Socket
Socket
Sign inDemoInstall

@npmcli/arborist

Package Overview
Dependencies
167
Maintainers
5
Versions
191
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 6.2.0 to 6.2.1

86

lib/arborist/reify.js

@@ -85,3 +85,2 @@ // mixin implementing the reify method

const _saveIdealTree = Symbol.for('saveIdealTree')
const _saveLockFile = Symbol('saveLockFile')
const _copyIdealToActual = Symbol('copyIdealToActual')

@@ -1408,39 +1407,2 @@ const _addOmitsToTrashList = Symbol('addOmitsToTrashList')

// preserve indentation, if possible
const {
[Symbol.for('indent')]: indent,
} = this.idealTree.package
const format = indent === undefined ? ' ' : indent
const saveOpt = {
format: (this[_formatPackageLock] && format) ? format
: this[_formatPackageLock],
}
const promises = [this[_saveLockFile](saveOpt)]
const updatePackageJson = async (tree) => {
const pkgJson = await PackageJson.load(tree.path)
.catch(() => new PackageJson(tree.path))
const {
dependencies = {},
devDependencies = {},
optionalDependencies = {},
peerDependencies = {},
// bundleDependencies is not required by PackageJson like the other fields here
// PackageJson also doesn't omit an empty array for this field so defaulting this
// to an empty array would add that field to every package.json file.
bundleDependencies,
} = tree.package
pkgJson.update({
dependencies,
devDependencies,
optionalDependencies,
peerDependencies,
bundleDependencies,
})
await pkgJson.save()
}
if (save) {

@@ -1450,19 +1412,45 @@ for (const tree of updatedTrees) {

tree.package = tree.package
promises.push(updatePackageJson(tree))
const pkgJson = await PackageJson.load(tree.path)
.catch(() => new PackageJson(tree.path))
const {
dependencies = {},
devDependencies = {},
optionalDependencies = {},
peerDependencies = {},
// bundleDependencies is not required by PackageJson like the other
// fields here PackageJson also doesn't omit an empty array for this
// field so defaulting this to an empty array would add that field to
// every package.json file.
bundleDependencies,
} = tree.package
pkgJson.update({
dependencies,
devDependencies,
optionalDependencies,
peerDependencies,
bundleDependencies,
})
await pkgJson.save()
}
}
await Promise.all(promises)
process.emit('timeEnd', 'reify:save')
return true
}
// before now edge specs could be changing, affecting the `requires` field
// in the package lock, so we hold off saving to the very last action
if (this[_usePackageLock]) {
// preserve indentation, if possible
let format = this.idealTree.package[Symbol.for('indent')]
if (format === undefined) {
format = ' '
}
async [_saveLockFile] (saveOpt) {
if (!this[_usePackageLock]) {
return
// TODO this ignores options.save
await this.idealTree.meta.save({
format: (this[_formatPackageLock] && format) ? format
: this[_formatPackageLock],
})
}
const { meta } = this.idealTree
return meta.save(saveOpt)
process.emit('timeEnd', 'reify:save')
return true
}

@@ -1469,0 +1457,0 @@

2

package.json
{
"name": "@npmcli/arborist",
"version": "6.2.0",
"version": "6.2.1",
"description": "Manage node_modules trees",

@@ -5,0 +5,0 @@ "dependencies": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc