@bobfrankston/npmglobalize 1.0.150 → 1.0.152

package/cli.js

@@ -75,6 +75,10 @@ Other Options:
                   (noEmit projects: removes TS ignores from .npmignore)
   -asis           Skip ignore file checks (or set "asis": true in .globalize.json5)
   -rebase         Automatically rebase if local is behind remote
+  -clean-nested-modules, -clean-nested
+                  Before npm pack, wipe node_modules/ in each file: dep target.
+                  Fixes arborist "Cannot read properties of null" crashes when
+                  sibling file: deps have their own nested node_modules.
   -show           Show package.json dependency changes
   -package, -pkg  Update package.json scripts to use npmglobalize
   -h, -help       Show this help
@@ -318,6 +322,11 @@ function parseArgs(args) {
                 options.importgen = false;
                 options.explicitKeys.add('importgen');
                 break;
+            case '-clean-nested':
+            case '-clean-nested-modules':
+                options.cleanNestedModules = true;
+                options.explicitKeys.add('cleanNestedModules');
+                break;
             default:
                 if (arg.startsWith('-')) {
                     unrecognized.push(arg);

package/lib/config.js

@@ -64,7 +64,7 @@ export function writeConfig(dir, config, explicitKeys) {
     const existing = readConfig(dir);
     // Filter out temporary flags and default values (unless explicitly set)
     const filtered = {};
-    const omitKeys = new Set(['cleanup', 'init', 'dryRun', 'message', 'conform', 'asis', 'help', 'error', 'updateDeps', 'updateMajor', 'publishDeps', 'forcePublish', 'once']);
+    const omitKeys = new Set(['cleanup', 'init', 'dryRun', 'message', 'conform', 'asis', 'help', 'error', 'updateDeps', 'updateMajor', 'publishDeps', 'forcePublish', 'once', 'cleanNestedModules']);
     for (const [key, value] of Object.entries(config)) {
         if (omitKeys.has(key))
             continue;

package/lib/diagnose.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Diagnose failures of npm commands run by npmglobalize.
+ *
+ * Pulls out common error shapes — especially ones whose root cause lives in
+ * a referenced (file:) module, not the current package — and turns them into
+ * a short summary + actionable hint instead of a raw arborist stack trace.
+ *
+ * Leaf module: no dependencies on lib.ts or other internal modules. Keeps
+ * the main publish flow in lib.ts readable.
+ */
+export interface DiagnosedError {
+    /** Short one-liner suitable for the Issues Summary. */
+    summary: string;
+    /** Multi-line block to print to console.error (without color). */
+    details: string[];
+    /** If the root cause is a file: sibling, its package name. */
+    referencedModule?: string;
+    /** One concrete next step the user can take. */
+    hint?: string;
+}
+/** Diagnose an `npm pack` failure. */
+export declare function diagnoseNpmPackFailure(cwd: string, output: string, stderr: string, pkg: any): DiagnosedError;
+/** Given a nested-node_modules path like
+ *    `node_modules/@scope/sibling/node_modules/transitive`
+ *  or `../sibling/node_modules/transitive`,
+ *  find the outermost dep name and resolve it to a file: sibling declared
+ *  in pkg.dependencies / pkg['.dependencies'] / etc. */
+declare function resolveSiblingFromNestedPath(nestedPath: string, cwd: string, pkg: any): {
+    name: string;
+    filePath: string;
+} | undefined;
+/** Scan pkg deps for a file: entry whose resolved absolute path equals absTarget. */
+declare function findFileDepByPath(pkg: any, cwd: string, absTarget: string): {
+    name: string;
+    filePath: string;
+} | undefined;
+/** Exposed for ad-hoc testing — not used by the main flow. */
+export declare const _test: {
+    resolveSiblingFromNestedPath: typeof resolveSiblingFromNestedPath;
+    findFileDepByPath: typeof findFileDepByPath;
+};
+export {};
+//# sourceMappingURL=diagnose.d.ts.map

