@npmcli/arborist 3.0.0 → 4.0.3

package/bin/shrinkwrap.js

@@ -5,7 +5,7 @@ require('./lib/timers.js')
 
 const { quiet } = options
 Shrinkwrap.load(options)
-  .then(s => quiet || console.log(JSON.stringify(s.data, 0, 2)))
+  .then(s => quiet || console.log(JSON.stringify(s.commit(), 0, 2)))
   .catch(er => {
     console.error('shrinkwrap load failure', er)
     process.exit(1)

package/lib/arborist/build-ideal-tree.js

@@ -26,6 +26,7 @@ const debug = require('../debug.js')
 const fromPath = require('../from-path.js')
 const calcDepFlags = require('../calc-dep-flags.js')
 const Shrinkwrap = require('../shrinkwrap.js')
+const { defaultLockfileVersion } = Shrinkwrap
 const Node = require('../node.js')
 const Link = require('../link.js')
 const addRmPkgDeps = require('../add-rm-pkg-deps.js')
@@ -307,8 +308,10 @@ module.exports = cls => class IdealTreeBuilder extends cls {
       // reconstructing it anyway.
       .then(root => this[_global] ? root
       : !this[_usePackageLock] || this[_updateAll]
-        ? Shrinkwrap.reset({ path: this.path })
-          .then(meta => Object.assign(root, {meta}))
+        ? Shrinkwrap.reset({
+          path: this.path,
+          lockfileVersion: this.options.lockfileVersion,
+        }).then(meta => Object.assign(root, {meta}))
         : this.loadVirtual({ root }))
 
       // if we don't have a lockfile to go from, then start with the
@@ -326,6 +329,9 @@ module.exports = cls => class IdealTreeBuilder extends cls {
           // dep flags before assuming that any mutations were reflected.
           if (tree.children.size) {
             root.meta.loadedFromDisk = true
+            // set these so that we don't try to ancient lockfile reload it
+            root.meta.originalLockfileVersion = defaultLockfileVersion
+            root.meta.lockfileVersion = defaultLockfileVersion
           }
         }
         return root
@@ -345,7 +351,10 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     // this is a gross kludge to handle the fact that we don't save
     // metadata on the root node in global installs, because the "root"
     // node is something like /usr/local/lib.
-    const meta = new Shrinkwrap({ path: this.path })
+    const meta = new Shrinkwrap({
+      path: this.path,
+      lockfileVersion: this.options.lockfileVersion,
+    })
     meta.reset()
     root.meta = meta
     return root
@@ -696,14 +705,18 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     // least it's just a one-time hit.
     process.emit('time', 'idealTree:inflate')
 
+    // don't warn if we're not gonna actually write it back anyway.
     const heading = ancient ? 'ancient lockfile' : 'old lockfile'
-    this.log.warn(heading,
-      `
+    if (ancient || !this.options.lockfileVersion ||
+        this.options.lockfileVersion >= defaultLockfileVersion) {
+      this.log.warn(heading,
+        `
 The ${meta.type} file was created with an old version of npm,
 so supplemental metadata must be fetched from the registry.
 
 This is a one-time fix-up, please be patient...
 `)
+    }
 
     this.addTracker('idealTree:inflate')
     const queue = []
@@ -748,7 +761,7 @@ This is a one-time fix-up, please be patient...
     // yes, yes, this isn't the "original" version, but now that it's been
     // upgraded, we need to make sure we don't do the work to upgrade it
     // again, since it's now as new as can be.
-    meta.originalLockfileVersion = 2
+    meta.originalLockfileVersion = defaultLockfileVersion
     this.finishTracker('idealTree:inflate')
     process.emit('timeEnd', 'idealTree:inflate')
   }
@@ -880,7 +893,7 @@ This is a one-time fix-up, please be patient...
     const tasks = []
     const peerSource = this[_peerSetSource].get(node) || node
     for (const edge of this[_problemEdges](node)) {
-      if (edge.overridden) {
+      if (edge.peerConflicted) {
         continue
       }
 
@@ -967,8 +980,8 @@ This is a one-time fix-up, please be patient...
               if (edgeIn === edge) {
                 continue
               }
-              const { from, valid, overridden } = edgeIn
-              if (!overridden && !valid && !this[_depsSeen].has(from)) {
+              const { from, valid, peerConflicted } = edgeIn
+              if (!peerConflicted && !valid && !this[_depsSeen].has(from)) {
                 this.addTracker('idealTree', from.name, from.location)
                 this[_depsQueue].push(edgeIn.from)
               }
@@ -984,8 +997,8 @@ This is a one-time fix-up, please be patient...
                   continue
                 }
 
