@npmcli/arborist - npm Package Compare versions

Comparing version 5.3.1 to 5.4.0

lib/arborist/build-ideal-tree.js

@@ -1079,5 +1079,4 @@ // mixin implementing the buildIdealTree method
           // fail later anyway.
-          const from = fromPath(placed)
           promises.push(...this[_problemEdges](placed).map(e =>
-            this[_fetchManifest](npa.resolve(e.name, e.spec, from))
+            this[_fetchManifest](npa.resolve(e.name, e.spec, fromPath(placed, e)))
               .catch(er => null)))
@@ -1084,0 +1083,0 @@ },

lib/arborist/index.js

@@ -77,4 +77,8 @@ // The arborist manages three trees:
       workspacesEnabled: options.workspacesEnabled !== false,
+      replaceRegistryHost: options.replaceRegistryHost,
       lockfileVersion: lockfileVersion(options.lockfileVersion),
     }
+    this.replaceRegistryHost = this.options.replaceRegistryHost =
+      (!this.options.replaceRegistryHost || this.options.replaceRegistryHost === 'npmjs') ?
+        'registry.npmjs.org' : this.options.replaceRegistryHost
 
@@ -81,0 +85,0 @@ this[_workspacesEnabled] = this.options.workspacesEnabled

lib/arborist/reify.js

@@ -715,2 +715,3 @@ // mixin implementing the reify method
     // configured registry".
+    // `resolved` must never be falsey.
     //
@@ -721,4 +722,9 @@ // XXX: use a magic string that isn't also a valid value, like
     // the default reg as the magical animal that it has been.
-    return resolved && resolved
-      .replace(/^https?:\/\/registry\.npmjs\.org\//, this.registry)
+    const resolvedURL = new URL(resolved)
+    if ((this.options.replaceRegistryHost === resolvedURL.hostname)
+      || this.options.replaceRegistryHost === 'always') {
+      // this.registry always has a trailing slash
+      resolved = `${this.registry.slice(0, -1)}${resolvedURL.pathname}${resolvedURL.searchParams}`
+    }
+    return resolved
   }
@@ -725,0 +731,0 @@

lib/dep-valid.js

@@ -23,3 +23,3 @@ // Do not rely on package._fields, so that we don't throw
       // '' is equivalent to '*'
-      requested = npa.resolve(child.name, requested || '*', fromPath(requestor))
+      requested = npa.resolve(child.name, requested || '*', fromPath(requestor, requestor.edgesOut.get(child.name)))
     } catch (er) {
@@ -26,0 +26,0 @@ // Not invalid because the child doesn't match, but because

lib/edge.js

@@ -172,3 +172,7 @@ // An edge in the dependency graph
         const ref = this.overrides.value.slice(1)
-        const pkg = this.from.root.package
+        // we may be a virtual root, if we are we want to resolve reference overrides
+        // from the real root, not the virtual one
+        const pkg = this.from.sourceReference
+          ? this.from.sourceReference.root.package
+          : this.from.root.package
         const overrideSpec = (pkg.devDependencies && pkg.devDependencies[ref]) ||
@@ -175,0 +179,0 @@ (pkg.optionalDependencies && pkg.optionalDependencies[ref]) ||

lib/from-path.js

@@ -9,6 +9,17 @@ // file dependencies need their dependencies resolved based on the
 
-const fromPath = (node, spec) =>
-  spec && spec.type === 'file' ? dirname(spec.fetchSpec)
-  : node.realpath
+const fromPath = (node, spec, edge) => {
+  if (edge && edge.overrides && edge.overrides.name === edge.name && edge.overrides.value) {
+    // fromPath could be called with a node that has a virtual root, if that happens
+    // we want to make sure we get the real root node when overrides are in use. this
+    // is to allow things like overriding a dependency with a tarball file that's a
+    // relative path from the project root
+    return node.sourceReference
+      ? node.sourceReference.root.realpath
+      : node.root.realpath
+  }
 
-module.exports = node => fromPath(node, node.resolved && npa(node.resolved))
+  return spec && spec.type === 'file' ? dirname(spec.fetchSpec)
+    : node.realpath
+}
+
+module.exports = (node, edge) => fromPath(node, node.resolved && npa(node.resolved), edge)

lib/node.js

@@ -72,2 +72,4 @@ // inventory, path, realpath, root, and parent
 
+const querySelectorAll = require('./query-selector-all.js')
+
 class Node {
@@ -1450,2 +1452,8 @@ constructor (options) {
 
+  // maybe accept both string value or array of strings
+  // seems to be what dom API does
+  querySelectorAll (query) {
+    return querySelectorAll(this, query)
+  }
+
   toJSON () {
@@ -1452,0 +1460,0 @@ return printableTree(this)

package.json

 {
   "name": "@npmcli/arborist",
-  "version": "5.3.1",
+  "version": "5.4.0",
   "description": "Manage node_modules trees",
@@ -14,2 +14,3 @@ "dependencies": {
     "@npmcli/package-json": "^2.0.0",
+    "@npmcli/query": "^1.1.1",
     "@npmcli/run-script": "^4.1.3",
@@ -21,2 +22,3 @@ "bin-links": "^3.0.0",
     "json-stringify-nice": "^1.1.4",
+    "minimatch": "^5.1.0",
     "mkdirp": "^1.0.4",
@@ -23,0 +25,0 @@ "mkdirp-infer-owner": "^2.0.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

435584

increased by4.4%

Number of package files

65

increased by1.56%

Lines of code

11551

increased by4.85%

Worsened metrics

Dependency count

36

increased by5.88%

Dependency changes

• + Added@npmcli/query@^1.1.1

• + Addedminimatch@^5.1.0

• + Added@npmcli/query@1.2.0(transitive)

• + Addedcssesc@3.0.0(transitive)

• + Addedpostcss-selector-parser@6.1.2(transitive)