package/lib/diagnose.js

@@ -0,0 +1,141 @@
+/**
+ * Diagnose failures of npm commands run by npmglobalize.
+ *
+ * Pulls out common error shapes — especially ones whose root cause lives in
+ * a referenced (file:) module, not the current package — and turns them into
+ * a short summary + actionable hint instead of a raw arborist stack trace.
+ *
+ * Leaf module: no dependencies on lib.ts or other internal modules. Keeps
+ * the main publish flow in lib.ts readable.
+ */
+import path from 'path';
+/** Diagnose an `npm pack` failure. */
+export function diagnoseNpmPackFailure(cwd, output, stderr, pkg) {
+    const blob = `${output}\n${stderr}`;
+    const lower = blob.toLowerCase();
+    // Pattern 1: arborist "missing from lockfile: <path>" + null-`package` TypeError.
+    // Root cause: a file: sibling has its own populated node_modules/<transitive>
+    // that is not in the current package's lockfile. See notes.md §TODO:
+    // "Isolate npm pack from sibling file: dep junctions".
+    const missingMatch = blob.match(/missing from lockfile:\s*(\S+)/i);
+    const hasNullPackage = /cannot read propert(y|ies) of null \(reading 'package'\)/i.test(blob);
+    if (missingMatch && (hasNullPackage || /shrinkwrap failed to load/i.test(blob))) {
+        const nestedPath = missingMatch[1];
+        const sibling = resolveSiblingFromNestedPath(nestedPath, cwd, pkg);
+        const details = [
+            `npm arborist crashed walking a nested node_modules tree.`,
+            `Missing from lockfile: ${nestedPath}`,
+        ];
+        if (sibling) {
+            return {
+                summary: `npm pack failed — arborist crashed on sibling's node_modules`,
+                details,
+                referencedModule: sibling.name,
+                hint: `sibling ${sibling.name} has its own populated node_modules; see notes.md §TODO: Isolate npm pack from sibling file: dep junctions`,
+            };
+        }
+        return {
+            summary: `npm pack failed — arborist crashed on a nested node_modules`,
+            details,
+            hint: `likely a file: dep whose target has its own node_modules; see notes.md §TODO: Isolate npm pack from sibling file: dep junctions`,
+        };
+    }
+    // Pattern 2: arborist null-`package` without an obvious path — same class,
+    // no identifiable referenced module.
+    if (hasNullPackage) {
+        return {
+            summary: `npm pack failed — arborist internal error`,
+            details: [extractArboristFrame(blob) || 'Cannot read properties of null (reading \'package\')'],
+            hint: `likely a symlinked file: dep with its own node_modules; try renaming node_modules/ and running \`npm pack --dry-run\``,
+        };
+    }
+    // Pattern 3: shrinkwrap / lockfile parsing without the arborist crash.
+    if (/enolock|shrinkwrap failed to load|eresolve/i.test(lower)) {
+        return {
+            summary: `npm pack failed — lockfile problem`,
+            details: [extractFirstNpmError(blob) || blob.trim().slice(0, 400)],
+            hint: `run \`npm install\` in ${cwd}, then retry`,
+        };
+    }
+    // Pattern 4: file-locking on the tarball (AV, editor, explorer preview).
+    if (/\be(acces|busy|perm)\b/i.test(blob) && /\.tgz\b/i.test(blob)) {
+        return {
+            summary: `npm pack failed — tarball file locked`,
+            details: [extractFirstNpmError(blob) || blob.trim().slice(0, 400)],
+            hint: `close editors / antivirus holding the .tgz, then retry`,
+        };
+    }
+    // Fallthrough: raw output.
+    return {
+        summary: `npm pack failed`,
+        details: [
+            output.trim() ? `Output: ${output.trim()}` : '',
+            stderr.trim() ? `Error: ${stderr.trim()}` : '',
+        ].filter(Boolean),
+    };
+}
+/** Given a nested-node_modules path like
+ *    `node_modules/@scope/sibling/node_modules/transitive`
+ *  or `../sibling/node_modules/transitive`,
+ *  find the outermost dep name and resolve it to a file: sibling declared
+ *  in pkg.dependencies / pkg['.dependencies'] / etc. */
+function resolveSiblingFromNestedPath(nestedPath, cwd, pkg) {
+    const normalized = nestedPath.replace(/\\/g, '/');
+    // Prefer the sibling-relative shape first: `../iflow-direct/node_modules/undici-types`.
+    // The *outermost* thing is the sibling dir, not the nested transitive.
+    const siblingMatch = normalized.match(/^(?:\.\.\/)+((?:@[^/]+\/)?[^/]+)\/node_modules\//);
+    if (siblingMatch) {
+        const absSibling = path.resolve(cwd, normalized.split('/node_modules/')[0]);
+        const resolved = findFileDepByPath(pkg, cwd, absSibling);
+        if (resolved)
+            return resolved;
+        return { name: siblingMatch[1], filePath: absSibling };
+    }
+    // Otherwise use the first `node_modules/<name>` segment.
+    const nmMatch = normalized.match(/(?:^|\/)node_modules\/((?:@[^/]+\/)?[^/]+)/);
+    const candidateName = nmMatch?.[1];
+    if (!candidateName)
+        return undefined;
+    // Try to confirm it's a file: dep by checking pkg.dependencies and .dependencies.
+    const allDeps = {};
+    for (const key of ['dependencies', '.dependencies', 'devDependencies', '.devDependencies']) {
+        if (pkg && pkg[key] && typeof pkg[key] === 'object')
+            Object.assign(allDeps, pkg[key]);
+    }
+    const spec = allDeps[candidateName];
+    if (spec && spec.startsWith('file:')) {
+        return { name: candidateName, filePath: path.resolve(cwd, spec.slice('file:'.length)) };
+    }
+    // Even if not explicitly file:, still useful to name it.
+    return { name: candidateName, filePath: path.resolve(cwd, 'node_modules', candidateName) };
+}
+/** Scan pkg deps for a file: entry whose resolved absolute path equals absTarget. */
+function findFileDepByPath(pkg, cwd, absTarget) {
+    const target = path.resolve(absTarget).toLowerCase();
+    for (const key of ['dependencies', '.dependencies', 'devDependencies', '.devDependencies']) {
+        const deps = pkg && pkg[key];
+        if (!deps || typeof deps !== 'object')
+            continue;
+        for (const [name, spec] of Object.entries(deps)) {
+            if (typeof spec !== 'string' || !spec.startsWith('file:'))
+                continue;
+            const abs = path.resolve(cwd, spec.slice('file:'.length)).toLowerCase();
+            if (abs === target)
+                return { name, filePath: abs };
+        }
+    }
+    return undefined;
+}
+/** Pull out the first arborist stack frame for display. */
+function extractArboristFrame(blob) {
+    const m = blob.match(/at [^\n]*arborist[^\n]*/i);
+    return m ? m[0].trim() : undefined;
+}
+/** Pull out the first `npm error <message>` line. */
+function extractFirstNpmError(blob) {
+    const m = blob.match(/npm error [^\n]+/i);
+    return m ? m[0].trim() : undefined;
+}
+/** Exposed for ad-hoc testing — not used by the main flow. */
+export const _test = { resolveSiblingFromNestedPath, findFileDepByPath };
+//# sourceMappingURL=diagnose.js.map

