validate-peer-dependencies - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

CHANGELOG.md

@@ -0,1 +1,9 @@
+## v1.2.0 (2021-04-01)
+
+#### :rocket: Enhancement
+* [#9](https://github.com/rwjblue/validate-peer-dependencies/pull/9) Add assumeProvided ([@hjdivad](https://github.com/hjdivad))
+
+#### Committers: 1
+- David J. Hamilton ([@hjdivad](https://github.com/hjdivad))
+
 ## v1.1.0 (2020-10-20)
@@ -2,0 +10,0 @@

index.js

@@ -40,2 +40,25 @@ 'use strict';
 
+function resolvePackageVersion(
+  packageName,
+  resolvePeerDependenciesFrom,
+  cache
+) {
+  let assumedVersion = AssumptionMap.get(packageName);
+  if (assumedVersion !== undefined) {
+    return assumedVersion;
+  }
+
+  let peerDepPackagePath = resolvePackagePath(
+    packageName,
+    resolvePeerDependenciesFrom,
+    cache === NullCache ? false : undefined
+  );
+
+  if (peerDepPackagePath === null) {
+    return null;
+  }
+
+  return require(peerDepPackagePath).version;
+}
+
 module.exports = function validatePeerDependencies(parentRoot, options = {}) {
@@ -108,9 +131,9 @@ let { cache, handleFailure, resolvePeerDependenciesFrom } = options;
 
-    let peerDepPackagePath = resolvePackagePath(
+    let foundPackageVersion = resolvePackageVersion(
       packageName,
       resolvePeerDependenciesFrom,
-      cache === NullCache ? false : undefined
+      cache
     );
 
-    if (peerDepPackagePath === null) {
+    if (foundPackageVersion === null) {
       if (
@@ -136,5 +159,4 @@ hasPeerDependenciesMeta &&
 
-    let foundPkg = require(peerDepPackagePath);
     if (
-      !semver.satisfies(foundPkg.version, specifiedPeerDependencyRange, {
+      !semver.satisfies(foundPackageVersion, specifiedPeerDependencyRange, {
         includePrerelease: true,
@@ -149,3 +171,3 @@ })
         name: packageName,
-        version: foundPkg.version,
+        version: foundPackageVersion,
         specifiedPeerDependencyRange,
@@ -196,2 +218,20 @@ });
 
+let AssumptionMapName = '__ValidatePeerDependenciesAssumeProvided';
+if (!(AssumptionMapName in global)) {
+  global[AssumptionMapName] = new Map();
+}
+
+// make sure to re-use the map created by a different instance of
+// validate-peer-dependencies
+let AssumptionMap = global[AssumptionMapName];
+
+module.exports.assumeProvided = function ({ name, version } = {}) {
+  if (name === undefined || version === undefined) {
+    throw new Error(
+      `assumeProvided({ name, version}): name and version are required, but name='${name}' version='${version}'`
+    );
+  }
+  AssumptionMap.set(name, version);
+};
+
 Object.defineProperty(module.exports, '__HasPeerDepsInstalled', {
@@ -206,1 +246,5 @@ enumerable: false,
 };
+
+module.exports._resetAssumptions = function () {
+  global[AssumptionMapName].clear();
+};

package.json

 {
   "name": "validate-peer-dependencies",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Validate that the peerDependencies of a given package.json have been satisfied.",
@@ -5,0 +5,0 @@ "repository": {

README.md

@@ -53,3 +53,3 @@ # validate-peer-dependencies
 
-## Known Issues
+### Known Issues
 
@@ -253,4 +253,22 @@ There are no known scenarios where `validate-peer-dependencies` will flag a
 
+### assumeProvided
+
+It is sometimes desirable to treat a peer dependency as satisfied even when it would not be considered satisfied under the node resolution algorithm.
+
+For example an ember addon may consider itself to satisfy the peer dependency requirements of one of its own dev dependencies during local development.
+
+```js
+const assumeProvided = require('validate-peer-depencies').assumeProvided;
+
+// subsequent calls to validatePeerDependencies will assume some-package is available and will resolve to version 1.2.3
+assumeProvided({ name: 'some-package', version: '1.2.3' });
+
+// for the more common case of the package assuming itself to be available during development, the following is the likely preferred invocation
+assumeProvided(require('./package.json'));
+```
+
+Note that assumptions are global, since peer dependency validation may be occurring in different instances of `validate-peer-dependencies`.
+
 ## License
 
 This project is licensed under the [MIT License](LICENSE.md).

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

20091

increased by12.74%

Lines of code

199

increased by22.09%

Number of lines in readme file

273

increased by7.06%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes