@npmcli/arborist 2.7.1 → 2.8.3

package/lib/tracker.js

@@ -11,35 +11,37 @@ module.exports = cls => class Tracker extends cls {
 
   addTracker (section, subsection = null, key = null) {
     // TrackerGroup type object not found
-    if (!this.log.newGroup)
+    if (!this.log.newGroup) {
       return
+    }
 
-    if (section === null || section === undefined)
+    if (section === null || section === undefined) {
       this[_onError](`Tracker can't be null or undefined`)
+    }
 
-    if (key === null)
+    if (key === null) {
       key = subsection
+    }
 
     const hasTracker = this[_progress].has(section)
     const hasSubtracker = this[_progress].has(`${section}:${key}`)
 
-    if (hasTracker && subsection === null)
+    if (hasTracker && subsection === null) {
       // 0. existing tracker, no subsection
       this[_onError](`Tracker "${section}" already exists`)
-
-    else if (!hasTracker && subsection === null) {
+    } else if (!hasTracker && subsection === null) {
       // 1. no existing tracker, no subsection
       // Create a new tracker from this.log
       // starts progress bar
-      if (this[_progress].size === 0)
+      if (this[_progress].size === 0) {
         this.log.enableProgress()
+      }
 
       this[_progress].set(section, this.log.newGroup(section))
-    } else if (!hasTracker && subsection !== null)
+    } else if (!hasTracker && subsection !== null) {
       // 2. no parent tracker and subsection
       this[_onError](`Parent tracker "${section}" does not exist`)
-
-    else if (!hasTracker || !hasSubtracker) {
+    } else if (!hasTracker || !hasSubtracker) {
       // 3. existing parent tracker, no subsection tracker
       // Create a new subtracker in this[_progress] from parent tracker
       this[_progress].set(`${section}:${key}`,
@@ -52,14 +54,17 @@ module.exports = cls => class Tracker extends cls {
 
   finishTracker (section, subsection = null, key = null) {
     // TrackerGroup type object not found
-    if (!this.log.newGroup)
+    if (!this.log.newGroup) {
       return
+    }
 
-    if (section === null || section === undefined)
+    if (section === null || section === undefined) {
       this[_onError](`Tracker can't be null or undefined`)
+    }
 
-    if (key === null)
+    if (key === null) {
       key = subsection
+    }
 
     const hasTracker = this[_progress].has(section)
     const hasSubtracker = this[_progress].has(`${section}:${key}`)
@@ -71,8 +76,9 @@ module.exports = cls => class Tracker extends cls {
       // not have any remaining children
       const keys = this[_progress].keys()
       for (const key of keys) {
-        if (key.match(new RegExp(section + ':')))
+        if (key.match(new RegExp(section + ':'))) {
           this.finishTracker(section, key)
+        }
       }
 
       // remove parent tracker
@@ -81,13 +87,13 @@ module.exports = cls => class Tracker extends cls {
 
       // remove progress bar if all
       // trackers are finished
-      if (this[_progress].size === 0)
+      if (this[_progress].size === 0) {
         this.log.disableProgress()
-    } else if (!hasTracker && subsection === null)
+      }
+    } else if (!hasTracker && subsection === null) {
       // 1. no existing parent tracker, no subsection
       this[_onError](`Tracker "${section}" does not exist`)
-
-    else if (!hasTracker || hasSubtracker) {
+    } else if (!hasTracker || hasSubtracker) {
       // 2. subtracker exists
       // Finish subtracker and remove from this[_progress]
       this[_progress].get(`${section}:${key}`).finish()

package/lib/tree-check.js

@@ -5,8 +5,9 @@ const checkTree = (tree, checkUnreachable = true) => {
 
   // this can only happen in tests where we have a "tree" object
   // that isn't actually a tree.
-  if (!tree.root || !tree.root.inventory)
+  if (!tree.root || !tree.root.inventory) {
     return tree
+  }
 
   const { inventory } = tree.root
   const seen = new Set()
@@ -21,8 +22,9 @@ const checkTree = (tree, checkUnreachable = true) => {
       'root=' + !!(node && node.isRoot),
     ])
 
-    if (!node || seen.has(node) || node.then)
+    if (!node || seen.has(node) || node.then) {
       return
+    }
 
     seen.add(node)
 