-                const { valid, overridden } = edgeIn
-                if (!valid && !overridden) {
+                const { valid, peerConflicted } = edgeIn
+                if (!valid && !peerConflicted) {
                   // if it's already been visited, we have to re-visit
                   // otherwise, just enqueue normally.
                   this[_depsSeen].delete(edgeIn.from)
@@ -1301,7 +1314,7 @@ This is a one-time fix-up, please be patient...
           // that will be installed by default anyway, and we'll fail when
           // we get to the point where we need to, if we need to.
           if (conflictOK || !required.has(dep)) {
-            edge.overridden = true
+            edge.peerConflicted = true
             continue
           }
 

package/lib/arborist/index.js

@@ -44,9 +44,25 @@ const mixins = [
   require('./reify.js'),
 ]
 
+const _workspacesEnabled = Symbol.for('workspacesEnabled')
 const Base = mixins.reduce((a, b) => b(a), require('events'))
 const getWorkspaceNodes = require('../get-workspace-nodes.js')
 
+// if it's 1, 2, or 3, set it explicitly that.
+// if undefined or null, set it null
+// otherwise, throw.
+const lockfileVersion = lfv => {
+  if (lfv === 1 || lfv === 2 || lfv === 3) {
+    return lfv
+  }
+
+  if (lfv === undefined || lfv === null) {
+    return null
+  }
+
+  throw new TypeError('Invalid lockfileVersion config: ' + lfv)
+}
+
 class Arborist extends Base {
   constructor (options = {}) {
     process.emit('time', 'arborist:ctor')
@@ -59,7 +75,11 @@ class Arborist extends Base {
       packumentCache: options.packumentCache || new Map(),
       log: options.log || procLog,
       workspacesEnabled: options.workspacesEnabled !== false,
+      lockfileVersion: lockfileVersion(options.lockfileVersion),
     }
+
+    this[_workspacesEnabled] = this.options.workspacesEnabled
+
     if (options.saveType && !saveTypeMap.get(options.saveType)) {
       throw new Error(`Invalid saveType ${options.saveType}`)
     }

package/lib/arborist/load-actual.js

@@ -137,11 +137,9 @@ module.exports = cls => class ActualLoader extends cls {
       real: await realpath(this.path, this[_rpcache], this[_stcache]),
     })
 
-    // XXX only rely on this if the hidden lockfile is the newest thing?
-    // need some kind of heuristic, like if the package.json or sw have
-    // been touched more recently, then ignore it?  This is a hazard if
-    // user switches back and forth between Arborist and another way of
-    // mutating the node_modules folder.
+    // Note: hidden lockfile will be rejected if it's not the latest thing
+    // in the folder, or if any of the entries in the hidden lockfile are
+    // missing.
     const meta = await Shrinkwrap.load({
       path: this[_actualTree].path,
       hiddenLockfile: true,
@@ -152,6 +150,7 @@ module.exports = cls => class ActualLoader extends cls {
     } else {
       const meta = await Shrinkwrap.load({
         path: this[_actualTree].path,
+        lockfileVersion: this.options.lockfileVersion,
       })
       this[_actualTree].meta = meta
       return this[_loadActualActually]({ root, ignoreMissing })

package/lib/arborist/load-virtual.js

@@ -54,7 +54,10 @@ module.exports = cls => class VirtualLoader extends cls {
       return treeCheck(this.virtualTree)
     }
 
-    const s = await Shrinkwrap.load({ path: this.path })
+    const s = await Shrinkwrap.load({
+      path: this.path,
+      lockfileVersion: this.options.lockfileVersion,
+    })
     if (!s.loadedFromDisk && !options.root) {
       const er = new Error('loadVirtual requires existing shrinkwrap file')
       throw Object.assign(er, { code: 'ENOLOCK' })

package/lib/arborist/pruner.js

@@ -1,4 +1,6 @@
 const _idealTreePrune = Symbol.for('idealTreePrune')
+const _workspacesEnabled = Symbol.for('workspacesEnabled')
+const _addNodeToTrashList = Symbol.for('addNodeToTrashList')
 
 module.exports = cls => class Pruner extends cls {
   async prune (options = {}) {
@@ -10,6 +12,19 @@ module.exports = cls => class Pruner extends cls {
 
     this[_idealTreePrune]()
 
