snyk-resolve-deps - npm Package Compare versions

Comparing version 1.1.5 to 1.1.6-alpha1

cli/index.js

@@ -51,3 +51,4 @@ #!/usr/bin/env node
           count.forEach(function (dep) {
-            console.log(' - %s - %s', dep.full, dep.from.join(' > '));
+            console.log(' - %s (%s) - %s', dep.full, dep.depType,
+              (dep.from || []).join(' > '));
           });
@@ -54,0 +55,0 @@ return;

lib/deps.js

 module.exports = loadModules;
 
-var depTypes = require('./consts');
+var depTypes = require('./dep-types');
 var fs = require('then-fs');
@@ -74,2 +74,3 @@ var _ = require('lodash');
         __dependencies: pkg.dependencies,
+        __optionalDependencies: pkg.optionalDependencies,
         __filename: pkg.__filename,
@@ -136,18 +137,11 @@ };
 
-          var depType = rootDepType;
-          if (pkg.dependencies && pkg.dependencies[curr.name]) {
-            depType = depTypes.PROD;
-          } else if (pkg.devDependencies && pkg.devDependencies[curr.name]) {
-            depType = depTypes.DEV;
-          }
+          var depInfo = depTypes(curr.name, pkg);
+          var depType = depInfo.type || rootDepType;
+          var depFrom = depInfo.from;
 
           var valid = false;
-          if (pkg.dependencies) {
-            valid = semver.satisfies(curr.version, pkg.dependencies[curr.name]);
+          if (depFrom) {
+            valid = semver.satisfies(curr.version, depFrom);
           }
 
-          var depFrom = depType === depTypes.DEV ?
-            pkg.devDependencies[curr.name] :
-            pkg.dependencies[curr.name];
-
           acc[curr.name] = {
@@ -165,2 +159,3 @@ name: curr.name,
             __dependencies: curr.dependencies,
+            __optionalDependencies: curr.optionalDependencies,
             __filename: curr.__filename,
@@ -176,9 +171,2 @@ };
 
-      // TODO decide if we can really remove this - I can't see how it's ever
-      // called in real life...
-      // if (deps.length === 0) {
-      //   modules.dependencies = false;
-      //   return modules;
-      // }
-
       var promises = deps.map(function (dep) {
@@ -185,0 +173,0 @@ var depType = modules.dependencies[dep].depType;

lib/logical.js

@@ -6,6 +6,9 @@ module.exports = logicalTree;
 var walk = require('./walk');
-var depTypes = require('./consts');
+var path = require('path');
+var depTypes = require('./dep-types');
 var colour = require('ansicolors');
 var _ = require('lodash');
+var format = require('util').format;
 var ext = colour.bgBlack(colour.green('extraneous'));
+var problems = [];
 
@@ -34,24 +37,24 @@ /**
   }
-  var logicalRoot = copy(fileTree);
+
+  problems = [];
+  var logicalRoot = copy(fileTree, fileTree.__from, true);
   logicalRoot.dependencies = walkDeps(fileTree, fileTree);
-  if (fileTree.problems && fileTree.problems.length) {
-    logicalRoot.problems = fileTree.problems.slice(0);
-  }
 
   var removedPaths = [];
 
-  // do a shallow pass on the deps and strip out dev deps
-  Object.keys(fileTree.dependencies).forEach(function (name) {
-    var dep = fileTree.dependencies[name];
-    // if we're not interested in devDeps, then strip them out
-    if (!options.dev && dep.depType === depTypes.DEV) {
-      // since dev deps are only ever on the root, we know we can remove it
-      // directly from the logicalRoot.dependencies
-      removedPaths.push(dep.__from);
-      delete logicalRoot.dependencies[dep.name];
-      return;
-    }
-  });
+  if (!options.dev) {
+    // do a shallow pass on the deps and strip out dev deps
+    Object.keys(fileTree.dependencies).forEach(function (name) {
+      var dep = fileTree.dependencies[name];
+      // if we're not interested in devDeps, then strip them out
+      if (dep.depType === depTypes.DEV) {
+        // since dev deps are only ever on the root, we know we can remove it
+        // directly from the logicalRoot.dependencies
+        removedPaths.push(dep.__from);
+        delete logicalRoot.dependencies[dep.name];
+        return;
+      }
+    });
+  }
 