@@ -116,14 +118,18 @@ const checkTree = (tree, checkUnreachable = true) => {
     check(fsParent, node, 'fsParent')
     check(target, node, 'target')
     log.push(['CHILDREN', node.location, ...node.children.keys()])
-    for (const kid of node.children.values())
+    for (const kid of node.children.values()) {
       check(kid, node, 'children')
-    for (const kid of node.fsChildren)
+    }
+    for (const kid of node.fsChildren) {
       check(kid, node, 'fsChildren')
-    for (const link of node.linksIn)
+    }
+    for (const link of node.linksIn) {
       check(link, node, 'linksIn')
-    for (const top of node.tops)
+    }
+    for (const top of node.tops) {
       check(top, node, 'tops')
+    }
     log.push(['DONE', node.location])
   }
   check(tree)

package/lib/version-from-tgz.js

@@ -4,8 +4,9 @@ const {basename} = require('path')
 const {parse} = require('url')
 module.exports = (name, tgz) => {
   const base = basename(tgz)
-  if (!base.endsWith('.tgz'))
+  if (!base.endsWith('.tgz')) {
     return null
+  }
 
   const u = parse(tgz)
   if (/^https?:/.test(u.protocol)) {
@@ -35,8 +36,9 @@ module.exports = (name, tgz) => {
 }
 
 const versionFromBaseScopeName = (base, scope, name) => {
-  if (!base.startsWith(name + '-'))
+  if (!base.startsWith(name + '-')) {
     return null
+  }
 
   const parsed = semver.parse(base.substring(name.length + 1, base.length - 4))
   return parsed ? {

package/lib/vuln.js

@@ -28,8 +28,9 @@ const severities = new Map([
   [null, -1],
 ])
 
-for (const [name, val] of severities.entries())
+for (const [name, val] of severities.entries()) {
   severities.set(val, name)
+}
 
 class Vuln {
   constructor ({ name, advisory }) {
@@ -43,7 +44,7 @@ class Vuln {
     this[_simpleRange] = null
     this.nodes = new Set()
     // assume a fix is available unless it hits a top node
-    // that locks it in place, setting this to false or {isSemVerMajor, version}.
+    // that locks it in place, setting this false or {isSemVerMajor, version}.
     this[_fixAvailable] = true
     this.addAdvisory(advisory)
     this.packument = advisory.packument
@@ -65,30 +66,35 @@ class Vuln {
     // - true: fix does not require -f
     for (const v of this.via) {
       // don't blow up on loops
-      if (v.fixAvailable === f)
+      if (v.fixAvailable === f) {
         continue
+      }
 
-      if (f === false)
+      if (f === false) {
         v.fixAvailable = f
-      else if (v.fixAvailable === true)
+      } else if (v.fixAvailable === true) {
         v.fixAvailable = f
-      else if (typeof f === 'object' && (
-        typeof v.fixAvailable !== 'object' || !v.fixAvailable.isSemVerMajor))
+      } else if (typeof f === 'object' && (
+        typeof v.fixAvailable !== 'object' || !v.fixAvailable.isSemVerMajor)) {
         v.fixAvailable = f
+      }
     }
   }
 
   testSpec (spec) {
     const specObj = npa(spec)
-    if (!specObj.registry)
+    if (!specObj.registry) {
       return true
+    }
 
-    if (specObj.subSpec)
+    if (specObj.subSpec) {
       spec = specObj.subSpec.rawSpec
+    }
 
     for (const v of this.versions) {
-      if (satisfies(v, spec) && !satisfies(v, this.range, semverOpt))
+      if (satisfies(v, spec) && !satisfies(v, this.range, semverOpt)) {
         return false
+      }
     }
     return true
   }
@@ -135,14 +141,16 @@ class Vuln {
     this[_range] = null
     this[_simpleRange] = null
     // refresh severity
-    for (const advisory of this.advisories)
+    for (const advisory of this.advisories) {
       this.addAdvisory(advisory)
+    }
 
     // remove any effects that are no longer relevant
     const vias = new Set([...this.advisories].map(a => a.dependency))
     for (const via of this.via) {
-      if (!vias.has(via.name))
+      if (!vias.has(via.name)) {
         this.deleteVia(via)
+      }
     }
   }
 
@@ -151,8 +159,9 @@ class Vuln {
     const sev = severities.get(advisory.severity)
     this[_range] = null
     this[_simpleRange] = null
-    if (sev > severities.get(this.severity))
+    if (sev > severities.get(this.severity)) {
       this.severity = advisory.severity
+    }
   }
 
   get range () {
@@ -161,8 +170,9 @@ class Vuln {
   }
 
   get simpleRange () {
-    if (this[_simpleRange] && this[_simpleRange] === this[_range])
+    if (this[_simpleRange] && this[_simpleRange] === this[_range]) {
       return this[_simpleRange]
+    }
 
     const versions = [...this.advisories][0].versions
     const range = this.range
@@ -171,12 +181,14 @@ class Vuln {
   }
 
   isVulnerable (node) {
-    if (this.nodes.has(node))
+    if (this.nodes.has(node)) {
       return true
+    }
 
     const { version } = node.package
-    if (!version)
+    if (!version) {
       return false
+    }
 
     for (const v of this.advisories) {
       if (v.testVersion(version)) {

package/lib/yarn-lock.js

@@ -82,13 +82,15 @@ class YarnLock {
     const linere = /([^\r\n]*)\r?\n/gm
     let match
     let lineNum = 0
-    if (!/\n$/.test(data))
+    if (!/\n$/.test(data)) {
       data += '\n'
+    }
     while (match = linere.exec(data)) {
       const line = match[1]
       lineNum++
-      if (line.charAt(0) === '#')
+      if (line.charAt(0) === '#') {
         continue
+      }
       if (line === '') {
         this.endCurrent()
         continue
@@ -117,8 +119,9 @@ class YarnLock {
         const metadata = this.splitQuoted(line.trimLeft(), ' ')
         if (metadata.length === 2) {
           // strip off the legacy shasum hashes
-          if (metadata[0] === 'resolved')
+          if (metadata[0] === 'resolved') {
             metadata[1] = metadata[1].replace(/#.*/, '')
+          }
           this.current[metadata[0]] = metadata[1]
           continue
         }
@@ -141,9 +144,9 @@ class YarnLock {
     let o = 0
     for (let i = 0; i < split.length; i++) {
       const chunk = split[i]
-      if (/^".*"$/.test(chunk))
+      if (/^".*"$/.test(chunk)) {
         out[o++] = chunk.trim().slice(1, -1)
-      else if (/^"/.test(chunk)) {
+      } else if (/^"/.test(chunk)) {
         let collect = chunk.trimLeft().slice(1)
         while (++i < split.length) {
           const n = split[i]
@@ -152,12 +155,14 @@ class YarnLock {
           if (/[^\\](\\\\)*"$/.test(n)) {
             collect += n.trimRight().slice(0, -1)
             break
-          } else
+          } else {
             collect += n
+          }
         }
         out[o++] = collect
-      } else
+      } else {
         out[o++] = chunk.trim()
+      }
     }
     return out
   }
@@ -226,17 +231,19 @@ class YarnLock {
       // no previous entry for this spec at all, so it's new
       if (!prev) {
         // if we saw a match already, then assign this spec to it as well
-        if (priorEntry)
+        if (priorEntry) {
           priorEntry.addSpec(s)
-        else
+        } else {
           newSpecs.push(s)
+        }
         continue
       }
 
       const m = match(prev, n)
       // there was a prior entry, but a different thing.  skip this one
-      if (!m)
+      if (!m) {
         continue
+      }
 
       // previous matches, but first time seeing it, so already has this spec.
       // go ahead and add all the previously unseen specs, though
@@ -259,8 +266,9 @@ class YarnLock {
     // if we never found a matching prior, then this is a whole new thing
     if (!priorEntry) {
       const entry = Object.assign(new YarnLockEntry(newSpecs), n)
-      for (const s of newSpecs)
+      for (const s of newSpecs) {
         this.entries.set(s, entry)
+      }
     } else {
       // pick up any new info that we got for this node, so that we can
       // decorate with integrity/resolved/etc.
@@ -270,12 +278,15 @@ class YarnLock {
 