+    if (!this[_workspacesEnabled]) {
+      const excludeNodes = this.excludeWorkspacesDependencySet(this.idealTree)
+      for (const node of this.idealTree.inventory.values()) {
+        if (
+          node.parent !== null
+          && !node.isProjectRoot
+          && !excludeNodes.has(node)
+        ) {
+          this[_addNodeToTrashList](node)
+        }
+      }
+    }
+
     return this.reify(options)
   }
 }

package/lib/arborist/rebuild.js

@@ -35,6 +35,7 @@ const _checkBins = Symbol.for('checkBins')
 const _queues = Symbol('queues')
 const _scriptShell = Symbol('scriptShell')
 const _includeWorkspaceRoot = Symbol.for('includeWorkspaceRoot')
+const _workspacesEnabled = Symbol.for('workspacesEnabled')
 
 const _force = Symbol.for('force')
 
@@ -77,8 +78,14 @@ module.exports = cls => class Builder extends cls {
     // the actual tree on disk.
     if (!nodes) {
       const tree = await this.loadActual()
-      if (this[_workspaces] && this[_workspaces].length) {
-        const filterSet = this.workspaceDependencySet(
+      let filterSet
+      if (!this[_workspacesEnabled]) {
+        filterSet = this.excludeWorkspacesDependencySet(tree)
+        nodes = tree.inventory.filter(node =>
+          filterSet.has(node) || node.isProjectRoot
+        )
+      } else if (this[_workspaces] && this[_workspaces].length) {
+        filterSet = this.workspaceDependencySet(
           tree,
           this[_workspaces],
           this[_includeWorkspaceRoot]

package/lib/arborist/reify.js

@@ -40,8 +40,9 @@ const _savePrefix = Symbol('savePrefix')
 const _retireShallowNodes = Symbol.for('retireShallowNodes')
 const _getBundlesByDepth = Symbol('getBundlesByDepth')
 const _registryResolved = Symbol('registryResolved')
-const _addNodeToTrashList = Symbol('addNodeToTrashList')
+const _addNodeToTrashList = Symbol.for('addNodeToTrashList')
 const _workspaces = Symbol.for('workspaces')
+const _workspacesEnabled = Symbol.for('workspacesEnabled')
 
 // shared by rebuild mixin
 const _trashList = Symbol.for('trashList')
@@ -314,6 +315,10 @@ module.exports = cls => class Reifier extends cls {
     // to just invalidate the parts that changed, but avoid walking the
     // whole tree again.
 
+    const includeWorkspaces = this[_workspacesEnabled]
+    const includeRootDeps = !this[_workspacesEnabled]
+      || this[_includeWorkspaceRoot] && this[_workspaces].length > 0
+
     const filterNodes = []
     if (this[_global] && this.explicitRequests.size) {
       const idealTree = this.idealTree.target
@@ -331,17 +336,21 @@ module.exports = cls => class Reifier extends cls {
         }
       }
     } else {
-      for (const ws of this[_workspaces]) {
-        const ideal = this.idealTree.children.get(ws)
-        if (ideal) {
-          filterNodes.push(ideal)
-        }
-        const actual = this.actualTree.children.get(ws)
-        if (actual) {
-          filterNodes.push(actual)
+      if (includeWorkspaces) {
+        // add all ws nodes to filterNodes
+        for (const ws of this[_workspaces]) {
+          const ideal = this.idealTree.children.get(ws)
+          if (ideal) {
+            filterNodes.push(ideal)
+          }
+          const actual = this.actualTree.children.get(ws)
+          if (actual) {
+            filterNodes.push(actual)
+          }
         }
       }
-      if (this[_includeWorkspaceRoot] && (this[_workspaces].length > 0)) {
+      if (includeRootDeps) {
+        // add all non-workspace nodes to filterNodes
         for (const tree of [this.idealTree, this.actualTree]) {
           for (const {type, to} of tree.edgesOut.values()) {
             if (type !== 'workspace' && to) {
@@ -451,10 +460,12 @@ module.exports = cls => class Reifier extends cls {
 
     const filter = node =>
       node.top.isProjectRoot &&
-        (node.peer && this[_omitPeer] ||
+        (
+          node.peer && this[_omitPeer] ||
           node.dev && this[_omitDev] ||
           node.optional && this[_omitOptional] ||
-          node.devOptional && this[_omitOptional] && this[_omitDev])
+          node.devOptional && this[_omitOptional] && this[_omitDev]
+        )
 
     for (const node of this.idealTree.inventory.filter(filter)) {
       this[_addNodeToTrashList](node)

package/lib/can-place-dep.js

@@ -145,7 +145,12 @@ class CanPlaceDep {
       return CONFLICT
     }
 
-    if (targetEdge && !dep.satisfies(targetEdge) && targetEdge !== this.edge) {
+    // skip this test if there's a current node, because we might be able
+    // to dedupe against it anyway
+    if (!current &&
+        targetEdge &&
+        !dep.satisfies(targetEdge) &&
+        targetEdge !== this.edge) {
       return CONFLICT
     }
 