package/lib/types.d.ts

@@ -82,6 +82,9 @@ export interface GlobalizeOptions {
     local?: boolean;
     /** Freeze node_modules: replace symlinks/junctions with real copies for network share use */
     freeze?: boolean;
+    /** Before `npm pack`, delete `node_modules/` inside each `file:` dep target.
+     *  Works around arborist crashes when siblings have nested node_modules. */
+    cleanNestedModules?: boolean;
     /** Internal: signals this call is from workspace orchestrator */
     _fromWorkspace?: boolean;
     /** Internal: signals this call is from CLI (version already printed) */

package/lib.d.ts

@@ -95,6 +95,9 @@ export interface GlobalizeOptions {
     local?: boolean;
     /** Freeze node_modules: replace symlinks/junctions with real copies for network share use */
     freeze?: boolean;
+    /** Before `npm pack`, delete `node_modules/` inside each `file:` dep target.
+     *  Works around arborist crashes when siblings have nested node_modules. */
+    cleanNestedModules?: boolean;
     /** Internal: auto-initialize git repos without prompting (user chose "all") */
     autoInit?: boolean;
     /** Internal: signals this call is from workspace orchestrator */

package/lib.js

@@ -31,6 +31,7 @@ import libversion from 'libnpmversion';
 import JSON5 from 'json5';
 import { fileURLToPath } from 'url';
 import { themeColors } from '@bobfrankston/themecolors';
+import { diagnoseNpmPackFailure } from './lib/diagnose.js';
 /** Semantic color functions — adapts to terminal light/dark theme */
 const colors = themeColors();
 const _buildIssues = [];
@@ -235,7 +236,7 @@ export function writeConfig(dir, config, explicitKeys) {
     const existing = readConfig(dir);
     // Filter out temporary flags and default values (unless explicitly set)
     const filtered = {};
-    const omitKeys = new Set(['cleanup', 'init', 'dryRun', 'message', 'conform', 'asis', 'help', 'error', 'updateDeps', 'updateMajor', 'publishDeps', 'forcePublish', 'once']);
+    const omitKeys = new Set(['cleanup', 'init', 'dryRun', 'message', 'conform', 'asis', 'help', 'error', 'updateDeps', 'updateMajor', 'publishDeps', 'forcePublish', 'once', 'cleanNestedModules']);
     for (const [key, value] of Object.entries(config)) {
         if (omitKeys.has(key))
             continue;
@@ -1261,6 +1262,39 @@ function waitForNpmVersion(pkgName, version, maxWaitMs = 90000) {
     process.stdout.write(' timed out\n');
     return false;
 }
+/** Delete `node_modules/` inside each `file:` dep target.
+ *  Works around arborist crashes during `npm pack` when sibling `file:` deps
+ *  have their own populated `node_modules/`. Returns the names of cleaned deps. */
+function cleanNestedDepModules(pkg, cwd, verbose) {
+    const cleaned = [];
+    const seen = new Set();
+    for (const key of ['.dependencies', '.devDependencies', 'dependencies', 'devDependencies']) {
+        const deps = pkg?.[key];
+        if (!deps || typeof deps !== 'object')
+            continue;
+        for (const [name, spec] of Object.entries(deps)) {
+            if (seen.has(name))
+                continue;
+            if (typeof spec !== 'string' || !spec.startsWith('file:'))
+                continue;
+            const target = path.resolve(cwd, spec.slice('file:'.length));
+            const nm = path.join(target, 'node_modules');
+            if (!fs.existsSync(nm))
+                continue;
+            seen.add(name);
+            try {
+                fs.rmSync(nm, { recursive: true, force: true });
+                cleaned.push(name);
+                if (verbose)
+                    console.log(colors.dim(`  cleaned ${nm}`));
+            }
+            catch (e) {
+                console.error(colors.yellow(`  warning: could not clean ${nm}: ${e.message}`));
+            }
+        }
+    }
+    return cleaned;
+}
 /** Run npm install -g with retries for registry propagation delay */
 function installGlobalWithRetry(pkgSpec, cwd, maxRetries = 3) {
     let result = runCommand('npm', ['install', '-g', pkgSpec], { cwd, silent: false, showCommand: true });
@@ -2976,7 +3010,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         console.log(colors.yellow('Local branch is behind remote.'));
         if (rebase) {
             console.log('Rebasing local changes (--rebase)...');
-            const rebaseResult = runCommand('git', ['pull', '--rebase'], { cwd, silent: false });
+            const rebaseResult = runCommand('git', ['pull', '--rebase', 'origin', currentGitStatus.currentBranch], { cwd, silent: false });
