From 13aed70c811b69e8ce7403907c09696dae2eb15e Mon Sep 17 00:00:00 2001 From: isaacs Date: Tue, 12 Oct 2021 09:18:31 -0700 Subject: [PATCH] chore(deps): @npmcli/arborist@4.0.0 Bumped patch versions of libnpmexec and libnpmfund to dedupe --- node_modules/@npmcli/arborist/bin/dedupe.js | 49 ++++++++++++++++++ .../@npmcli/arborist/bin/shrinkwrap.js | 2 +- .../arborist/lib/arborist/build-ideal-tree.js | 37 +++++++++----- .../@npmcli/arborist/lib/arborist/index.js | 20 ++++++++ .../arborist/lib/arborist/load-actual.js | 9 ++-- .../arborist/lib/arborist/load-virtual.js | 5 +- .../@npmcli/arborist/lib/arborist/pruner.js | 15 ++++++ .../@npmcli/arborist/lib/arborist/rebuild.js | 11 +++- .../@npmcli/arborist/lib/arborist/reify.js | 35 ++++++++----- node_modules/@npmcli/arborist/lib/edge.js | 4 +- .../@npmcli/arborist/lib/peer-entry-sets.js | 2 +- .../@npmcli/arborist/lib/place-dep.js | 16 +++--- .../@npmcli/arborist/lib/printable.js | 8 +-- .../@npmcli/arborist/lib/shrinkwrap.js | 48 +++++++++++++++--- node_modules/@npmcli/arborist/package.json | 2 +- node_modules/libnpmexec/package.json | 4 +- node_modules/libnpmfund/package.json | 4 +- package-lock.json | 50 +++++++++---------- package.json | 6 +-- 19 files changed, 239 insertions(+), 88 deletions(-) create mode 100644 node_modules/@npmcli/arborist/bin/dedupe.js diff --git a/node_modules/@npmcli/arborist/bin/dedupe.js b/node_modules/@npmcli/arborist/bin/dedupe.js new file mode 100644 index 000000000000..b0e83459ef73 --- /dev/null +++ b/node_modules/@npmcli/arborist/bin/dedupe.js @@ -0,0 +1,49 @@ +const Arborist = require('../') + +const options = require('./lib/options.js') +const print = require('./lib/print-tree.js') +require('./lib/logging.js') +require('./lib/timers.js') + +const printDiff = diff => { + const {depth} = require('treeverse') + depth({ + tree: diff, + visit: d => { + if (d.location === '') { + return + } + switch (d.action) { + case 'REMOVE': + console.error('REMOVE', d.actual.location) + break + case 'ADD': + console.error('ADD', d.ideal.location, d.ideal.resolved) + break + case 'CHANGE': + console.error('CHANGE', d.actual.location, { + from: d.actual.resolved, + to: d.ideal.resolved, + }) + break + } + }, + getChildren: d => d.children, + }) +} + +const start = process.hrtime() +process.emit('time', 'install') +const arb = new Arborist(options) +arb.dedupe(options).then(tree => { + process.emit('timeEnd', 'install') + const end = process.hrtime(start) + print(tree) + if (options.dryRun) { + printDiff(arb.diff) + } + console.error(`resolved ${tree.inventory.size} deps in ${end[0] + end[1] / 1e9}s`) + if (tree.meta && options.save) { + tree.meta.save() + } +}).catch(er => console.error(require('util').inspect(er, { depth: Infinity }))) diff --git a/node_modules/@npmcli/arborist/bin/shrinkwrap.js b/node_modules/@npmcli/arborist/bin/shrinkwrap.js index ee5ec2455794..b40416b7b9e1 100644 --- a/node_modules/@npmcli/arborist/bin/shrinkwrap.js +++ b/node_modules/@npmcli/arborist/bin/shrinkwrap.js @@ -5,7 +5,7 @@ require('./lib/timers.js') const { quiet } = options Shrinkwrap.load(options) - .then(s => quiet || console.log(JSON.stringify(s.data, 0, 2))) + .then(s => quiet || console.log(JSON.stringify(s.commit(), 0, 2))) .catch(er => { console.error('shrinkwrap load failure', er) process.exit(1) diff --git a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js index 3e6a9838f8f4..4071deac5a78 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js +++ b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js @@ -26,6 +26,7 @@ const debug = require('../debug.js') const fromPath = require('../from-path.js') const calcDepFlags = require('../calc-dep-flags.js') const Shrinkwrap = require('../shrinkwrap.js') +const { defaultLockfileVersion } = Shrinkwrap const Node = require('../node.js') const Link = require('../link.js') const addRmPkgDeps = require('../add-rm-pkg-deps.js') @@ -307,8 +308,10 @@ module.exports = cls => class IdealTreeBuilder extends cls { // reconstructing it anyway. .then(root => this[_global] ? root : !this[_usePackageLock] || this[_updateAll] - ? Shrinkwrap.reset({ path: this.path }) - .then(meta => Object.assign(root, {meta})) + ? Shrinkwrap.reset({ + path: this.path, + lockfileVersion: this.options.lockfileVersion, + }).then(meta => Object.assign(root, {meta})) : this.loadVirtual({ root })) // if we don't have a lockfile to go from, then start with the @@ -326,6 +329,9 @@ module.exports = cls => class IdealTreeBuilder extends cls { // dep flags before assuming that any mutations were reflected. if (tree.children.size) { root.meta.loadedFromDisk = true + // set these so that we don't try to ancient lockfile reload it + root.meta.originalLockfileVersion = defaultLockfileVersion + root.meta.lockfileVersion = defaultLockfileVersion } } return root @@ -345,7 +351,10 @@ module.exports = cls => class IdealTreeBuilder extends cls { // this is a gross kludge to handle the fact that we don't save // metadata on the root node in global installs, because the "root" // node is something like /usr/local/lib. - const meta = new Shrinkwrap({ path: this.path }) + const meta = new Shrinkwrap({ + path: this.path, + lockfileVersion: this.options.lockfileVersion, + }) meta.reset() root.meta = meta return root @@ -696,14 +705,18 @@ module.exports = cls => class IdealTreeBuilder extends cls { // least it's just a one-time hit. process.emit('time', 'idealTree:inflate') + // don't warn if we're not gonna actually write it back anyway. const heading = ancient ? 'ancient lockfile' : 'old lockfile' - this.log.warn(heading, - ` + if (ancient || !this.options.lockfileVersion || + this.options.lockfileVersion >= defaultLockfileVersion) { + this.log.warn(heading, + ` The ${meta.type} file was created with an old version of npm, so supplemental metadata must be fetched from the registry. This is a one-time fix-up, please be patient... `) + } this.addTracker('idealTree:inflate') const queue = [] @@ -748,7 +761,7 @@ This is a one-time fix-up, please be patient... // yes, yes, this isn't the "original" version, but now that it's been // upgraded, we need to make sure we don't do the work to upgrade it // again, since it's now as new as can be. - meta.originalLockfileVersion = 2 + meta.originalLockfileVersion = defaultLockfileVersion this.finishTracker('idealTree:inflate') process.emit('timeEnd', 'idealTree:inflate') } @@ -880,7 +893,7 @@ This is a one-time fix-up, please be patient... const tasks = [] const peerSource = this[_peerSetSource].get(node) || node for (const edge of this[_problemEdges](node)) { - if (edge.overridden) { + if (edge.peerConflicted) { continue } @@ -967,8 +980,8 @@ This is a one-time fix-up, please be patient... if (edgeIn === edge) { continue } - const { from, valid, overridden } = edgeIn - if (!overridden && !valid && !this[_depsSeen].has(from)) { + const { from, valid, peerConflicted } = edgeIn + if (!peerConflicted && !valid && !this[_depsSeen].has(from)) { this.addTracker('idealTree', from.name, from.location) this[_depsQueue].push(edgeIn.from) } @@ -984,8 +997,8 @@ This is a one-time fix-up, please be patient... continue } - const { valid, overridden } = edgeIn - if (!valid && !overridden) { + const { valid, peerConflicted } = edgeIn + if (!valid && !peerConflicted) { // if it's already been visited, we have to re-visit // otherwise, just enqueue normally. this[_depsSeen].delete(edgeIn.from) @@ -1301,7 +1314,7 @@ This is a one-time fix-up, please be patient... // that will be installed by default anyway, and we'll fail when // we get to the point where we need to, if we need to. if (conflictOK || !required.has(dep)) { - edge.overridden = true + edge.peerConflicted = true continue } diff --git a/node_modules/@npmcli/arborist/lib/arborist/index.js b/node_modules/@npmcli/arborist/lib/arborist/index.js index ccfa7cad9c04..21d4ec5a36cf 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/index.js +++ b/node_modules/@npmcli/arborist/lib/arborist/index.js @@ -44,9 +44,25 @@ const mixins = [ require('./reify.js'), ] +const _workspacesEnabled = Symbol.for('workspacesEnabled') const Base = mixins.reduce((a, b) => b(a), require('events')) const getWorkspaceNodes = require('../get-workspace-nodes.js') +// if it's 1, 2, or 3, set it explicitly that. +// if undefined or null, set it null +// otherwise, throw. +const lockfileVersion = lfv => { + if (lfv === 1 || lfv === 2 || lfv === 3) { + return lfv + } + + if (lfv === undefined || lfv === null) { + return null + } + + throw new TypeError('Invalid lockfileVersion config: ' + lfv) +} + class Arborist extends Base { constructor (options = {}) { process.emit('time', 'arborist:ctor') @@ -59,7 +75,11 @@ class Arborist extends Base { packumentCache: options.packumentCache || new Map(), log: options.log || procLog, workspacesEnabled: options.workspacesEnabled !== false, + lockfileVersion: lockfileVersion(options.lockfileVersion), } + + this[_workspacesEnabled] = this.options.workspacesEnabled + if (options.saveType && !saveTypeMap.get(options.saveType)) { throw new Error(`Invalid saveType ${options.saveType}`) } diff --git a/node_modules/@npmcli/arborist/lib/arborist/load-actual.js b/node_modules/@npmcli/arborist/lib/arborist/load-actual.js index 68e58af7d985..5d8fea85399a 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/load-actual.js +++ b/node_modules/@npmcli/arborist/lib/arborist/load-actual.js @@ -137,11 +137,9 @@ module.exports = cls => class ActualLoader extends cls { real: await realpath(this.path, this[_rpcache], this[_stcache]), }) - // XXX only rely on this if the hidden lockfile is the newest thing? - // need some kind of heuristic, like if the package.json or sw have - // been touched more recently, then ignore it? This is a hazard if - // user switches back and forth between Arborist and another way of - // mutating the node_modules folder. + // Note: hidden lockfile will be rejected if it's not the latest thing + // in the folder, or if any of the entries in the hidden lockfile are + // missing. const meta = await Shrinkwrap.load({ path: this[_actualTree].path, hiddenLockfile: true, @@ -152,6 +150,7 @@ module.exports = cls => class ActualLoader extends cls { } else { const meta = await Shrinkwrap.load({ path: this[_actualTree].path, + lockfileVersion: this.options.lockfileVersion, }) this[_actualTree].meta = meta return this[_loadActualActually]({ root, ignoreMissing }) diff --git a/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js b/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js index f1960116737e..ed0e47daf58a 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js +++ b/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js @@ -54,7 +54,10 @@ module.exports = cls => class VirtualLoader extends cls { return treeCheck(this.virtualTree) } - const s = await Shrinkwrap.load({ path: this.path }) + const s = await Shrinkwrap.load({ + path: this.path, + lockfileVersion: this.options.lockfileVersion, + }) if (!s.loadedFromDisk && !options.root) { const er = new Error('loadVirtual requires existing shrinkwrap file') throw Object.assign(er, { code: 'ENOLOCK' }) diff --git a/node_modules/@npmcli/arborist/lib/arborist/pruner.js b/node_modules/@npmcli/arborist/lib/arborist/pruner.js index 3e9d4f1bf66b..494114dfa56c 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/pruner.js +++ b/node_modules/@npmcli/arborist/lib/arborist/pruner.js @@ -1,4 +1,6 @@ const _idealTreePrune = Symbol.for('idealTreePrune') +const _workspacesEnabled = Symbol.for('workspacesEnabled') +const _addNodeToTrashList = Symbol.for('addNodeToTrashList') module.exports = cls => class Pruner extends cls { async prune (options = {}) { @@ -10,6 +12,19 @@ module.exports = cls => class Pruner extends cls { this[_idealTreePrune]() + if (!this[_workspacesEnabled]) { + const excludeNodes = this.excludeWorkspacesDependencySet(this.idealTree) + for (const node of this.idealTree.inventory.values()) { + if ( + node.parent !== null + && !node.isProjectRoot + && !excludeNodes.has(node) + ) { + this[_addNodeToTrashList](node) + } + } + } + return this.reify(options) } } diff --git a/node_modules/@npmcli/arborist/lib/arborist/rebuild.js b/node_modules/@npmcli/arborist/lib/arborist/rebuild.js index 6fa5c00116fc..4f3fc1b9c3ba 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/rebuild.js +++ b/node_modules/@npmcli/arborist/lib/arborist/rebuild.js @@ -35,6 +35,7 @@ const _checkBins = Symbol.for('checkBins') const _queues = Symbol('queues') const _scriptShell = Symbol('scriptShell') const _includeWorkspaceRoot = Symbol.for('includeWorkspaceRoot') +const _workspacesEnabled = Symbol.for('workspacesEnabled') const _force = Symbol.for('force') @@ -77,8 +78,14 @@ module.exports = cls => class Builder extends cls { // the actual tree on disk. if (!nodes) { const tree = await this.loadActual() - if (this[_workspaces] && this[_workspaces].length) { - const filterSet = this.workspaceDependencySet( + let filterSet + if (!this[_workspacesEnabled]) { + filterSet = this.excludeWorkspacesDependencySet(tree) + nodes = tree.inventory.filter(node => + filterSet.has(node) || node.isProjectRoot + ) + } else if (this[_workspaces] && this[_workspaces].length) { + filterSet = this.workspaceDependencySet( tree, this[_workspaces], this[_includeWorkspaceRoot] diff --git a/node_modules/@npmcli/arborist/lib/arborist/reify.js b/node_modules/@npmcli/arborist/lib/arborist/reify.js index a279d8956f24..658ece7a9361 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/reify.js +++ b/node_modules/@npmcli/arborist/lib/arborist/reify.js @@ -40,8 +40,9 @@ const _savePrefix = Symbol('savePrefix') const _retireShallowNodes = Symbol.for('retireShallowNodes') const _getBundlesByDepth = Symbol('getBundlesByDepth') const _registryResolved = Symbol('registryResolved') -const _addNodeToTrashList = Symbol('addNodeToTrashList') +const _addNodeToTrashList = Symbol.for('addNodeToTrashList') const _workspaces = Symbol.for('workspaces') +const _workspacesEnabled = Symbol.for('workspacesEnabled') // shared by rebuild mixin const _trashList = Symbol.for('trashList') @@ -314,6 +315,10 @@ module.exports = cls => class Reifier extends cls { // to just invalidate the parts that changed, but avoid walking the // whole tree again. + const includeWorkspaces = this[_workspacesEnabled] + const includeRootDeps = !this[_workspacesEnabled] + || this[_includeWorkspaceRoot] && this[_workspaces].length > 0 + const filterNodes = [] if (this[_global] && this.explicitRequests.size) { const idealTree = this.idealTree.target @@ -331,17 +336,21 @@ module.exports = cls => class Reifier extends cls { } } } else { - for (const ws of this[_workspaces]) { - const ideal = this.idealTree.children.get(ws) - if (ideal) { - filterNodes.push(ideal) - } - const actual = this.actualTree.children.get(ws) - if (actual) { - filterNodes.push(actual) + if (includeWorkspaces) { + // add all ws nodes to filterNodes + for (const ws of this[_workspaces]) { + const ideal = this.idealTree.children.get(ws) + if (ideal) { + filterNodes.push(ideal) + } + const actual = this.actualTree.children.get(ws) + if (actual) { + filterNodes.push(actual) + } } } - if (this[_includeWorkspaceRoot] && (this[_workspaces].length > 0)) { + if (includeRootDeps) { + // add all non-workspace nodes to filterNodes for (const tree of [this.idealTree, this.actualTree]) { for (const {type, to} of tree.edgesOut.values()) { if (type !== 'workspace' && to) { @@ -451,10 +460,12 @@ module.exports = cls => class Reifier extends cls { const filter = node => node.top.isProjectRoot && - (node.peer && this[_omitPeer] || + ( + node.peer && this[_omitPeer] || node.dev && this[_omitDev] || node.optional && this[_omitOptional] || - node.devOptional && this[_omitOptional] && this[_omitDev]) + node.devOptional && this[_omitOptional] && this[_omitDev] + ) for (const node of this.idealTree.inventory.filter(filter)) { this[_addNodeToTrashList](node) diff --git a/node_modules/@npmcli/arborist/lib/edge.js b/node_modules/@npmcli/arborist/lib/edge.js index 777ecc44a7c0..1881001ef143 100644 --- a/node_modules/@npmcli/arborist/lib/edge.js +++ b/node_modules/@npmcli/arborist/lib/edge.js @@ -37,7 +37,7 @@ const printableEdge = (edge) => { ...(edgeFrom != null ? { from: edgeFrom } : {}), ...(edgeTo ? { to: edgeTo } : {}), ...(edge.error ? { error: edge.error } : {}), - ...(edge.overridden ? { overridden: true } : {}), + ...(edge.peerConflicted ? { peerConflicted: true } : {}), }) } @@ -78,7 +78,7 @@ class Edge { } this[_setFrom](from) this[_error] = this[_loadError]() - this.overridden = false + this.peerConflicted = false } satisfiedBy (node) { diff --git a/node_modules/@npmcli/arborist/lib/peer-entry-sets.js b/node_modules/@npmcli/arborist/lib/peer-entry-sets.js index 2c4322ee678c..a2da8c8cb6fc 100644 --- a/node_modules/@npmcli/arborist/lib/peer-entry-sets.js +++ b/node_modules/@npmcli/arborist/lib/peer-entry-sets.js @@ -29,7 +29,7 @@ const peerEntrySets = node => { for (const peer of unionSet) { for (const edge of peer.edgesIn) { // if not valid, it doesn't matter anyway. either it's been previously - // overridden, or it's the thing we're interested in replacing. + // peerConflicted, or it's the thing we're interested in replacing. if (!edge.valid) { continue } diff --git a/node_modules/@npmcli/arborist/lib/place-dep.js b/node_modules/@npmcli/arborist/lib/place-dep.js index 6edd94a38e74..1fe930876a86 100644 --- a/node_modules/@npmcli/arborist/lib/place-dep.js +++ b/node_modules/@npmcli/arborist/lib/place-dep.js @@ -247,7 +247,7 @@ class PlaceDep { // if we're placing in the tree with --force, we can get here even though // it's a conflict. Treat it as a KEEP, but warn and move on. if (placementType === KEEP) { - // this was an overridden peer dep + // this was a peerConflicted peer dep if (edge.peer && !edge.valid) { this.warnPeerConflict() } @@ -305,7 +305,7 @@ class PlaceDep { this.placed.parent = target } - // if it's an overridden peer dep, warn about it + // if it's a peerConflicted peer dep, warn about it if (edge.peer && !this.placed.satisfies(edge)) { this.warnPeerConflict() } @@ -339,7 +339,7 @@ class PlaceDep { // otherwise they'd be gone and the peer set would change throughout // this loop. for (const peerEdge of this.placed.edgesOut.values()) { - if (peerEdge.valid || !peerEdge.peer || peerEdge.overridden) { + if (peerEdge.valid || !peerEdge.peer || peerEdge.peerConflicted) { continue } @@ -353,7 +353,7 @@ class PlaceDep { continue } - // overridden peerEdge, just accept what's there already + // peerConflicted peerEdge, just accept what's there already if (!peer.satisfies(peerEdge)) { continue } @@ -398,7 +398,7 @@ class PlaceDep { if (this.placed.satisfies(edge) || !edge.peer || edge.from.parent !