@@ -167,10 +172,10 @@ class CanPlaceDep {
     const { version: newVer } = dep
     const tryReplace = curVer && newVer && semver.gte(newVer, curVer)
     if (tryReplace && dep.canReplace(current)) {
-      /* XXX-istanbul ignore else - It's extremely rare that a replaceable
-       * node would be a conflict, if the current one wasn't a conflict,
-       * but it is theoretically possible if peer deps are pinned.  In
-       * that case we treat it like any other conflict, and keep trying */
+      // It's extremely rare that a replaceable node would be a conflict, if
+      // the current one wasn't a conflict, but it is theoretically possible
+      // if peer deps are pinned.  In that case we treat it like any other
+      // conflict, and keep trying.
       const cpp = this.canPlacePeers(REPLACE)
       if (cpp !== CONFLICT) {
         return cpp

package/lib/edge.js

@@ -37,7 +37,7 @@ const printableEdge = (edge) => {
     ...(edgeFrom != null ? { from: edgeFrom } : {}),
     ...(edgeTo ? { to: edgeTo } : {}),
     ...(edge.error ? { error: edge.error } : {}),
-    ...(edge.overridden ? { overridden: true } : {}),
+    ...(edge.peerConflicted ? { peerConflicted: true } : {}),
   })
 }
 
@@ -78,7 +78,7 @@ class Edge {
     }
     this[_setFrom](from)
     this[_error] = this[_loadError]()
-    this.overridden = false
+    this.peerConflicted = false
   }
 
   satisfiedBy (node) {

package/lib/peer-entry-sets.js

@@ -29,7 +29,7 @@ const peerEntrySets = node => {
   for (const peer of unionSet) {
     for (const edge of peer.edgesIn) {
       // if not valid, it doesn't matter anyway.  either it's been previously
-      // overridden, or it's the thing we're interested in replacing.
+      // peerConflicted, or it's the thing we're interested in replacing.
       if (!edge.valid) {
         continue
       }

package/lib/place-dep.js

@@ -247,7 +247,7 @@ class PlaceDep {
     // if we're placing in the tree with --force, we can get here even though
     // it's a conflict.  Treat it as a KEEP, but warn and move on.
     if (placementType === KEEP) {
-      // this was an overridden peer dep
+      // this was a peerConflicted peer dep
       if (edge.peer && !edge.valid) {
         this.warnPeerConflict()
       }
@@ -305,7 +305,7 @@ class PlaceDep {
       this.placed.parent = target
     }
 
-    // if it's an overridden peer dep, warn about it
+    // if it's a peerConflicted peer dep, warn about it
     if (edge.peer && !this.placed.satisfies(edge)) {
       this.warnPeerConflict()
     }
@@ -339,7 +339,7 @@ class PlaceDep {
     // otherwise they'd be gone and the peer set would change throughout
     // this loop.
     for (const peerEdge of this.placed.edgesOut.values()) {
-      if (peerEdge.valid || !peerEdge.peer || peerEdge.overridden) {
+      if (peerEdge.valid || !peerEdge.peer || peerEdge.peerConflicted) {
         continue
       }
 
