From dd83e5974bc73d6fcabc56cc28a8b1c5faea2f49 Mon Sep 17 00:00:00 2001
From: chlorine <nicksonlvqq@gmail.com>
Date: Sat, 3 Dec 2022 06:38:55 +0800
Subject: [PATCH] fix: audit should work when the project's package.json has no
 version (#5731)

close #5728
---
 .changeset/flat-pets-repair.md                |  5 ++
 lockfile/audit/src/lockfileToAuditTree.ts     |  2 +-
 .../project-without-version/package.json      |  3 +
 lockfile/audit/test/index.ts                  | 66 +++++++++++++++++++
 4 files changed, 75 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/flat-pets-repair.md
 create mode 100644 lockfile/audit/test/__fixtures__/project-without-version/package.json

diff --git a/.changeset/flat-pets-repair.md b/.changeset/flat-pets-repair.md
new file mode 100644
index 00000000000..edb188192eb
--- /dev/null
+++ b/.changeset/flat-pets-repair.md
@@ -0,0 +1,5 @@
+---
+"@pnpm/audit": patch
+---
+
+`pnpm audit` should work when the project's `package.json` has no `version` field [#5728](https://github.com/pnpm/pnpm/issues/5728)
diff --git a/lockfile/audit/src/lockfileToAuditTree.ts b/lockfile/audit/src/lockfileToAuditTree.ts
index 472860f0ff2..74e603b5a16 100644
--- a/lockfile/audit/src/lockfileToAuditTree.ts
+++ b/lockfile/audit/src/lockfileToAuditTree.ts
@@ -40,7 +40,7 @@ export async function lockfileToAuditTree (
       dependencies[depName] = {
         dependencies: importerDeps,
         requires: toRequires(importerDeps),
-        version: manifest.version,
+        version: manifest.version ?? '0.0.0',
       }
     })
   )
diff --git a/lockfile/audit/test/__fixtures__/project-without-version/package.json b/lockfile/audit/test/__fixtures__/project-without-version/package.json
new file mode 100644
index 00000000000..c8a15ebf230
--- /dev/null
+++ b/lockfile/audit/test/__fixtures__/project-without-version/package.json
@@ -0,0 +1,3 @@
+{
+  "name": "pkg"
+}
diff --git a/lockfile/audit/test/index.ts b/lockfile/audit/test/index.ts
index 7cfe2b2dd9b..5dffb0893e6 100644
--- a/lockfile/audit/test/index.ts
+++ b/lockfile/audit/test/index.ts
@@ -74,6 +74,72 @@ describe('audit', () => {
     })
   })
 
+  test('lockfileToAuditTree() without specified version should use default version 0.0.0', async () => {
+    expect(await lockfileToAuditTree({
+      importers: {
+        '.': {
+          dependencies: {
+            foo: '1.0.0',
+          },
+          specifiers: {
+            foo: '^1.0.0',
+          },
+        },
+      },
+      lockfileVersion: LOCKFILE_VERSION,
+      packages: {
+        '/bar/1.0.0': {
+          resolution: {
+            integrity: 'bar-integrity',
+          },
+        },
+        '/foo/1.0.0': {
+          dependencies: {
+            bar: '1.0.0',
+          },
+          resolution: {
+            integrity: 'foo-integrity',
+          },
+        },
+      },
+    }, { lockfileDir: f.find('project-without-version') })).toEqual({
+      name: undefined,
+      version: undefined,
+
+      dependencies: {
+        '.': {
+          dependencies: {
+            foo: {
+              dependencies: {
+                bar: {
+                  dev: false,
+                  integrity: 'bar-integrity',
+                  version: '1.0.0',
+                },
+              },
+              dev: false,
+              integrity: 'foo-integrity',
+              requires: {
+                bar: '1.0.0',
+              },
+              version: '1.0.0',
+            },
+          },
+          requires: {
+            foo: '1.0.0',
+          },
+          version: '0.0.0',
+        },
+      },
+      dev: false,
+      install: [],
+      integrity: undefined,
+      metadata: {},
+      remove: [],
+      requires: { '.': '0.0.0' },
+    })
+  })
+
   test('an error is thrown if the audit endpoint responds with a non-OK code', async () => {
     const registry = 'http://registry.registry/'
     const getAuthHeader = () => undefined