@npmcli/arborist - npm Package Compare versions

Comparing version 6.0.0-pre.3 to 6.0.0-pre.4

lib/arborist/build-ideal-tree.js

@@ -333,4 +333,3 @@ // mixin implementing the buildIdealTree method
             // set these so that we don't try to ancient lockfile reload it
-            root.meta.originalLockfileVersion = defaultLockfileVersion
-            root.meta.lockfileVersion = defaultLockfileVersion
+            root.meta.originalLockfileVersion = root.meta.lockfileVersion = this.options.lockfileVersion || defaultLockfileVersion
           }
@@ -762,3 +761,5 @@ }
     // again, since it's now as new as can be.
-    meta.originalLockfileVersion = defaultLockfileVersion
+    if (!this.options.lockfileVersion && !meta.hiddenLockfile) {
+      meta.originalLockfileVersion = defaultLockfileVersion
+    }
     this.finishTracker('idealTree:inflate')
@@ -765,0 +766,0 @@ process.emit('timeEnd', 'idealTree:inflate')

lib/arborist/reify.js

@@ -38,2 +38,5 @@ // mixin implementing the reify method
 
+const Shrinkwrap = require('../shrinkwrap.js')
+const { defaultLockfileVersion } = Shrinkwrap
+
 const _retiredPaths = Symbol('retiredPaths')
@@ -1518,2 +1521,4 @@ const _retiredUnchanged = Symbol('retiredUnchanged')
     this.idealTree.meta.hiddenLockfile = true
+    const resetMeta = this.idealTree.meta && this.idealTree.meta.lockfileVersion !== defaultLockfileVersion
+    this.idealTree.meta.lockfileVersion = defaultLockfileVersion
 
@@ -1524,2 +1529,5 @@ this.actualTree = this.idealTree
     if (!this[_global]) {
+      if (resetMeta) {
+        await this.actualTree.meta.reset()
+      }
       await this.actualTree.meta.save()
@@ -1526,0 +1534,0 @@ const ignoreScripts = !!this.options.ignoreScripts

lib/shrinkwrap.js

@@ -13,3 +13,3 @@ // a module that manages a shrinkwrap file (npm-shrinkwrap.json or
 const localeCompare = require('@isaacs/string-locale-compare')('en')
-const defaultLockfileVersion = 2
+const defaultLockfileVersion = 3
 
@@ -64,3 +64,3 @@ // for comparing nodes to yarn.lock entries
 
-const { resolve, basename } = require('path')
+const { resolve, basename, relative } = require('path')
 const specFromLock = require('./spec-from-lock.js')
@@ -229,2 +229,3 @@ const versionFromTgz = require('./version-from-tgz.js')
 const _maybeStat = Symbol('_maybeStat')
+
 class Shrinkwrap {
@@ -258,13 +259,2 @@ static get defaultLockfileVersion () {
 
-    try {
-      if (s.loadedFromDisk && !s.lockfileVersion) {
-        const json = parseJSON(await maybeReadFile(s.filename))
-        if (json.lockfileVersion > defaultLockfileVersion) {
-          s.lockfileVersion = json.lockfileVersion
-        }
-      }
-    } catch {
-      // ignore errors
-    }
-
     return s
@@ -349,2 +339,3 @@ }
       : null
+
     this[_awaitingUpdate] = new Map()
@@ -406,2 +397,3 @@ this.tree = null
     this.originalLockfileVersion = lockfileVersion
+
     this.data = {
@@ -505,4 +497,10 @@ lockfileVersion,
     }).then(lock => {
-      const lockfileVersion = this.lockfileVersion ? this.lockfileVersion
-        : Math.max(lock.lockfileVersion || 0, defaultLockfileVersion)
+      // auto convert v1 lockfiles to v3
+      // leave v2 in place unless configured
+      // v3 by default
+      const lockfileVersion =
+        this.lockfileVersion ? this.lockfileVersion
+        : lock.lockfileVersion === 1 ? defaultLockfileVersion
+        : lock.lockfileVersion || defaultLockfileVersion
+
       this.data = {
@@ -517,2 +515,3 @@ ...lock,
       this.originalLockfileVersion = lock.lockfileVersion
+
       // use default if it wasn't explicitly set, and the current file is
@@ -1146,3 +1145,13 @@ // less than our default.  otherwise, keep whatever is in the file,
     }
+
     const json = this.toString(options)
+    if (
+      !this.hiddenLockfile
+      && this.originalLockfileVersion !== undefined
+      && this.originalLockfileVersion !== this.lockfileVersion
+    ) {
+      log.warn(
+      `Converting lock file (${relative(process.cwd(), this.filename)}) from v${this.originalLockfileVersion} -> v${this.lockfileVersion}`
+      )
+    }
     return Promise.all([
@@ -1149,0 +1158,0 @@ writeFile(this.filename, json).catch(er => {

package.json

 {
   "name": "@npmcli/arborist",
-  "version": "6.0.0-pre.3",
+  "version": "6.0.0-pre.4",
   "description": "Manage node_modules trees",
@@ -9,3 +9,3 @@ "dependencies": {
     "@npmcli/map-workspaces": "^2.0.3",
-    "@npmcli/metavuln-calculator": "^4.0.0-pre.0",
+    "@npmcli/metavuln-calculator": "^4.0.0",
     "@npmcli/move-file": "^2.0.0",
@@ -31,3 +31,3 @@ "@npmcli/name-from-folder": "^1.0.1",
     "npmlog": "^6.0.2",
-    "pacote": "^14.0.0-pre.3",
+    "pacote": "^14.0.0",
     "parse-conflict-json": "^2.0.1",
@@ -47,3 +47,3 @@ "proc-log": "^2.0.0",
     "@npmcli/eslint-config": "^3.1.0",
-    "@npmcli/template-oss": "4.4.1",
+    "@npmcli/template-oss": "4.5.0",
     "benchmark": "^2.1.4",
@@ -110,5 +110,5 @@ "chalk": "^4.1.0",
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.4.1",
+    "version": "4.5.0",
     "content": "../../scripts/template-oss/index.js"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

444424

increased by0.14%

Lines of code

11737

increased by0.1%

Dependency changes

• Updated@npmcli/metavuln-calculator@^4.0.0

• Updatedpacote@^14.0.0