@@ -353,7 +353,7 @@ class PlaceDep {
         continue
       }
 
-      // overridden peerEdge, just accept what's there already
+      // peerConflicted peerEdge, just accept what's there already
       if (!peer.satisfies(peerEdge)) {
         continue
       }
@@ -398,7 +398,7 @@ class PlaceDep {
       if (this.placed.satisfies(edge) ||
           !edge.peer ||
           edge.from.parent !== target ||
-          edge.overridden) {
+          edge.peerConflicted) {
         // not a peer dep, not invalid, or not from this level, so it's fine
         // to just let it re-evaluate as a problemEdge later, or let it be
         // satisfied by the new dep being placed.
@@ -406,14 +406,14 @@ class PlaceDep {
       }
       for (const entryEdge of peerEntrySets(edge.from).keys()) {
         // either this one needs to be pruned and re-evaluated, or marked
-        // as overridden and warned about.  If the entryEdge comes in from
+        // as peerConflicted and warned about.  If the entryEdge comes in from
         // the root, then we have to leave it alone, and in that case, it
         // will have already warned or crashed by getting to this point.
         const entryNode = entryEdge.to
         const deepestTarget = deepestNestingTarget(entryNode)
         if (deepestTarget !== target && !entryEdge.from.isRoot) {
           prunePeerSets.push(...gatherDepSet([entryNode], e => {
-            return e.to !== entryNode && !e.overridden
+            return e.to !== entryNode && !e.peerConflicted
           }))
         } else {
           this.warnPeerConflict(edge, this.dep)
@@ -532,7 +532,7 @@ class PlaceDep {
   warnPeerConflict (edge, dep) {
     edge = edge || this.edge
     dep = dep || this.dep
-    edge.overridden = true
+    edge.peerConflicted = true
     const expl = this.explainPeerConflict(edge, dep)
     log.warn('ERESOLVE', 'overriding peer dependency', expl)
   }

package/lib/printable.js

@@ -130,8 +130,8 @@ class Edge {
     if (edge.error) {
       this.error = edge.error
     }
-    if (edge.overridden) {
-      this.overridden = edge.overridden
+    if (edge.peerConflicted) {
+      this.peerConflicted = edge.peerConflicted
     }
   }
 }
@@ -149,7 +149,7 @@ class EdgeOut extends Edge {
     }${
       this.error ? ' ' + this.error : ''
     }${
-      this.overridden ? ' overridden' : ''
+      this.peerConflicted ? ' peerConflicted' : ''
     } }`
   }
 }
@@ -165,7 +165,7 @@ class EdgeIn extends Edge {
     return `{ ${this.from || '""'} ${this.type} ${this.name}@${this.spec}${
       this.error ? ' ' + this.error : ''
     }${
-      this.overridden ? ' overridden' : ''
+      this.peerConflicted ? ' peerConflicted' : ''
     } }`
   }
 }

package/lib/shrinkwrap.js

@@ -10,7 +10,7 @@
 // definitely not before npm v8.
 
 const localeCompare = require('@isaacs/string-locale-compare')('en')
-const lockfileVersion = 2
+const defaultLockfileVersion = 2
 
 // for comparing nodes to yarn.lock entries
 const mismatch = (a, b) => a && b && a !== b
@@ -226,6 +226,10 @@ const _filenameSet = Symbol('_filenameSet')
 const _maybeRead = Symbol('_maybeRead')
 const _maybeStat = Symbol('_maybeStat')
 class Shrinkwrap {
+  static get defaultLockfileVersion () {
+    return defaultLockfileVersion
+  }
+
   static load (options) {
     return new Shrinkwrap(options).load()
   }
@@ -234,21 +238,31 @@ class Shrinkwrap {
     return swKeyOrder
   }
 
-  static reset (options) {
+  static async reset (options) {
     // still need to know if it was loaded from the disk, but don't
     // bother reading it if we're gonna just throw it away.
     const s = new Shrinkwrap(options)
     s.reset()
 
-    return s[_maybeStat]().then(([sw, lock]) => {
-      s.filename = resolve(s.path,
-        (s.hiddenLockfile ? 'node_modules/.package-lock'
-        : s.shrinkwrapOnly || sw ? 'npm-shrinkwrap'
-        : 'package-lock') + '.json')
-      s.loadedFromDisk = !!(sw || lock)
-      s.type = basename(s.filename)
-      return s
-    })
+    const [sw, lock] = await s[_maybeStat]()
+
+    s.filename = resolve(s.path,
+      (s.hiddenLockfile ? 'node_modules/.package-lock'
+      : s.shrinkwrapOnly || sw ? 'npm-shrinkwrap'
+      : 'package-lock') + '.json')
+    s.loadedFromDisk = !!(sw || lock)
+    s.type = basename(s.filename)
+
+    try {
+      if (s.loadedFromDisk && !s.lockfileVersion) {
+        const json = parseJSON(await maybeReadFile(s.filename))
+        if (json.lockfileVersion > defaultLockfileVersion) {
+          s.lockfileVersion = json.lockfileVersion
+        }
+      }
+    } catch (e) {}
+
+    return s
   }
 
   static metaFromNode (node, path) {
@@ -316,8 +330,12 @@ class Shrinkwrap {
       shrinkwrapOnly = false,
       hiddenLockfile = false,
       log = procLog,
+      lockfileVersion,
     } = options
 
