fix(outdated): should work when the tarballs are hosted on a differen…

…t domain (#5501) close #5492
pnpm · Oct 16, 2022 · 6ad990a · 6ad990a
1 parent 3c11799
commit 6ad990a
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 5 deletions.
diff --git a/.changeset/quick-mayflies-rush.md b/.changeset/quick-mayflies-rush.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/outdated": patch
+"pnpm": patch
+---
+
+`pnpm outdated` should work when the package tarballs are hosted on a domain that differs from the registry's domain [#5492](https://github.com/pnpm/pnpm/issues/5492).
diff --git a/.changeset/shiny-icons-hunt.md b/.changeset/shiny-icons-hunt.md
@@ -0,0 +1,5 @@
+---
+"@pnpm/outdated": major
+---
+
+`registries` is a required option for the outdated function.
diff --git a/packages/outdated/package.json b/packages/outdated/package.json
@@ -44,6 +44,7 @@
     "@pnpm/manifest-utils": "workspace:*",
     "@pnpm/matcher": "workspace:*",
     "@pnpm/modules-yaml": "workspace:*",
+    "@pnpm/npm-resolver": "workspace:*",
     "@pnpm/pick-registry-for-package": "workspace:*",
     "@pnpm/types": "workspace:*",
     "dependency-path": "workspace:*",

diff --git a/packages/outdated/src/outdated.ts b/packages/outdated/src/outdated.ts
@@ -6,12 +6,15 @@ import {
 } from '@pnpm/lockfile-file'
 import { nameVerFromPkgSnapshot } from '@pnpm/lockfile-utils'
 import { getAllDependenciesFromManifest } from '@pnpm/manifest-utils'
+import { parsePref } from '@pnpm/npm-resolver'
+import { pickRegistryForPackage } from '@pnpm/pick-registry-for-package'
 import {
   DependenciesField,
   DEPENDENCIES_FIELDS,
   IncludedDependencies,
   PackageManifest,
   ProjectManifest,
+  Registries,
 } from '@pnpm/types'
 import * as dp from 'dependency-path'
 import semver from 'semver'
@@ -40,6 +43,7 @@ export async function outdated (
     manifest: ProjectManifest
     match?: (dependencyName: string) => boolean
     prefix: string
+    registries: Registries
     wantedLockfile: Lockfile | null
   }
 ): Promise<OutdatedPackage[]> {
@@ -68,6 +72,7 @@ export async function outdated (
 
       await Promise.all(
         pkgs.map(async (alias) => {
+          if (!allDeps[alias]) return
           const ref = opts.wantedLockfile!.importers[importerId][depType]![alias]
 
           if (
@@ -93,10 +98,14 @@ export async function outdated (
           const current = (currentRelative && dp.parse(currentRelative).version) ?? currentRef
           const wanted = dp.parse(relativeDepPath).version ?? ref
           const { name: packageName } = nameVerFromPkgSnapshot(relativeDepPath, pkgSnapshot)
+          const name = dp.parse(relativeDepPath).name ?? packageName
 
-          // It might be not the best solution to check for pkgSnapshot.name
-          // TODO: add some other field to distinct packages not from the registry
-          if (pkgSnapshot.resolution && (pkgSnapshot.resolution['type'] || pkgSnapshot.name)) {
+          // If the npm resolve parser cannot parse the spec of the dependency,
+          // it means that the package is not from a npm-compatible registry.
+          // In that case, we can't check whether the package is up-to-date
+          if (
+            parsePref(allDeps[alias], alias, 'latest', pickRegistryForPackage(opts.registries, name)) == null
+          ) {
             if (current !== wanted) {
               outdated.push({
                 alias,
@@ -110,7 +119,6 @@ export async function outdated (
             return
           }
 
-          const name = dp.parse(relativeDepPath).name ?? packageName
           const latestManifest = await opts.getLatestManifest(
             name,
             opts.compatible ? (allDeps[name] ?? 'latest') : 'latest'

diff --git a/packages/outdated/src/outdatedDepsOfProjects.ts b/packages/outdated/src/outdatedDepsOfProjects.ts
@@ -51,6 +51,7 @@ export async function outdatedDepsOfProjects (
       manifest,
       match,
       prefix: dir,
+      registries: opts.registries,
       wantedLockfile,
     })
   }))

diff --git a/packages/outdated/test/outdated.spec.ts b/packages/outdated/test/outdated.spec.ts
@@ -39,6 +39,7 @@ test('outdated()', async () => {
             'linked-2': 'file:../linked-2',
           },
           specifiers: {
+            'from-github': 'github:blabla/from-github#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
             'is-negative': '^2.1.0',
             'is-positive': '^1.0.0',
           },
@@ -74,7 +75,10 @@ test('outdated()', async () => {
     manifest: {
       name: 'wanted-shrinkwrap',
       version: '1.0.0',
-
+      dependencies: {
+        'from-github': 'github:blabla/from-github#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
+        'from-github-2': 'github:blabla/from-github-2#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
+      },
       devDependencies: {
         'is-negative': '^2.1.0',
         'is-positive': '^3.1.0',
@@ -97,6 +101,8 @@ test('outdated()', async () => {
             'linked-2': 'file:../linked-2',
           },
           specifiers: {
+            'from-github': 'github:blabla/from-github#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
+            'from-github-2': 'github:blabla/from-github-2#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
             'is-negative': '^2.1.0',
             'is-positive': '^3.1.0',
           },
@@ -132,6 +138,9 @@ test('outdated()', async () => {
         },
       },
     },
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
   })
   expect(outdatedPkgs).toStrictEqual([
     {
@@ -211,6 +220,9 @@ test('outdated() should return deprecated package even if its current version is
     },
     prefix: 'project',
     wantedLockfile: lockfile,
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
   })
   expect(outdatedPkgs).toStrictEqual([
     {
@@ -328,6 +340,9 @@ test('using a matcher', async () => {
         },
       },
     },
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
   })
   expect(outdatedPkgs).toStrictEqual([
     {
@@ -397,6 +412,9 @@ test('outdated() aliased dependency', async () => {
         },
       },
     },
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
   })
   expect(outdatedPkgs).toStrictEqual([
     {
@@ -486,6 +504,9 @@ test('a dependency is not outdated if it is newer than the latest version', asyn
     },
     prefix: 'project',
     wantedLockfile: lockfile,
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
   })
   expect(outdatedPkgs).toStrictEqual([])
 })
@@ -503,6 +524,9 @@ test('outdated() should [] when there is no dependency', async () => {
     },
     prefix: 'project',
     wantedLockfile: null,
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
   })
   expect(outdatedPkgs).toStrictEqual([])
 })
diff --git a/packages/outdated/tsconfig.json b/packages/outdated/tsconfig.json
@@ -36,6 +36,9 @@
     {
       "path": "../modules-yaml"
     },
+    {
+      "path": "../npm-resolver"
+    },
     {
       "path": "../pick-registry-for-package"
     },

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml