@pnpm/resolving.resolver-base
Advanced tools
+88
-0
@@ -60,2 +60,73 @@ import type { DependencyManifest, PackageVersionPolicy, PinnedVersion, PkgResolutionId, ProjectRootDir, SupportedArchitectures, TrustPolicy } from '@pnpm/types'; | ||
| export type Resolution = AtomicResolution | VariationsResolution; | ||
| /** | ||
| * Outcome of asking a `ResolutionVerifier` whether a (name, version, | ||
| * resolution) entry from a lockfile is acceptable under whatever policies | ||
| * the resolver chain has been configured with. Resolvers that don't have | ||
| * an opinion on a given resolution should return `{ ok: true }`. | ||
| */ | ||
| export type ResolutionVerification = { | ||
| ok: true; | ||
| } | { | ||
| ok: false; | ||
| code: string; | ||
| reason: string; | ||
| }; | ||
| /** | ||
| * Optional companion to a resolver factory. | ||
| * | ||
| * `verify` inspects the `resolution` shape to decide whether the entry | ||
| * is within its protocol; for entries outside its protocol it should | ||
| * return `{ ok: true }`. The install side fans out across the verifier | ||
| * list rather than asking a combinator to dispatch. | ||
| * | ||
| * `policy` and `canTrustPastCheck` describe the verifier's cache | ||
| * contract. Policies from every active verifier are merged into a | ||
| * single shared bag stored alongside the lockfile hash; the | ||
| * install-side verification cache reads them to decide if a previous | ||
| * run on the same lockfile is still trustworthy under today's policy | ||
| * without re-issuing the registry round-trips that `verify` would. | ||
| * Verifiers that check the same logical policy (e.g. minimumReleaseAge | ||
| * across registries) name it the same and share the cache slot. | ||
| */ | ||
| export interface ResolutionVerifier { | ||
| verify: (resolution: Resolution, ctx: { | ||
| name: string; | ||
| version: string; | ||
| }) => Promise<ResolutionVerification>; | ||
| /** | ||
| * Snapshot of the policy fields this verifier enforces. Merged with | ||
| * every other active verifier's `policy` into the cache record. A | ||
| * field shared across verifiers (same key) should carry the same | ||
| * value; if it doesn't, the last verifier in the list wins. | ||
| */ | ||
| policy: Record<string, unknown>; | ||
| /** | ||
| * Returns true when the previously cached policy (the merged snapshot | ||
| * from the last successful run) can be trusted to still satisfy what | ||
| * this verifier currently demands. Reads whichever fields the | ||
| * verifier owns; missing or non-conforming values (e.g. an older | ||
| * record shape) should return false. A loosened policy can trust a | ||
| * stricter cached run; a tightened policy cannot. | ||
| */ | ||
| canTrustPastCheck: (cachedPolicy: Record<string, unknown>) => boolean; | ||
| } | ||
| /** | ||
| * A `ResolutionVerifier`'s rejection materialized for one (name, | ||
| * version, resolution) entry. The install side aggregates these across | ||
| * every active verifier on the freshly-resolved tree and either prompts | ||
| * the user, persists them (e.g. into `minimumReleaseAgeExclude`), or | ||
| * aborts. Code is the verifier-defined error code | ||
| * (`MINIMUM_RELEASE_AGE_VIOLATION`, `TRUST_DOWNGRADE`, etc.) — the | ||
| * install command filters by code to decide downstream UX. Lifted here | ||
| * (rather than in deps-installer) so both deps-resolver and | ||
| * deps-installer can share one shape; future resolver packages plug in | ||
| * without needing the deps-installer dependency. | ||
| */ | ||
| export interface ResolutionPolicyViolation { | ||
| name: string; | ||
| version: string; | ||
| resolution: Resolution; | ||
| code: string; | ||
| reason: string; | ||
| } | ||
| /** Concrete platform selector used when picking a variant from a VariationsResolution. */ | ||
@@ -98,2 +169,18 @@ export interface PlatformSelector { | ||
| alias?: string; | ||
| /** | ||
| * Set when the resolver picked this version despite a policy | ||
| * violation (e.g. immature relative to `publishedBy`, trust | ||
| * downgrade detected by `failIfTrustDowngraded`). The resolver | ||
| * already has the metadata it needs to decide, so reporting inline | ||
| * here avoids the install layer having to re-scan the tree and | ||
| * re-fetch the same metadata. The deps-resolver aggregates these | ||
| * across every resolve call into a single set the install command | ||
| * can react to. | ||
| * | ||
| * `resolution` on the violation is the same `resolution` field | ||
| * above — supplied for symmetry with `ResolutionPolicyViolation` | ||
| * entries that flow out of `verifyLockfileResolutions` for | ||
| * lockfile-only paths. | ||
| */ | ||
| policyViolation?: ResolutionPolicyViolation; | ||
| } | ||
@@ -142,2 +229,3 @@ export interface WorkspacePackage { | ||
| resolution: Resolution; | ||
| publishedAt?: string; | ||
| }; | ||
@@ -144,0 +232,0 @@ } |
+2
-2
| { | ||
| "name": "@pnpm/resolving.resolver-base", | ||
| "version": "1100.1.3", | ||
| "version": "1100.2.0", | ||
| "description": "Types for pnpm-compatible resolvers", | ||
@@ -31,3 +31,3 @@ "keywords": [ | ||
| "devDependencies": { | ||
| "@pnpm/resolving.resolver-base": "1100.1.3" | ||
| "@pnpm/resolving.resolver-base": "1100.2.0" | ||
| }, | ||
@@ -34,0 +34,0 @@ "engines": { |
14903
35.88%294
42.72%