synp - npm Package Compare versions

synp

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Comparing version 1.9.1 to 1.9.2

CHANGELOG.md

		@@ -0,1 +1,8 @@
		## [1.9.2](https://github.com/imsnif/synp/compare/v1.9.1...v1.9.2) (2020-09-27)


		### Bug Fixes

		* produced pkg-lock should be consistent with node_modules contents ([49e1e4a](https://github.com/imsnif/synp/commit/49e1e4a7d2584a85ab88ccac318c1c1ae94ebbdf))

		## [1.9.1](https://github.com/imsnif/synp/compare/v1.9.0...v1.9.1) (2020-09-26)
		@@ -2,0 +9,0 @@

lib/lockfileV1/dependencies.js

		@@ -17,8 +17,18 @@ 'use strict'
		},
		npmRequires (dependencies, yarnObject) {
		npmRequires (dependencies, yarnObject, nodeModulesTree) {
		return Object.keys(dependencies).reduce((requires, depName) => {
		const depSemver = dependencies[depName]
		const yarnEntry = yarnObject[`${depName}@${depSemver}`]
		if (!yarnEntry) return requires // fsevents, etc.
		requires[depName] = yarnEntry.version

		// Found in yarn.lock
		if (!yarnEntry) {
		return requires // fsevents, etc.
		}

		// Exists in node_modules
		if (!Object.keys(nodeModulesTree).find((mPath) => mPath.endsWith(`node_modules/${depName}`))) {
		return requires
		}

		requires[depName] = dependencies[depName] // NOTE Save the version as it required, not as resolved
		return requires
		@@ -25,0 +35,0 @@ }, {})

lib/lockfileV1/entry.js

		'use strict'

		const url = require('url')
		const sortObject = require('sort-object-keys')
		const { findPackageInYarnLock, findEntryInPackageLock } = require('../../util/traverse')
		const { formatNpmIntegrity, formatYarnIntegrity, parseIntegrity, sha1ToHexChecksum, hexChecksumToSha1 } = require('./integrity')
		const { npmRequires } = require('./dependencies')

		@@ -70,3 +72,5 @@ const parse = (input) => url.parse ? url.parse(input) : new url.URL(input) // eslint-disable-line
		const { request, entry: entryInYarnFile } = findPackageInYarnLock(name, version, yarnObject)

		if (!entryInYarnFile) return null // likely a bundled dependency

		const yarnResolved = entryInYarnFile.resolved
		@@ -76,2 +80,4 @@ const entry = yarnToNpmResolved(version, yarnResolved, request, entryInYarnFile.integrity)
		if (dependencies && Object.keys(dependencies).length > 0) {
		entry.requires = sortObject(npmRequires(dependencies, yarnObject, nodeModulesTree))

		const resolvedDeps = Object.keys(dependencies).reduce((m, name) => {
		@@ -96,6 +102,4 @@ const childPath = `${mPath}/node_modules/${name}`

		entry.requires = dependencies

		if (Object.keys(resolvedDeps).length) {
		entry.dependencies = resolvedDeps
		entry.dependencies = sortObject(resolvedDeps)
		}
		@@ -102,0 +106,0 @@ }

lib/lockfileV1/tree.js

		'use strict'

		const { sep, resolve } = require('path')
		const sortObject = require('sort-object-keys')
		const { dependenciesForYarn } = require('./dependencies')
		@@ -50,3 +51,3 @@ const { yarnEntry, npmEntry } = require('./entry')

		return sortedNodeModules.slice(1)
		return sortObject(sortedNodeModules.slice(1)
		.reduce((tree, mPath) => {
		@@ -63,3 +64,3 @@ const relativePath = mPath.split(sep).slice(basePath.length)
		if (workspacesTree && dependencies) {
		entry.requires = dependencies
		entry.requires = sortObject(dependencies)
		}
		@@ -73,5 +74,5 @@
		const parentPackage = getParentPackageInYarnTree(modulesInPath, tree)
		parentPackage.dependencies = Object.assign({}, parentPackage.dependencies \|\| {}, {
		parentPackage.dependencies = sortObject(Object.assign({}, parentPackage.dependencies \|\| {}, {
		[name]: entry
		})
		}))

		@@ -86,4 +87,4 @@ if (parentPackage.dev) {
		return tree
		}, {})
		}, {}))
		}
		}

package.json

		{
		"name": "synp",
		"version": "1.9.1",
		"version": "1.9.2",
		"description": "Convert yarn.lock to package-lock.json and vice versa",
		@@ -5,0 +5,0 @@ "keywords": [

util/nmtree.js

Improved metrics