@npmcli/arborist 2.6.0 → 2.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/diff.js +18 -2
- package/lib/shrinkwrap.js +6 -1
- package/package.json +1 -1
package/lib/diff.js
CHANGED
|
@@ -110,16 +110,32 @@ const getAction = ({actual, ideal}) => {
|
|
|
110
110
|
if (ideal.isRoot && actual.isRoot)
|
|
111
111
|
return null
|
|
112
112
|
|
|
113
|
+
// if the versions don't match, it's a change no matter what
|
|
114
|
+
if (ideal.version !== actual.version)
|
|
115
|
+
return 'CHANGE'
|
|
116
|
+
|
|
113
117
|
const binsExist = ideal.binPaths.every((path) => existsSync(path))
|
|
114
118
|
|
|
115
119
|
// top nodes, links, and git deps won't have integrity, but do have resolved
|
|
116
|
-
if
|
|
120
|
+
// if neither node has integrity, the bins exist, and either (a) neither
|
|
121
|
+
// node has a resolved value or (b) they both do and match, then we can
|
|
122
|
+
// leave this one alone since we already know the versions match due to
|
|
123
|
+
// the condition above. The "neither has resolved" case (a) cannot be
|
|
124
|
+
// treated as a 'mark CHANGE and refetch', because shrinkwraps, bundles,
|
|
125
|
+
// and link deps may lack this information, and we don't want to try to
|
|
126
|
+
// go to the registry for something that isn't there.
|
|
127
|
+
const noIntegrity = !ideal.integrity && !actual.integrity
|
|
128
|
+
const noResolved = !ideal.resolved && !actual.resolved
|
|
129
|
+
const resolvedMatch = ideal.resolved && ideal.resolved === actual.resolved
|
|
130
|
+
if (noIntegrity && binsExist && (resolvedMatch || noResolved))
|
|
117
131
|
return null
|
|
118
132
|
|
|
119
133
|
// otherwise, verify that it's the same bits
|
|
120
134
|
// note that if ideal has integrity, and resolved doesn't, we treat
|
|
121
135
|
// that as a 'change', so that it gets re-fetched and locked down.
|
|
122
|
-
|
|
136
|
+
const integrityMismatch = !ideal.integrity || !actual.integrity ||
|
|
137
|
+
!ssri.parse(ideal.integrity).match(actual.integrity)
|
|
138
|
+
if (integrityMismatch || !binsExist)
|
|
123
139
|
return 'CHANGE'
|
|
124
140
|
|
|
125
141
|
return null
|
package/lib/shrinkwrap.js
CHANGED
|
@@ -714,6 +714,7 @@ class Shrinkwrap {
|
|
|
714
714
|
resolved,
|
|
715
715
|
integrity,
|
|
716
716
|
hasShrinkwrap,
|
|
717
|
+
version,
|
|
717
718
|
} = this.get(node.path)
|
|
718
719
|
|
|
719
720
|
const pathFixed = !resolved ? null
|
|
@@ -727,8 +728,12 @@ class Shrinkwrap {
|
|
|
727
728
|
node.resolved === pathFixed
|
|
728
729
|
const integrityOk = !integrity || !node.integrity ||
|
|
729
730
|
node.integrity === integrity
|
|
731
|
+
const versionOk = !version || !node.version || version === node.version
|
|
730
732
|
|
|
731
|
-
|
|
733
|
+
const allOk = (resolved || integrity || version) &&
|
|
734
|
+
resolvedOk && integrityOk && versionOk
|
|
735
|
+
|
|
736
|
+
if (allOk) {
|
|
732
737
|
node.resolved = node.resolved || pathFixed || null
|
|
733
738
|
node.integrity = node.integrity || integrity || null
|
|
734
739
|
node.hasShrinkwrap = node.hasShrinkwrap || hasShrinkwrap || false
|