== target || - edge.overridden) { + edge.peerConflicted) { // not a peer dep, not invalid, or not from this level, so it's fine // to just let it re-evaluate as a problemEdge later, or let it be // satisfied by the new dep being placed. @@ -406,14 +406,14 @@ class PlaceDep { } for (const entryEdge of peerEntrySets(edge.from).keys()) { // either this one needs to be pruned and re-evaluated, or marked - // as overridden and warned about. If the entryEdge comes in from + // as peerConflicted and warned about. If the entryEdge comes in from // the root, then we have to leave it alone, and in that case, it // will have already warned or crashed by getting to this point. const entryNode = entryEdge.to const deepestTarget = deepestNestingTarget(entryNode) if (deepestTarget !== target && !entryEdge.from.isRoot) { prunePeerSets.push(...gatherDepSet([entryNode], e => { - return e.to !== entryNode && !e.overridden + return e.to !== entryNode && !e.peerConflicted })) } else { this.warnPeerConflict(edge, this.dep) @@ -532,7 +532,7 @@ class PlaceDep { warnPeerConflict (edge, dep) { edge = edge || this.edge dep = dep || this.dep - edge.overridden = true + edge.peerConflicted = true const expl = this.explainPeerConflict(edge, dep) log.warn('ERESOLVE', 'overriding peer dependency', expl) } diff --git a/node_modules/@npmcli/arborist/lib/printable.js b/node_modules/@npmcli/arborist/lib/printable.js index 74925d96d258..ba2a25b195ae 100644 --- a/node_modules/@npmcli/arborist/lib/printable.js +++ b/node_modules/@npmcli/arborist/lib/printable.js @@ -130,8 +130,8 @@ class Edge { if (edge.error) { this.error = edge.error } - if (edge.overridden) { - this.overridden = edge.overridden + if (edge.peerConflicted) { + this.peerConflicted = edge.peerConflicted } } } @@ -149,7 +149,7 @@ class EdgeOut extends Edge { }${ this.error ? ' ' + this.error : '' }${ - this.overridden ? ' overridden' : '' + this.peerConflicted ? ' peerConflicted' : '' } }` } } @@ -165,7 +165,7 @@ class EdgeIn extends Edge { return `{ ${this.from || '""'} ${this.type} ${this.name}@${this.spec}${ this.error ? ' ' + this.error : '' }${ - this.overridden ? ' overridden' : '' + this.peerConflicted ? ' peerConflicted' : '' } }` } } diff --git a/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/node_modules/@npmcli/arborist/lib/shrinkwrap.js index ed28130249ea..93e1cb1a45ca 100644 --- a/node_modules/@npmcli/arborist/lib/shrinkwrap.js +++ b/node_modules/@npmcli/arborist/lib/shrinkwrap.js @@ -10,7 +10,7 @@ // definitely not before npm v8. const localeCompare = require('@isaacs/string-locale-compare')('en') -const lockfileVersion = 2 +const defaultLockfileVersion = 2 // for comparing nodes to yarn.lock entries const mismatch = (a, b) => a && b && a !== b @@ -226,6 +226,10 @@ const _filenameSet = Symbol('_filenameSet') const _maybeRead = Symbol('_maybeRead') const _maybeStat = Symbol('_maybeStat') class Shrinkwrap { + static get defaultLockfileVersion () { + return defaultLockfileVersion + } + static load (options) { return new Shrinkwrap(options).load() } @@ -316,8 +320,12 @@ class Shrinkwrap { shrinkwrapOnly = false, hiddenLockfile = false, log = procLog, + lockfileVersion, } = options + this.lockfileVersion = hiddenLockfile ? 3 + : lockfileVersion ? parseInt(lockfileVersion, 10) + : null this.log = log this[_awaitingUpdate] = new Map() this.tree = null @@ -372,9 +380,9 @@ class Shrinkwrap { reset () { this.tree = null this[_awaitingUpdate] = new Map() - this.originalLockfileVersion = lockfileVersion + this.originalLockfileVersion = this.lockfileVersion this.data = { - lockfileVersion, + lockfileVersion: this.lockfileVersion || defaultLockfileVersion, requires: true, packages: {}, dependencies: {}, @@ -460,14 +468,23 @@ class Shrinkwrap { this.ancientLockfile = false return {} }).then(lock => { + const lockfileVersion = this.lockfileVersion ? this.lockfileVersion + : Math.max(lock.lockfileVersion || 0, defaultLockfileVersion) this.data = { ...lock, - lockfileVersion, + lockfileVersion: lockfileVersion, requires: true, packages: lock.packages || {}, - ...