   entryDataFromNode (node) {
     const n = {}
-    if (node.package.dependencies)
+    if (node.package.dependencies) {
       n.dependencies = node.package.dependencies
-    if (node.package.optionalDependencies)
+    }
+    if (node.package.optionalDependencies) {
       n.optionalDependencies = node.package.optionalDependencies
-    if (node.version)
+    }
+    if (node.version) {
       n.version = node.version
+    }
     if (node.resolved) {
       n.resolved = consistentResolve(
         node.resolved,
@@ -284,8 +295,9 @@ class YarnLock {
         true
       )
     }
-    if (node.integrity)
+    if (node.integrity) {
       n.integrity = node.integrity
+    }
 
     return n
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "2.7.1",
+  "version": "2.8.3",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@npmcli/installed-package-contents": "^1.0.7",
@@ -19,10 +19,10 @@
     "mkdirp": "^1.0.4",
     "mkdirp-infer-owner": "^2.0.0",
     "npm-install-checks": "^4.0.0",
-    "npm-package-arg": "^8.1.0",
+    "npm-package-arg": "^8.1.5",
     "npm-pick-manifest": "^6.1.0",
     "npm-registry-fetch": "^11.0.0",
-    "pacote": "^11.2.6",
+    "pacote": "^11.3.5",
     "parse-conflict-json": "^1.1.1",
     "proc-log": "^1.0.0",
     "promise-all-reject-late": "^1.0.0",
@@ -32,18 +32,13 @@
     "rimraf": "^3.0.2",
     "semver": "^7.3.5",
     "ssri": "^8.0.1",
-    "tar": "^6.1.0",
     "treeverse": "^1.0.4",
     "walk-up-path": "^1.0.0"
   },
   "devDependencies": {
+    "@npmcli/lint": "^1.0.2",
     "benchmark": "^2.1.4",
     "chalk": "^4.1.0",
-    "eslint": "^7.9.0",
-    "eslint-plugin-import": "^2.22.0",
-    "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.1",
     "minify-registry-metadata": "^2.1.0",
     "tap": "^15.0.9",
     "tcompare": "^5.0.6"
@@ -51,18 +46,19 @@
   "scripts": {
     "test": "npm run test-only --",
     "test-only": "tap",
-    "posttest": "npm run lint",
+    "posttest": "npm run lint --",
     "snap": "tap",
-    "postsnap": "npm run lint",
+    "postsnap": "npm run lintfix --",
     "test-proxy": "ARBORIST_TEST_PROXY=1 tap --snapshot",
     "preversion": "npm test",
     "postversion": "npm publish",
     "prepublishOnly": "git push origin --follow-tags",
     "eslint": "eslint",
-    "lint": "npm run eslint -- \"lib/**/*.js\" \"test/arborist/*.js\" \"test/*.js\" \"bin/**/*.js\"",
+    "lint": "npm run npmclilint -- \"lib/**/*.*js\" \"bin/**/*.*js\" \"test/*.*js\" \"test/arborist/*.*js\"",
     "lintfix": "npm run lint -- --fix",
     "benchmark": "node scripts/benchmark.js",
-    "benchclean": "rm -rf scripts/benchmark/*/"
+    "benchclean": "rm -rf scripts/benchmark/*/",
+    "npmclilint": "npmcli-lint"
   },
   "repository": {
     "type": "git",

package/lib/peer-set.js

@@ -1,25 +0,0 @@
-// when we have to dupe a set of peer dependencies deeper into the tree in
-// order to make room for a dep that would otherwise conflict, we use
-// this to get the set of all deps that have to be checked to ensure
-// nothing is locking them into the current location.
-//
-// this is different in its semantics from an "optional set" (ie, the nodes
-// that should be removed if an optional dep fails), because in this case,
-// we specifically intend to include deps in the peer set that have
-// dependants outside the set.
-const peerSet = node => {
-  const set = new Set([node])
-  for (const node of set) {
-    for (const edge of node.edgesOut.values()) {
-      if (edge.valid && edge.peer && edge.to)
-        set.add(edge.to)
-    }
-    for (const edge of node.edgesIn) {
-      if (edge.valid && edge.peer)
-        set.add(edge.from)
-    }
-  }
-  return set
-}
-
-module.exports = peerSet