snyk-resolve-deps - npm Package Compare versions

Comparing version 1.5.0 to 1.5.1-alpha1

lib/pluck.js

@@ -8,4 +8,2 @@ module.exports = pluck;
 function pluck(root, path, name, range) {
-  debug('plucking %s@%s', name, range);
-
   if (range === 'latest') {
@@ -27,52 +25,36 @@ range = '*';
   // do a check to see if the last item in the path is actually the package
-  // we're looking for, and if it is, drop it
-  if (from.length) {
-    var tip = moduleToObject(from.slice(-1).pop());
-    // note: this could miss the situation when dep@2 > dep@1 ...unsure
-    if (tip.name === name) {
-      from.pop();
-    }
+  // we're looking for, and if it's not, push it on
+  if (from.length !== 0 && moduleToObject(from.slice(-1).pop()).name === name) {
+    from.pop();
   }
 
-  // strip any extraneous data from the package names
-  from = from.map(stripVersion);
+  // then we always put the target package on the end of the chain
+  // to ensure it's in exactly the right format to be used in `getMatch`
+  from.push(name + '@' + range);
 
-  // walk the depth of `from` to find the `dependencies` property from `root`
-  // if it can't be found, pop `from` and try again until `from` is empty
-  do {
-    var pkg = findPackage(root, from.slice(0), name, range);
+  debug('using forward search %s@%s in %s', from.join(' > '));
 
-    if (pkg) {
-      return pkg;
-    }
-  } while (from.pop());
+  var match = false;
+  var leaf = root;
+  var realPath = [];
 
-  return false;
-}
+  while (from.length) {
+    var pkg = moduleToObject(from[0]);
+    var test = getMatch(leaf, pkg.name, pkg.version);
 
-function findPackage(root, from, name, range) {
-  var deps;
-  do {
-    deps = from.reduce(findDependencyLeaf, root);
-  } while (!deps && from.shift());
-
-  var match = getMatch(deps, name, range);
-
-  if (match) {
-    return match;
+    if (test) {
+      from.shift();
+      realPath.push(leaf);
+      leaf = test;
+    } else {
+      leaf = realPath.pop();
+      if (!leaf) {
+        return false;
+      }
+    }
   }
-}
 
-function findDependencyLeaf(acc, curr) {
-  if (acc.dependencies && acc.dependencies[curr]) {
-    return acc.dependencies[curr];
-  }
-  return false;
+  return leaf.name === name ? leaf : false;
 }
 
-function stripVersion(value) {
-  // support passing the value as the vuln.from
-  return moduleToObject(value).name;
-}
-
 function getMatch(root, name, range) {
@@ -79,0 +61,0 @@ var dep = root.dependencies && root.dependencies[name];

package.json

 {
   "name": "snyk-resolve-deps",
+"version": "1.5.1-alpha1",
   "description": "Resolves a node package tree with combined support for both npm@2 and npm@3.",
@@ -41,3 +42,3 @@ "main": "lib/index.js",
     "semver": "^5.1.0",
-    "snyk-module": "^1.0.2",
+    "snyk-module": "^1.5.0",
     "snyk-resolve": "^1.0.0",
@@ -51,4 +52,3 @@ "snyk-tree": "^1.0.0",
     "url": "https://github.com/Snyk/resolve-deps.git"
-  },
-  "version": "1.5.0"
-}
+  }
+}

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

317252

increased by67.01%

Number of package files

48

increased by50%

Lines of code

1039

increased by62.85%

Worsened metrics

Number of low quality alerts

2

increased by100%

Dependency changes

• Updatedsnyk-module@^1.5.0