(this.hiddenLockfile ? {} : {dependencies: lock.dependencies || {}}), + dependencies: lock.dependencies || {}, } + this.originalLockfileVersion = lock.lockfileVersion + // use default if it wasn't explicitly set, and the current file is + // less than our default. otherwise, keep whatever is in the file, + // unless we had an explicit setting already. + if (!this.lockfileVersion) { + this.lockfileVersion = this.data.lockfileVersion = lockfileVersion + } this.ancientLockfile = this.loadedFromDisk && !(lock.lockfileVersion >= 2) && !lock.requires @@ -878,15 +895,32 @@ class Shrinkwrap { } } + // if we haven't set it by now, use the default + if (!this.lockfileVersion) { + this.lockfileVersion = defaultLockfileVersion + } + this.data.lockfileVersion = this.lockfileVersion + // hidden lockfiles don't include legacy metadata or a root entry if (this.hiddenLockfile) { delete this.data.packages[''] delete this.data.dependencies - } else if (this.tree) { + } else if (this.tree && this.lockfileVersion <= 3) { this[_buildLegacyLockfile](this.tree, this.data) } - return this.data + // lf version 1 = dependencies only + // lf version 2 = dependencies and packages + // lf version 3 = packages only + if (this.lockfileVersion >= 3) { + const { dependencies, ...data } = this.data + return data + } else if (this.lockfileVersion < 2) { + const { packages, ...data } = this.data + return data + } else { + return { ...this.data } + } } [_buildLegacyLockfile] (node, lock, path = []) { diff --git a/node_modules/@npmcli/arborist/package.json b/node_modules/@npmcli/arborist/package.json index b9dbbb70722d..a61523e48d9f 100644 --- a/node_modules/@npmcli/arborist/package.json +++ b/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "3.0.0", + "version": "4.0.0", "description": "Manage node_modules trees", "dependencies": { "@isaacs/string-locale-compare": "^1.0.1", diff --git a/node_modules/libnpmexec/package.json b/node_modules/libnpmexec/package.json index 067c39ae744f..3a03bd6cba03 100644 --- a/node_modules/libnpmexec/package.json +++ b/node_modules/libnpmexec/package.json @@ -1,6 +1,6 @@ { "name": "libnpmexec", - "version": "3.0.0", + "version": "3.0.1", "files": [ "lib" ], @@ -50,7 +50,7 @@ "tap": "^15.0.6" }, "dependencies": { - "@npmcli/arborist": "^3.0.0", + "@npmcli/arborist": "^4.0.0", "@npmcli/ci-detect": "^1.3.0", "@npmcli/run-script": "^2.0.0", "chalk": "^4.1.0", diff --git a/node_modules/libnpmfund/package.json b/node_modules/libnpmfund/package.json index e021d8874d26..2bd474199364 100644 --- a/node_modules/libnpmfund/package.json +++ b/node_modules/libnpmfund/package.json @@ -1,6 +1,6 @@ { "name": "libnpmfund", - "version": "2.0.0", + "version": "2.0.1", "files": [ "index.js" ], @@ -52,7 +52,7 @@ "tap": "^15.0.9" }, "dependencies": { - "@npmcli/arborist": "^3.0.0" + "@npmcli/arborist": "^4.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" diff --git a/package-lock.json b/package-lock.json index a833b1ca8e51..e38d5e220d55 100644 --- a/package-lock.json +++ b/package-lock.json @@ -86,7 +86,7 @@ ], "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/arborist": "^3.0.0", + "@npmcli/arborist": "^4.0.0", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^2.3.0", "@npmcli/map-workspaces": "^1.0.4", @@ -112,8 +112,8 @@ "json-parse-even-better-errors": "^2.3.1", "libnpmaccess": "^4.0.2", "libnpmdiff": "^2.0.4", - "libnpmexec": "^3.0.0", - "libnpmfund": "^2.0.0", + "libnpmexec": "^3.0.1", + "libnpmfund": "^2.0.1", "libnpmhook": "^6.0.2", "libnpmorg": "^2.0.2", "libnpmpack": "^3.0.0", @@ -772,9 +772,9 @@ } }, "node_modules/@npmcli/arborist": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-3.0.0.tgz", - "integrity": "sha512-zAmy3LwjQ81HKYA8Z4Uao8Re+ydiad2sDKI+PKe2loqDXnFolm69LIGmHp8+7BPWX1CAJCs1/XRNTLdXmuMZZw==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.0.tgz", + "integrity": "sha512-UtgFRDJGgnFNONW9hjyq0ft6fQPK8nLuYyFFXlhaEKVl7+/rhtUG0t7TWwu8CBXn7KjxhbHZgIlZBKIE+v1C6g==", "inBundle": true, "dependencies": { "@isaacs/string-locale-compare": "^1.0.1", @@ -4688,12 +4688,12 @@ "link": true }, "node_modules/libnpmexec": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/libnpmexec/-/libnpmexec-3.0.0.tgz", - "integrity": "sha512-qyt0gSMSHeHIqb/a+vcryfw3VXfNNgle8jK9QVnrNQAyoDvyVQ6auyoB3ycqWPIl2swTEXPEVremSUaDzOiEgw==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/libnpmexec/-/libnpmexec-3.0.1.tgz", + "integrity": "sha512-VUZTpkKBRPv3Z9DIjbsiHhEQXmQ+OwSQ/yLCY9i6CFE8UIczWyE6wVxP5sJ5NSGtSTUs6I98WewQOL45OKMyxA==", "inBundle": true, "dependencies": { - "@npmcli/arborist": "^3.0.0", + "@npmcli/arborist": "^4.0.0", "@npmcli/ci-detect": "^1.3.0", "@npmcli/run-script": "^2.0.0", "chalk": "^4.1.0", @@ -4710,12 +4710,12 @@ } }, "node_modules/libnpmfund": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/libnpmfund/-/libnpmfund-2.0.0.tgz", - "integrity": "sha512-A89Mp+VcbVS2IzXlTJxcAEJEulVX7pvCB+NFqWKRIaqIncwGku1u8b0h8Qp9IUHrvzzzJiJxJmMYCXmlf6xFxw==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/libnpmfund/-/libnpmfund-2.0.1.tgz", + "integrity": "sha512-OhDbjB3gqdRyuQ56AhUtO49HZ7cZHSM7yCnhQa1lsNpmAmGPnjCImfx8SoWaAkUM7Ov8jngMR5JHKAr1ddjHTQ==", "inBundle": true, "dependencies": { - "@npmcli/arborist": "^3.0.0" + "@npmcli/arborist": "^4.0.0" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16" @@ -11119,9 +11119,9 @@ "dev": true }, "@npmcli/arborist": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-3.0.0.tgz", - "integrity": "sha512-zAmy3LwjQ81HKYA8Z4Uao8Re+ydiad2sDKI+PKe2loqDXnFolm69LIGmHp8+7BPWX1CAJCs1/XRNTLdXmuMZZw==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-4.0.0.tgz", + "integrity": "sha512-UtgFRDJGgnFNONW9hjyq0ft6fQPK8nLuYyFFXlhaEKVl7+/rhtUG0t7TWwu8CBXn7KjxhbHZgIlZBKIE+v1C6g==", "requires": { "@isaacs/string-locale-compare": "^1.0.1", "@npmcli/installed-package-contents": "^1.0.7", @@ -14031,11 +14031,11 @@ } }, "libnpmexec": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/libnpmexec/-/libnpmexec-3.0.0.tgz", - "integrity": "sha512-qyt0gSMSHeHIqb/a+vcryfw3VXfNNgle8jK9QVnrNQAyoDvyVQ6auyoB3ycqWPIl2swTEXPEVremSUaDzOiEgw==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/libnpmexec/-/libnpmexec-3.0.1.tgz", + "integrity": "sha512-VUZTpkKBRPv3Z9DIjbsiHhEQXmQ+OwSQ/yLCY9i6CFE8UIczWyE6wVxP5sJ5NSGtSTUs6I98WewQOL45OKMyxA==", "requires": { - "@npmcli/arborist": "^3.0.0", + "@npmcli/arborist": "^4.0.0", "@npmcli/ci-detect": "^1.3.0", "@npmcli/run-script": "^2.0.0", "chalk": "^4.1.0", @@ -14049,11 +14049,11 @@ } }, "libnpmfund": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/libnpmfund/-/libnpmfund-2.0.0.tgz", - "integrity": "sha512-A89Mp+VcbVS2IzXlTJxcAEJEulVX7pvCB+NFqWKRIaqIncwGku1u8b0h8Qp9IUHrvzzzJiJxJmMYCXmlf6xFxw==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/libnpmfund/-/libnpmfund-2.0.1.tgz", + "integrity": "sha512-OhDbjB3gqdRyuQ56AhUtO49HZ7cZHSM7yCnhQa1lsNpmAmGPnjCImfx8SoWaAkUM7Ov8jngMR5JHKAr1ddjHTQ==", "requires": { - "@npmcli/arborist": "^3.0.0" + "@npmcli/arborist": "^4.0.0" } }, "libnpmhook": { diff --git a/package.json b/package.json index 4fe6e0020c9e..bfde6737d531 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ }, "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/arborist": "^3.0.0", + "@npmcli/arborist": "^4.0.0", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^2.3.0", "@npmcli/map-workspaces": "^1.0.4", @@ -81,8 +81,8 @@ "json-parse-even-better-errors": "^2.3.1", "libnpmaccess": "^4.0.2", "libnpmdiff": "^2.0.4", - "libnpmexec": "^3.0.0", - "libnpmfund": "^2.0.0", + "libnpmexec": "^3.0.1", + "libnpmfund": "^2.0.1", "libnpmhook": "^6.0.2", "libnpmorg": "^2.0.2", "libnpmpack": "^3.0.0",