-
   walk(fileTree.dependencies, function (dep) {
@@ -68,9 +71,16 @@ if (!dep.__used) {
 
-      dep.extraneous = true;
-      dep.depType = depTypes.EXTRANEOUS;
-      var issue = ext + ': ' + dep.name + '@' + dep.version + ' (from ' +
-        dep.dep + ') > ' + dep.__filename;
-      dep.problems = [issue];
-      problem(logicalRoot, issue);
-      insertLeaf(logicalRoot, dep, fileTree);
+      var leaf = copy(dep);
+
+      var issue = format('%s: %s@%s (from %s) > %s', ext, leaf.name,
+        leaf.version, leaf.dep, path.relative('.', leaf.__filename));
+      leaf.problems = [issue];
+      problems.push(issue);
+      leaf.extraneous = true;
+      leaf.depType = depTypes.EXTRANEOUS;
+      leaf.dependencies = walkDeps(fileTree, dep);
+      walk(leaf.dependencies, function (dep) {
+        dep.extraneous = true;
+        dep.depType = depTypes.EXTRANEOUS;
+      });
+      insertLeaf(logicalRoot, leaf, dep.__from);
     }
@@ -80,2 +90,3 @@ });
   logicalRoot.pluck = pluck.bind(null, fileTree);
+  logicalRoot.problems = problems.slice(0);
 
@@ -85,4 +96,4 @@ return logicalRoot;
 
-function insertLeaf(tree, leaf) {
-  var path = (leaf.__from || []).slice(1, -1); // remove the root of the path
+function insertLeaf(tree, leaf, from) {
+  var path = (from || []).slice(1, -1); // remove the root of the path
   var entry = tree.dependencies;
@@ -97,27 +108,38 @@ for (var i = 0; i < path.length; i++) {
 
-function problem(root, issue) {
-  if (!root.problems) {
-    root.problems = [];
+function walkDeps(root, tree, from) {
+  if (!from) {
+    from = tree.__from;
   }
-  root.problems.push(issue);
-}
 
-function walkDeps(root, tree) {
   // only include the devDeps on the root level package
   var deps = _.extend({}, tree.__dependencies,
-    tree.__from && tree.__from.length === 1 ? tree.__devDependencies : {});
+    tree.__from && from.length === 1 ? tree.__devDependencies : {});
+
+  deps = _.extend(deps, tree.__optionalDependencies);
+
   return Object.keys(deps).reduce(function walkDepsPicker(acc, curr) {
-    var version = deps[curr];
-    var dep = pluck(root, tree.__from, curr, version);
+    // only attempt to walk this dep if it's not in our path already
+    if (tree.__from.indexOf(curr) === -1) {
+      var version = deps[curr];
+      var dep = pluck(root, tree.__from, curr, version);
 
-    if (!dep) {
-      problem(root, 'missing: ' + curr + '@' + version +
-              ', required by ' + tree.name + '@' + tree.version);
-      return acc;
-    }
+      if (!dep) {
+        problems.push(format('missing: %s@%s, required by %s', curr, version,
+          from.join(' > ')));
+        return acc;
+      }
 
-    var pkg = acc[dep.name] = copy(dep, tree.__from.concat(dep.name));
-    if (!dep.__used) {
-      dep.__used = true;
-      pkg.dependencies = walkDeps(root, dep);
+      if (from.indexOf(dep.name) === -1) {
+        var pkg = acc[dep.name] = copy(dep, from.concat(dep.name));
+        dep.__used = true;
+        var info = depTypes(dep.name, {
+          dependencies: tree.__dependencies,
+          devDependencies: tree.__devDependencies,
+          optionalDependencies: tree.__optionalDependencies,
+        });
+
+        pkg.depType = info.type;
+        pkg.dep = info.from;
+        pkg.dependencies = walkDeps(root, dep, pkg.from);
+      }
     }
@@ -129,11 +151,20 @@
 
