Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@pnpm/prune-lockfile

Package Overview
Dependencies
Maintainers
3
Versions
98
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pnpm/prune-lockfile - npm Package Compare versions

Comparing version 2.0.11 to 2.0.12

6

CHANGELOG.md
# @pnpm/prune-lockfile
## 2.0.12
### Patch Changes
- 7f25dad04: Don't remove optional dependencies of optional dependencies.
## 2.0.11

@@ -4,0 +10,0 @@

102

lib/index.js

@@ -20,5 +20,5 @@ "use strict";

const copiedPackages = !lockfile.packages ? {} : copyPackageSnapshots(lockfile.packages, {
devRelPaths: R.unnest(R.values(lockfile.importers).map((deps) => resolvedDepsToRelDepPaths(deps.devDependencies || {}))),
optionalRelPaths: R.unnest(R.values(lockfile.importers).map((deps) => resolvedDepsToRelDepPaths(deps.optionalDependencies || {}))),
prodRelPaths: R.unnest(R.values(lockfile.importers).map((deps) => resolvedDepsToRelDepPaths(deps.dependencies || {}))),
devDepPaths: R.unnest(R.values(lockfile.importers).map((deps) => { var _a; return resolvedDepsToDepPaths((_a = deps.devDependencies) !== null && _a !== void 0 ? _a : {}); })),
optionalDepPaths: R.unnest(R.values(lockfile.importers).map((deps) => { var _a; return resolvedDepsToDepPaths((_a = deps.optionalDependencies) !== null && _a !== void 0 ? _a : {}); })),
prodDepPaths: R.unnest(R.values(lockfile.importers).map((deps) => { var _a; return resolvedDepsToDepPaths((_a = deps.dependencies) !== null && _a !== void 0 ? _a : {}); })),
warn: opts && opts.warn || ((msg) => undefined),

@@ -37,5 +37,6 @@ });

function pruneLockfile(lockfile, pkg, importerId, opts) {
var _a;
const packages = {};
const importer = lockfile.importers[importerId];
const lockfileSpecs = importer.specifiers || {};
const lockfileSpecs = (_a = importer.specifiers) !== null && _a !== void 0 ? _a : {};
const optionalDependencies = R.keys(pkg.optionalDependencies);

@@ -104,63 +105,56 @@ const dependencies = R.difference(R.keys(pkg.dependencies), optionalDependencies);

