@npmcli/arborist
Advanced tools
Comparing version 6.2.0 to 6.2.1
@@ -85,3 +85,2 @@ // mixin implementing the reify method | ||
const _saveIdealTree = Symbol.for('saveIdealTree') | ||
const _saveLockFile = Symbol('saveLockFile') | ||
const _copyIdealToActual = Symbol('copyIdealToActual') | ||
@@ -1408,39 +1407,2 @@ const _addOmitsToTrashList = Symbol('addOmitsToTrashList') | ||
// preserve indentation, if possible | ||
const { | ||
[Symbol.for('indent')]: indent, | ||
} = this.idealTree.package | ||
const format = indent === undefined ? ' ' : indent | ||
const saveOpt = { | ||
format: (this[_formatPackageLock] && format) ? format | ||
: this[_formatPackageLock], | ||
} | ||
const promises = [this[_saveLockFile](saveOpt)] | ||
const updatePackageJson = async (tree) => { | ||
const pkgJson = await PackageJson.load(tree.path) | ||
.catch(() => new PackageJson(tree.path)) | ||
const { | ||
dependencies = {}, | ||
devDependencies = {}, | ||
optionalDependencies = {}, | ||
peerDependencies = {}, | ||
// bundleDependencies is not required by PackageJson like the other fields here | ||
// PackageJson also doesn't omit an empty array for this field so defaulting this | ||
// to an empty array would add that field to every package.json file. | ||
bundleDependencies, | ||
} = tree.package | ||
pkgJson.update({ | ||
dependencies, | ||
devDependencies, | ||
optionalDependencies, | ||
peerDependencies, | ||
bundleDependencies, | ||
}) | ||
await pkgJson.save() | ||
} | ||
if (save) { | ||
@@ -1450,19 +1412,45 @@ for (const tree of updatedTrees) { | ||
tree.package = tree.package | ||
promises.push(updatePackageJson(tree)) | ||
const pkgJson = await PackageJson.load(tree.path) | ||
.catch(() => new PackageJson(tree.path)) | ||
const { | ||
dependencies = {}, | ||
devDependencies = {}, | ||
optionalDependencies = {}, | ||
peerDependencies = {}, | ||
// bundleDependencies is not required by PackageJson like the other | ||
// fields here PackageJson also doesn't omit an empty array for this | ||
// field so defaulting this to an empty array would add that field to | ||
// every package.json file. | ||
bundleDependencies, | ||
} = tree.package | ||
pkgJson.update({ | ||
dependencies, | ||
devDependencies, | ||
optionalDependencies, | ||
peerDependencies, | ||
bundleDependencies, | ||
}) | ||
await pkgJson.save() | ||
} | ||
} | ||
await Promise.all(promises) | ||
process.emit('timeEnd', 'reify:save') | ||
return true | ||
} | ||
// before now edge specs could be changing, affecting the `requires` field | ||
// in the package lock, so we hold off saving to the very last action | ||
if (this[_usePackageLock]) { | ||
// preserve indentation, if possible | ||
let format = this.idealTree.package[Symbol.for('indent')] | ||
if (format === undefined) { | ||
format = ' ' | ||
} | ||
async [_saveLockFile] (saveOpt) { | ||
if (!this[_usePackageLock]) { | ||
return | ||
// TODO this ignores options.save | ||
await this.idealTree.meta.save({ | ||
format: (this[_formatPackageLock] && format) ? format | ||
: this[_formatPackageLock], | ||
}) | ||
} | ||
const { meta } = this.idealTree | ||
return meta.save(saveOpt) | ||
process.emit('timeEnd', 'reify:save') | ||
return true | ||
} | ||
@@ -1469,0 +1457,0 @@ |
{ | ||
"name": "@npmcli/arborist", | ||
"version": "6.2.0", | ||
"version": "6.2.1", | ||
"description": "Manage node_modules trees", | ||
@@ -5,0 +5,0 @@ "dependencies": { |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
17
461668
12163