActual method
             // unless another dep in the tree also needs it.
-            const depPath = `${p}/node_modules/${name}`
+            const depPath = normalize(`${p}/node_modules/${name}`)
             const cached = this[_cache].get(depPath)
@@ -441,0 +441,0 @@ if (!cached || cached.dummy) {

lib/arborist/reify.js

@@ -1228,10 +1228,19 @@ // mixin implementing the reify method
         } else if (isLocalDep) {
-          // save the relative path in package.json
-          // Normally saveSpec is updated with the proper relative
-          // path already, but it's possible to specify a full absolute
-          // path initially, in which case we can end up with the wrong
-          // thing, so just get the ultimate fetchSpec and relativize it.
-          const p = req.fetchSpec.replace(/^file:/, '')
-          const rel = relpath(addTree.realpath, p)
-          newSpec = `file:${rel}`
+          // when finding workspace nodes, make sure that
+          // we save them using their version instead of
+          // using their relative path
+          if (edge.type === 'workspace') {
+            const { version } = edge.to.target
+            const prefixRange = version ? this[_savePrefix] + version : '*'
+            newSpec = prefixRange
+          } else {
+            // save the relative path in package.json
+            // Normally saveSpec is updated with the proper relative
+            // path already, but it's possible to specify a full absolute
+            // path initially, in which case we can end up with the wrong
+            // thing, so just get the ultimate fetchSpec and relativize it.
+            const p = req.fetchSpec.replace(/^file:/, '')
+            const rel = relpath(addTree.realpath, p)
+            newSpec = `file:${rel}`
+          }
         } else {
@@ -1238,0 +1247,0 @@ newSpec = req.saveSpec

package.json

 {
   "name": "@npmcli/arborist",
-  "version": "5.0.2",
+  "version": "5.0.3",
   "description": "Manage node_modules trees",
@@ -9,3 +9,3 @@ "dependencies": {
     "@npmcli/map-workspaces": "^2.0.0",
-    "@npmcli/metavuln-calculator": "^3.0.0",
+    "@npmcli/metavuln-calculator": "^3.0.1",
     "@npmcli/move-file": "^1.1.0",
@@ -17,3 +17,3 @@ "@npmcli/name-from-folder": "^1.0.1",
     "bin-links": "^3.0.0",
-    "cacache": "^15.0.3",
+    "cacache": "^16.0.0",
     "common-ancestor-path": "^1.0.1",
@@ -30,3 +30,3 @@ "json-parse-even-better-errors": "^2.3.1",
     "npmlog": "^6.0.1",
-    "pacote": "^13.0.2",
+    "pacote": "^13.0.5",
     "parse-conflict-json": "^2.0.1",
@@ -33,0 +33,0 @@ "proc-log": "^2.0.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

410879

increased by0.1%

Lines of code

10862

increased by0.08%

Dependency changes

• Updated@npmcli/metavuln-calculator@^3.0.1

• Updatedcacache@^16.0.0

• Updatedpacote@^13.0.5