diff --git a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js index 17b42f81bb39a..412d6ce8b7119 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js +++ b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js @@ -431,11 +431,13 @@ module.exports = cls => class IdealTreeBuilder extends cls { // ie, doing `foo@bar` we just return foo // but if it's a url or git, we don't know the name until we // fetch it and look in its manifest. - return Promise.all(add.map(rawSpec => - this[_retrieveSpecName](npa(rawSpec)) + return Promise.all(add.map(rawSpec => { + // We do NOT provide the path here, because user-additions need + // to be resolved relative to the CWD the user is in. + return this[_retrieveSpecName](npa(rawSpec)) .then(add => this[_updateFilePath](add)) .then(add => this[_followSymlinkPath](add)) - )).then(add => { + })).then(add => { this[_resolvedAdd] = add // now add is a list of spec objects with names. // find a home for each of them! diff --git a/node_modules/@npmcli/arborist/lib/arborist/reify.js b/node_modules/@npmcli/arborist/lib/arborist/reify.js index c3ea1b43bbc76..803fb9782f07c 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/reify.js +++ b/node_modules/@npmcli/arborist/lib/arborist/reify.js @@ -6,6 +6,7 @@ const rpj = require('read-package-json-fast') const { updateDepSpec } = require('../dep-spec.js') const AuditReport = require('../audit-report.js') const {subset} = require('semver') +const npa = require('npm-package-arg') const {dirname, resolve, relative} = require('path') const {depth: dfwalk} = require('treeverse') @@ -881,11 +882,17 @@ module.exports = cls => class Reifier extends cls { process.emit('time', 'reify:save') + // resolvedAdd is the list of user add requests, but with names added + // to things like git repos and tarball file/urls. However, if the + // user requested 'foo@', and we have a foo@file:../foo, then we should + // end up saving the spec we actually used, not whatever they gave us. if (this[_resolvedAdd]) { const root = this.idealTree const pkg = root.package - for (const req of this[_resolvedAdd]) { - const {name, rawSpec, subSpec} = req + for (const { name } of this[_resolvedAdd]) { + const req = npa(root.edgesOut.get(name).spec, root.realpath) + const {rawSpec, subSpec} = req + const spec = subSpec ? subSpec.rawSpec : rawSpec const child = root.children.get(name) @@ -910,6 +917,15 @@ module.exports = cls => class Reifier extends cls { const save = h.https && h.auth ? `git+${h.https(opt)}` : h.shortcut(opt) updateDepSpec(pkg, name, save) + } else if (req.type === 'directory' || req.type === 'file') { + // save the relative path in package.json + // Normally saveSpec is updated with the proper relative + // path already, but it's possible to specify a full absolute + // path initially, in which case we can end up with the wrong + // thing, so just get the ultimate fetchSpec and relativize it. + const p = req.fetchSpec.replace(/^file:/, '') + const rel = relpath(root.realpath, p) + updateDepSpec(pkg, name, `file:${rel}`) } else updateDepSpec(pkg, name, req.saveSpec) } diff --git a/node_modules/@npmcli/arborist/package.json b/node_modules/@npmcli/arborist/package.json index 268f0e72a92d5..35623f90c44ed 100644 --- a/node_modules/@npmcli/arborist/package.json +++ b/node_modules/@npmcli/arborist/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/arborist", - "version": "2.2.6", + "version": "2.2.7", "description": "Manage node_modules trees", "dependencies": { "@npmcli/installed-package-contents": "^1.0.7", diff --git a/package-lock.json b/package-lock.json index 412fa222afc86..5c5793bf8f0df 100644 --- a/package-lock.json +++ b/package-lock.json @@ -251,7 +251,7 @@ ], "license": "Artistic-2.0", "dependencies": { - "@npmcli/arborist": "^2.2.6", + "@npmcli/arborist": "^2.2.7", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^1.2.9", "@npmcli/run-script": "^1.8.3", @@ -811,9 +811,9 @@ } }, "node_modules/@npmcli/arborist": { - "version": "2.2.6", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.2.6.tgz", - "integrity": "sha512-dLWPjMeUTrlIJG+f4j3cOMZ24vJ1GQmZm7QixXeOnx3XCo7reWqzjDZfQvPE21FPUuz25EGoRw+MSHzc7OlxAA==", + "version": "2.2.7", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.2.7.tgz", + "integrity": "sha512-NulX/tVu45PIXO4DSNpVQkLrN94OjzAUxgLQ7Vsdb1macSmklJwQF0+4jBgC2riMpdWJP+IiFsxg1k9T9RoRRg==", "inBundle": true, "dependencies": { "@npmcli/installed-package-contents": "^1.0.7", @@ -10943,9 +10943,9 @@ "dev": true }, "@npmcli/arborist": { - "version": "2.2.6", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.2.6.tgz", - "integrity": "sha512-dLWPjMeUTrlIJG+f4j3cOMZ24vJ1GQmZm7QixXeOnx3XCo7reWqzjDZfQvPE21FPUuz25EGoRw+MSHzc7OlxAA==", + "version": "2.2.7", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.2.7.tgz", + "integrity": "sha512-NulX/tVu45PIXO4DSNpVQkLrN94OjzAUxgLQ7Vsdb1macSmklJwQF0+4jBgC2riMpdWJP+IiFsxg1k9T9RoRRg==", "requires": { "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^1.0.2", diff --git a/package.json b/package.json index ee66e403ca3df..024405fee6e1c 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,7 @@ "./package.json": "./package.json" }, "dependencies": { - "@npmcli/arborist": "^2.2.6", + "@npmcli/arborist": "^2.2.7", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^1.2.9", "@npmcli/run-script": "^1.8.3",