-function copy(leaf, from) {
+function copy(leaf, from, ignoreDeps) {
+  if (!from) {
+    from = leaf.__from;
+  }
+
   var res = Object.keys(leaf).reduce(function copyIterator(acc, curr) {
     if (leaf[curr] !== undefined && curr.indexOf('__') !== 0) {
-      acc[curr] = leaf[curr];
+      if (curr !== 'dependencies') {
+        acc[curr] = leaf[curr];
+      }
     }
     return acc;
   }, {});
-  res.from = (from || leaf.__from).slice(0);
+
+  res.from = from.slice(0);
+  res.__filename = leaf.__filename;
+
   return res;
 }

package.json

 {
   "name": "snyk-resolve-deps",
   "description": "Resolves a node package tree with combined support for both npm@2 and npm@3.",
+  "version": "1.1.6-alpha1",
   "main": "lib/index.js",
@@ -13,5 +14,6 @@ "directories": {
     "lint": "jscs cli/*.js lib/*.js -v",
+    "check-tests": "! grep 'test.only' test/*.test.js -n",
     "env": "node -e 'console.log(process.env, process.versions)'",
     "cover": "tap test/*.test.js --cov --coverage-report=lcov",
-    "test": "npm run lint && tap test/*.test.js --cov --timeout=60",
+    "test": "npm run check-tests && npm run lint && tap test/*.test.js --cov --timeout=60",
     "semantic-release": "semantic-release pre && npm publish && semantic-release post"
@@ -24,3 +26,3 @@ },
     "semantic-release": "^4.3.5",
-    "snyk-resolve-deps-fixtures": "^1.1.2",
+    "snyk-resolve-deps-fixtures": "^1.1.3",
     "tap": "^5.1.1",
@@ -40,3 +42,2 @@ "tap-only": "0.0.5",
     "semver": "^5.1.0",
-    "snyk": "*",
     "snyk-module": "^1.0.2",
@@ -49,4 +50,3 @@ "snyk-resolve": "^1.0.0",
     "url": "https://github.com/Snyk/resolve-deps.git"
-  },
-  "version": "1.1.5"
-}
+  }
+}

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Wildcard dependency

Quality

Package has a dependency with a floating version range. This can cause issues if the dependency publishes a new major version.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

303529

increased by66.28%

Dependency count

10

decreased by-9.09%

Number of package files

41

increased by57.69%

Lines of code

984

increased by84.27%

Number of medium quality alerts

0

decreased by-100%

Worsened metrics

Number of low quality alerts

2

increased by100%

Dependency changes

• - Removedsnyk@*

• - Removed@sentry-internal/tracing@7.119.2(transitive)

• - Removed@sentry/core@7.119.2(transitive)

• - Removed@sentry/integrations@7.119.2(transitive)

• - Removed@sentry/node@7.119.2(transitive)

• - Removed@sentry/types@7.119.2(transitive)

• - Removed@sentry/utils@7.119.2(transitive)

• - Removedboolean@3.2.0(transitive)

• - Removeddefine-data-property@1.1.4(transitive)

• - Removeddefine-properties@1.2.1(transitive)

• - Removeddetect-node@2.1.0(transitive)

• - Removedes-define-property@1.0.0(transitive)

• - Removedes-errors@1.3.0(transitive)

• - Removedes6-error@4.1.1(transitive)

• - Removedescape-string-regexp@4.0.0(transitive)

• - Removedfunction-bind@1.1.2(transitive)

• - Removedget-intrinsic@1.2.4(transitive)

• - Removedglobal-agent@3.0.0(transitive)

• - Removedglobalthis@1.0.4(transitive)

• - Removedgopd@1.0.1(transitive)

• - Removedhas-property-descriptors@1.0.2(transitive)

• - Removedhas-proto@1.0.3(transitive)

• - Removedhas-symbols@1.0.3(transitive)

• - Removedhasown@2.0.2(transitive)

• - Removedimmediate@3.0.6(transitive)

• - Removedjson-stringify-safe@5.0.1(transitive)

• - Removedlie@3.1.1(transitive)

• - Removedlocalforage@1.10.0(transitive)

• - Removedmatcher@3.0.0(transitive)

• - Removedobject-keys@1.1.1(transitive)

• - Removedroarr@2.15.4(transitive)

• - Removedsemver@7.6.3(transitive)

• - Removedsemver-compare@1.0.0(transitive)

• - Removedserialize-error@7.0.1(transitive)

• - Removedsnyk@1.1293.1(transitive)

• - Removedsprintf-js@1.1.3(transitive)

• - Removedtype-fest@0.13.1(transitive)