             if (!rebaseResult.success) {
                 console.error(colors.red('ERROR: Rebase failed.'));
                 console.error('You may need to resolve conflicts manually.');
@@ -3872,7 +3906,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
     }
     // Pull latest from remote before version bump to avoid push rejection
     if (currentGitStatus.hasRemote && !dryRun) {
-        const pullResult = runCommand('git', ['pull', '--rebase'], { cwd, silent: true });
+        const pullResult = runCommand('git', ['pull', '--rebase', 'origin', currentGitStatus.currentBranch], { cwd, silent: true });
         if (!pullResult.success) {
             console.error(colors.yellow('Warning: git pull --rebase failed before version bump'));
             if (verbose) {
@@ -3973,7 +4007,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                 // Version bump + tag succeeded locally; only the push failed.
                 // Auto-pull --rebase and retry the push.
                 console.log(colors.yellow('\nLocal branch is behind remote — pulling with rebase...'));
-                const pullResult = runCommand('git', ['pull', '--rebase'], { cwd });
+                const pullResult = runCommand('git', ['pull', '--rebase', 'origin', currentGitStatus.currentBranch], { cwd });
                 if (pullResult.success) {
                     console.log(colors.green('  ✓ Rebased onto remote'));
                     const pushResult = runCommand('git', ['push'], { cwd });
@@ -4236,13 +4270,31 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         if (verbose) {
             console.log(colors.green(`✓ Authenticated as ${authStatus.username}`));
         }
+        // Optionally clean nested node_modules in file: dep targets before pack
+        if (options.cleanNestedModules) {
+            const cleaned = cleanNestedDepModules(pkg, cwd, verbose);
+            if (cleaned.length > 0) {
+                console.log(colors.yellow(`  Cleaned node_modules in ${cleaned.length} file: dep target(s): ${cleaned.join(', ')}`));
+            }
+            else if (verbose) {
+                console.log(colors.dim('  --clean-nested-modules: nothing to clean'));
+            }
+        }
         // Create tarball first
         const packResult = runCommand('npm', ['pack'], { cwd, silent: true });
         if (!packResult.success) {
-            console.error(colors.red('ERROR: Failed to create package tarball'));
-            console.error(colors.yellow('Output:'), packResult.output);
-            console.error(colors.yellow('Error:'), packResult.stderr);
-            recordBuildIssue(pkg.name || path.basename(cwd), 'error', 'npm pack failed');
+            const d = diagnoseNpmPackFailure(cwd, packResult.output, packResult.stderr, pkg);
+            console.error(colors.red(`ERROR: ${d.summary}`));
+            for (const line of d.details)
+                console.error(colors.yellow('  ' + line));
+            if (d.referencedModule)
+                console.error(colors.yellow(`  Caused by referenced module: ${d.referencedModule}`));
+            if (d.hint)
+                console.error(colors.yellow(`  Hint: ${d.hint}`));
+            if (d.summary.includes('arborist') && !options.cleanNestedModules) {
+                console.error(colors.yellow(`  Retry with --clean-nested-modules to wipe node_modules/ inside each file: dep target`));
+            }
+            recordBuildIssue(pkg.name || path.basename(cwd), 'error', d.referencedModule ? `${d.summary} (via ${d.referencedModule})` : d.summary);
             return false;
         }
         // Get the tarball filename from npm pack output

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/npmglobalize",
-  "version": "1.0.150",
+  "version": "1.0.152",
   "description": "Transform file: dependencies to npm versions for publishing",
   "main": "index.js",
   "type": "module",
@@ -32,7 +32,7 @@
   },
   "dependencies": {
     "@bobfrankston/freezepak": "^0.1.7",
-    "@bobfrankston/importgen": "^0.1.33",
+    "@bobfrankston/importgen": "^0.1.34",
     "@bobfrankston/themecolors": "^0.1.5",
     "@bobfrankston/userconfig": "^1.0.7",
     "@npmcli/package-json": "^7.0.4",
@@ -60,7 +60,7 @@
   ".transformedSnapshot": {
     "dependencies": {
       "@bobfrankston/freezepak": "^0.1.7",
-      "@bobfrankston/importgen": "^0.1.33",
+      "@bobfrankston/importgen": "^0.1.34",
       "@bobfrankston/themecolors": "^0.1.5",
       "@bobfrankston/userconfig": "^1.0.7",
       "@npmcli/package-json": "^7.0.4",