Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(arborist): handle link nodes in old lockfiles correctly #4614

Merged
merged 1 commit into from
Mar 28, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions workspaces/arborist/lib/arborist/build-ideal-tree.js
Original file line number Diff line number Diff line change
Expand Up @@ -743,15 +743,20 @@ This is a one-time fix-up, please be patient...
continue
}

// if the node's location isn't within node_modules then this is actually
// a link target, so skip it. the link node itself will be queued later.
if (!node.location.startsWith('node_modules')) {
continue
}

queue.push(async () => {
log.silly('inflate', node.location)
const { resolved, version, path, name, location, integrity } = node
// don't try to hit the registry for linked deps
const useResolved = resolved && (
!version || resolved.startsWith('file:')
)
const id = useResolved ? resolved
: version || `file:${node.path}`
const id = useResolved ? resolved : version
const spec = npa.resolve(name, id, dirname(path))
const t = `idealTree:inflate:${location}`
this.addTracker(t)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36919,6 +36919,53 @@ ArboristNode {
}
`

exports[`test/arborist/build-ideal-tree.js TAP inflating a link node in an old lockfile skips registry > must match snapshot 1`] = `
ArboristNode {
"children": Map {
"link-dep" => ArboristLink {
"edgesIn": Set {
EdgeIn {
"from": "",
"name": "link-dep",
"spec": "file:./link-dep",
"type": "prod",
},
},
"location": "node_modules/link-dep",
"name": "link-dep",
"path": "{CWD}/test/fixtures/old-lock-with-link/node_modules/link-dep",
"realpath": "{CWD}/test/fixtures/old-lock-with-link/link-dep",
"resolved": "file:../link-dep",
"target": ArboristNode {
"location": "link-dep",
},
"version": "1.0.0",
},
},
"edgesOut": Map {
"link-dep" => EdgeOut {
"name": "link-dep",
"spec": "file:./link-dep",
"to": "node_modules/link-dep",
"type": "prod",
},
},
"fsChildren": Set {
ArboristNode {
"location": "link-dep",
"name": "link-dep",
"path": "{CWD}/test/fixtures/old-lock-with-link/link-dep",
"version": "1.0.0",
},
},
"isProjectRoot": true,
"location": "",
"name": "old-lock-with-link",
"path": "{CWD}/test/fixtures/old-lock-with-link",
"version": "1.0.0",
}
`

exports[`test/arborist/build-ideal-tree.js TAP link dep with a link dep > link metadeps with lockfile 1`] = `
ArboristNode {
"children": Map {
Expand Down
20 changes: 20 additions & 0 deletions workspaces/arborist/test/arborist/build-ideal-tree.js
Original file line number Diff line number Diff line change
Expand Up @@ -1163,6 +1163,26 @@ This is a one-time fix-up, please be patient...
])
})

t.test('inflating a link node in an old lockfile skips registry', async t => {
const checkLogs = warningTracker()
const path = resolve(fixtures, 'old-lock-with-link')
const arb = new Arborist({ path, ...OPT, registry: 'http://invalid.host' })
const tree = await arb.buildIdealTree()
t.matchSnapshot(printTree(tree))
t.strictSame(checkLogs(), [
[
'warn',
'old lockfile',
`
The package-lock.json file was created with an old version of npm,
so supplemental metadata must be fetched from the registry.

This is a one-time fix-up, please be patient...
`,
],
])
})

t.test('warn for ancient lockfile, even if we use v1', async t => {
const checkLogs = warningTracker()
const path = resolve(fixtures, 'sax')
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "link-dep",
"version": "1.0.0"
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"name": "old-lock-with-link",
"version": "1.0.0",
"dependencies": {
"link-dep": "file:./link-dep"
}
}