+    this.lockfileVersion = hiddenLockfile ? 3
+      : lockfileVersion ? parseInt(lockfileVersion, 10)
+      : null
     this.log = log
     this[_awaitingUpdate] = new Map()
     this.tree = null
@@ -372,6 +390,7 @@ class Shrinkwrap {
   reset () {
     this.tree = null
     this[_awaitingUpdate] = new Map()
+    const lockfileVersion = this.lockfileVersion || defaultLockfileVersion
     this.originalLockfileVersion = lockfileVersion
     this.data = {
       lockfileVersion,
@@ -460,14 +479,23 @@ class Shrinkwrap {
       this.ancientLockfile = false
       return {}
     }).then(lock => {
+      const lockfileVersion = this.lockfileVersion ? this.lockfileVersion
+        : Math.max(lock.lockfileVersion || 0, defaultLockfileVersion)
       this.data = {
         ...lock,
-        lockfileVersion,
+        lockfileVersion: lockfileVersion,
         requires: true,
         packages: lock.packages || {},
-        ...(this.hiddenLockfile ? {} : {dependencies: lock.dependencies || {}}),
+        dependencies: lock.dependencies || {},
       }
+
       this.originalLockfileVersion = lock.lockfileVersion
+      // use default if it wasn't explicitly set, and the current file is
+      // less than our default.  otherwise, keep whatever is in the file,
+      // unless we had an explicit setting already.
+      if (!this.lockfileVersion) {
+        this.lockfileVersion = this.data.lockfileVersion = lockfileVersion
+      }
       this.ancientLockfile = this.loadedFromDisk &&
         !(lock.lockfileVersion >= 2) && !lock.requires
 
@@ -878,15 +906,32 @@ class Shrinkwrap {
       }
     }
 
+    // if we haven't set it by now, use the default
+    if (!this.lockfileVersion) {
+      this.lockfileVersion = defaultLockfileVersion
+    }
+    this.data.lockfileVersion = this.lockfileVersion
+
     // hidden lockfiles don't include legacy metadata or a root entry
     if (this.hiddenLockfile) {
       delete this.data.packages['']
       delete this.data.dependencies
-    } else if (this.tree) {
+    } else if (this.tree && this.lockfileVersion <= 3) {
       this[_buildLegacyLockfile](this.tree, this.data)
     }
 
-    return this.data
+    // lf version 1 = dependencies only
+    // lf version 2 = dependencies and packages
+    // lf version 3 = packages only
+    if (this.lockfileVersion >= 3) {
+      const { dependencies, ...data } = this.data
+      return data
+    } else if (this.lockfileVersion < 2) {
+      const { packages, ...data } = this.data
+      return data
+    } else {
+      return { ...this.data }
+    }
   }
 
   [_buildLegacyLockfile] (node, lock, path = []) {

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@npmcli/arborist",
-  "version": "3.0.0",
+  "version": "4.0.3",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.0.1",
     "@npmcli/installed-package-contents": "^1.0.7",
-    "@npmcli/map-workspaces": "^1.0.2",
+    "@npmcli/map-workspaces": "^2.0.0",
     "@npmcli/metavuln-calculator": "^2.0.0",
     "@npmcli/move-file": "^1.1.0",
     "@npmcli/name-from-folder": "^1.0.1",
     "@npmcli/node-gyp": "^1.0.1",
     "@npmcli/package-json": "^1.0.1",
     "@npmcli/run-script": "^2.0.0",
-    "bin-links": "^2.2.1",
+    "bin-links": "^2.3.0",
     "cacache": "^15.0.3",
     "common-ancestor-path": "^1.0.1",
     "json-parse-even-better-errors": "^2.3.1",
@@ -45,11 +45,10 @@
     "tcompare": "^5.0.6"
   },
   "scripts": {
-    "test": "npm run test-only --",
-    "test-only": "tap",
-    "posttest": "npm run lint --",
+    "test": "tap",
+    "posttest": "npm run lint",
     "snap": "tap",
-    "postsnap": "npm run lintfix --",
+    "postsnap": "npm run lintfix",
     "test-proxy": "ARBORIST_TEST_PROXY=1 tap --snapshot",
     "preversion": "npm test",
     "postversion": "npm publish",
@@ -88,7 +87,7 @@
       "--no-warnings",
       "--no-deprecation"
     ],
-    "timeout": "240"
+    "timeout": "360"
   },
   "engines": {
     "node": "^12.13.0 || ^14.15.0 || >=16"