function copyPackageSnapshots(originalPackages, opts) {
const copiedPackages = {};
const nonOptional = new Set();
const notProdOnly = new Set();
copyDependencySubGraph(copiedPackages, opts.devRelPaths, originalPackages, new Set(), opts.warn, {
const copiedSnapshots = {};
const ctx = {
copiedSnapshots,
nonOptional: new Set(),
notProdOnly: new Set(),
originalPackages,
walked: new Set(),
warn: opts.warn,
};
copyDependencySubGraph(ctx, opts.devDepPaths, {
dev: true,
nonOptional,
notProdOnly,
optional: false,
});
copyDependencySubGraph(copiedPackages, opts.prodRelPaths, originalPackages, new Set(), opts.warn, {
nonOptional,
notProdOnly,
});
copyDependencySubGraph(copiedPackages, opts.optionalRelPaths, originalPackages, new Set(), opts.warn, {
nonOptional,
notProdOnly,
copyDependencySubGraph(ctx, opts.optionalDepPaths, {
dev: false,
optional: true,
});
copyDependencySubGraph(copiedPackages, opts.devRelPaths, originalPackages, new Set(), opts.warn, {
dev: true,
nonOptional,
notProdOnly,
walkOptionals: true,
copyDependencySubGraph(ctx, opts.prodDepPaths, {
dev: false,
optional: false,
});
copyDependencySubGraph(copiedPackages, opts.prodRelPaths, originalPackages, new Set(), opts.warn, {
nonOptional,
notProdOnly,
walkOptionals: true,
});
return copiedPackages;
return copiedSnapshots;
}
function resolvedDepsToRelDepPaths(deps) {
return Object.keys(deps)
.map((pkgName) => dependency_path_1.refToRelative(deps[pkgName], pkgName))
.filter((relPath) => relPath !== null);
function resolvedDepsToDepPaths(deps) {
return Object.entries(deps)
.map(([alias, ref]) => dependency_path_1.refToRelative(ref, alias))
.filter((depPath) => depPath !== null);
}
function copyDependencySubGraph(copiedSnapshots, depRelativePaths, originalPackages, walked, warn, opts) {
for (const depRalativePath of depRelativePaths) {
if (walked.has(depRalativePath))
function copyDependencySubGraph(ctx, depPaths, opts) {
var _a, _b;
for (const depPath of depPaths) {
const key = `${depPath}:${opts.optional}:${opts.dev}`;
if (ctx.walked.has(key))
continue;
walked.add(depRalativePath);
if (!originalPackages[depRalativePath]) {
ctx.walked.add(key);
if (!ctx.originalPackages[depPath]) {
// local dependencies don't need to be resolved in pnpm-lock.yaml
// except local tarball dependencies
if (depRalativePath.startsWith('link:') || depRalativePath.startsWith('file:') && !depRalativePath.endsWith('.tar.gz'))
if (depPath.startsWith('link:') || depPath.startsWith('file:') && !depPath.endsWith('.tar.gz'))
continue;
// NOTE: Warnings should not be printed for the current lockfile (node_modules/.lockfile.yaml).
// The current lockfile does not contain the skipped packages, so it may have missing resolutions
warn(`Cannot find resolution of ${depRalativePath} in lockfile`);
ctx.warn(`Cannot find resolution of ${depPath} in lockfile`);
continue;
}
const depLockfile = originalPackages[depRalativePath];
copiedSnapshots[depRalativePath] = depLockfile;
if (opts.optional && !opts.nonOptional.has(depRalativePath)) {
const depLockfile = ctx.originalPackages[depPath];
ctx.copiedSnapshots[depPath] = depLockfile;
if (opts.optional && !ctx.nonOptional.has(depPath)) {
depLockfile.optional = true;
}
else {
opts.nonOptional.add(depRalativePath);
ctx.nonOptional.add(depPath);
delete depLockfile.optional;
}
if (opts.dev) {
opts.notProdOnly.add(depRalativePath);
ctx.notProdOnly.add(depPath);
depLockfile.dev = true;

@@ -171,17 +165,11 @@ }

}
else if (depLockfile.dev === undefined && !opts.notProdOnly.has(depRalativePath)) {
else if (depLockfile.dev === undefined && !ctx.notProdOnly.has(depPath)) {
depLockfile.dev = false;
}
const newDependencies = R.keys(depLockfile.dependencies)
.map((pkgName) => dependency_path_1.refToRelative((depLockfile.dependencies && depLockfile.dependencies[pkgName]), pkgName))
.filter((relPath) => relPath !== null);
copyDependencySubGraph(copiedSnapshots, newDependencies, originalPackages, walked, warn, opts);
if (!opts.walkOptionals)
continue;
const newOptionalDependencies = R.keys(depLockfile.optionalDependencies)
.map((pkgName) => dependency_path_1.refToRelative((depLockfile.optionalDependencies && depLockfile.optionalDependencies[pkgName]), pkgName))
.filter((relPath) => relPath !== null);
copyDependencySubGraph(copiedSnapshots, newOptionalDependencies, originalPackages, walked, warn, { ...opts, optional: true });
const newDependencies = resolvedDepsToDepPaths((_a = depLockfile.dependencies) !== null && _a !== void 0 ? _a : {});
copyDependencySubGraph(ctx, newDependencies, opts);
const newOptionalDependencies = resolvedDepsToDepPaths((_b = depLockfile.optionalDependencies) !== null && _b !== void 0 ? _b : {});
copyDependencySubGraph(ctx, newOptionalDependencies, { dev: opts.dev, optional: true });
}
}
//# sourceMappingURL=index.js.map

2

package.json
{
"name": "@pnpm/prune-lockfile",
"version": "2.0.11",
"version": "2.0.12",
"description": "Prune a pnpm-lock.yaml",

@@ -5,0 +5,0 @@ "main": "lib/index.js",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc