validate-peer-dependencies
Advanced tools
Comparing version 1.1.0 to 1.2.0
@@ -0,1 +1,9 @@ | ||
## v1.2.0 (2021-04-01) | ||
#### :rocket: Enhancement | ||
* [#9](https://github.com/rwjblue/validate-peer-dependencies/pull/9) Add assumeProvided ([@hjdivad](https://github.com/hjdivad)) | ||
#### Committers: 1 | ||
- David J. Hamilton ([@hjdivad](https://github.com/hjdivad)) | ||
## v1.1.0 (2020-10-20) | ||
@@ -2,0 +10,0 @@ |
56
index.js
@@ -40,2 +40,25 @@ 'use strict'; | ||
function resolvePackageVersion( | ||
packageName, | ||
resolvePeerDependenciesFrom, | ||
cache | ||
) { | ||
let assumedVersion = AssumptionMap.get(packageName); | ||
if (assumedVersion !== undefined) { | ||
return assumedVersion; | ||
} | ||
let peerDepPackagePath = resolvePackagePath( | ||
packageName, | ||
resolvePeerDependenciesFrom, | ||
cache === NullCache ? false : undefined | ||
); | ||
if (peerDepPackagePath === null) { | ||
return null; | ||
} | ||
return require(peerDepPackagePath).version; | ||
} | ||
module.exports = function validatePeerDependencies(parentRoot, options = {}) { | ||
@@ -108,9 +131,9 @@ let { cache, handleFailure, resolvePeerDependenciesFrom } = options; | ||
let peerDepPackagePath = resolvePackagePath( | ||
let foundPackageVersion = resolvePackageVersion( | ||
packageName, | ||
resolvePeerDependenciesFrom, | ||
cache === NullCache ? false : undefined | ||
cache | ||
); | ||
if (peerDepPackagePath === null) { | ||
if (foundPackageVersion === null) { | ||
if ( | ||
@@ -136,5 +159,4 @@ hasPeerDependenciesMeta && | ||
let foundPkg = require(peerDepPackagePath); | ||
if ( | ||
!semver.satisfies(foundPkg.version, specifiedPeerDependencyRange, { | ||
!semver.satisfies(foundPackageVersion, specifiedPeerDependencyRange, { | ||
includePrerelease: true, | ||
@@ -149,3 +171,3 @@ }) | ||
name: packageName, | ||
version: foundPkg.version, | ||
version: foundPackageVersion, | ||
specifiedPeerDependencyRange, | ||
@@ -196,2 +218,20 @@ }); | ||
let AssumptionMapName = '__ValidatePeerDependenciesAssumeProvided'; | ||
if (!(AssumptionMapName in global)) { | ||
global[AssumptionMapName] = new Map(); | ||
} | ||
// make sure to re-use the map created by a different instance of | ||
// validate-peer-dependencies | ||
let AssumptionMap = global[AssumptionMapName]; | ||
module.exports.assumeProvided = function ({ name, version } = {}) { | ||
if (name === undefined || version === undefined) { | ||
throw new Error( | ||
`assumeProvided({ name, version}): name and version are required, but name='${name}' version='${version}'` | ||
); | ||
} | ||
AssumptionMap.set(name, version); | ||
}; | ||
Object.defineProperty(module.exports, '__HasPeerDepsInstalled', { | ||
@@ -206,1 +246,5 @@ enumerable: false, | ||
}; | ||
module.exports._resetAssumptions = function () { | ||
global[AssumptionMapName].clear(); | ||
}; |
{ | ||
"name": "validate-peer-dependencies", | ||
"version": "1.1.0", | ||
"version": "1.2.0", | ||
"description": "Validate that the peerDependencies of a given package.json have been satisfied.", | ||
@@ -5,0 +5,0 @@ "repository": { |
@@ -53,3 +53,3 @@ # validate-peer-dependencies | ||
## Known Issues | ||
### Known Issues | ||
@@ -253,4 +253,22 @@ There are no known scenarios where `validate-peer-dependencies` will flag a | ||
### assumeProvided | ||
It is sometimes desirable to treat a peer dependency as satisfied even when it would not be considered satisfied under the node resolution algorithm. | ||
For example an ember addon may consider itself to satisfy the peer dependency requirements of one of its own dev dependencies during local development. | ||
```js | ||
const assumeProvided = require('validate-peer-depencies').assumeProvided; | ||
// subsequent calls to validatePeerDependencies will assume some-package is available and will resolve to version 1.2.3 | ||
assumeProvided({ name: 'some-package', version: '1.2.3' }); | ||
// for the more common case of the package assuming itself to be available during development, the following is the likely preferred invocation | ||
assumeProvided(require('./package.json')); | ||
``` | ||
Note that assumptions are global, since peer dependency validation may be occurring in different instances of `validate-peer-dependencies`. | ||
## License | ||
This project is licensed under the [MIT License](LICENSE.md). |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
20091
199
273
1