@npmcli/arborist 4.2.1 → 4.3.0

package/lib/arborist/build-ideal-tree.js

@@ -269,6 +269,22 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     this[_complete] = !!options.complete
     this[_preferDedupe] = !!options.preferDedupe
     this[_legacyBundling] = !!options.legacyBundling
+
+    // validates list of update names, they must
+    // be dep names only, no semver ranges are supported
+    for (const name of update.names) {
+      const spec = npa(name)
+      const validationError =
+        new TypeError(`Update arguments must not contain package version specifiers
+
+Try using the package name instead, e.g:
+    npm update ${spec.name}`)
+      validationError.code = 'EUPDATEARGS'
+
+      if (spec.fetchSpec !== 'latest') {
+        throw validationError
+      }
+    }
     this[_updateNames] = update.names
 
     this[_updateAll] = update.all
@@ -320,7 +336,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
       // Load on a new Arborist object, so the Nodes aren't the same,
       // or else it'll get super confusing when we change them!
       .then(async root => {
-        if (!this[_updateAll] && !this[_global] && !root.meta.loadedFromDisk) {
+        if ((!this[_updateAll] && !this[_global] && !root.meta.loadedFromDisk) || (this[_global] && this[_updateNames].length)) {
           await new this.constructor(this.options).loadActual({ root })
           const tree = root.target
           // even though we didn't load it from a package-lock.json FILE,

package/lib/arborist/load-actual.js

@@ -212,7 +212,8 @@ module.exports = cls => class ActualLoader extends cls {
     const promises = []
     for (const path of tree.workspaces.values()) {
       if (!this[_cache].has(path)) {
-        const p = this[_loadFSNode]({ path, root: this[_actualTree] })
+        // workspace overrides use the root overrides
+        const p = this[_loadFSNode]({ path, root: this[_actualTree], useRootOverrides: true })
           .then(node => this[_loadFSTree](node))
         promises.push(p)
       }
@@ -240,7 +241,7 @@ module.exports = cls => class ActualLoader extends cls {
     this[_actualTree] = root
   }
 
-  [_loadFSNode] ({ path, parent, real, root, loadOverrides }) {
+  [_loadFSNode] ({ path, parent, real, root, loadOverrides, useRootOverrides }) {
     if (!real) {
       return realpath(path, this[_rpcache], this[_stcache])
         .then(
@@ -250,6 +251,7 @@ module.exports = cls => class ActualLoader extends cls {
             real,
             root,
             loadOverrides,
+            useRootOverrides,
           }),
           // if realpath fails, just provide a dummy error node
           error => new Node({
@@ -289,6 +291,9 @@ module.exports = cls => class ActualLoader extends cls {
           parent,
           root,
           loadOverrides,
+          ...(useRootOverrides && root.overrides
+            ? { overrides: root.overrides.getNodeRule({ name: pkg.name, version: pkg.version }) }
+            : {}),
         })
       })
       .then(node => {

package/lib/arborist/reify.js

@@ -5,6 +5,7 @@ const pacote = require('pacote')
 const AuditReport = require('../audit-report.js')
 const { subset, intersects } = require('semver')
 const npa = require('npm-package-arg')
+const semver = require('semver')
 const debug = require('../debug.js')
 const walkUp = require('walk-up-path')
 
@@ -1273,6 +1274,21 @@ module.exports = cls => class Reifier extends cls {
       }
     }
 
+    // Returns true if any of the edges from this node has a semver
+    // range definition that is an exact match to the version installed
+    // e.g: should return true if for a given an installed version 1.0.0,
+    // range is either =1.0.0 or 1.0.0
+    const exactVersion = node => {
+      for (const edge of node.edgesIn) {
+        try {
+          if (semver.subset(edge.spec, node.version)) {
+            return false
+          }
+        } catch {}
+      }
+      return true
+    }
+
     // helper that retrieves an array of nodes that were
     // potentially updated during the reify process, in order
     // to limit the number of nodes to check and update, only
@@ -1284,6 +1300,8 @@ module.exports = cls => class Reifier extends cls {
       const filterDirectDependencies = node =>
         !node.isRoot && node.resolveParent.isRoot
         && (!names || names.includes(node.name))
+        && exactVersion(node) // skip update for exact ranges
+
       const directDeps = this.idealTree.inventory
         .filter(filterDirectDependencies)
 

package/lib/shrinkwrap.js

@@ -476,8 +476,13 @@ class Shrinkwrap {
       // all good!  hidden lockfile is the newest thing in here.
       return data
     }).catch(er => {
-      const rel = relpath(this.path, this.filename)
-      this.log.verbose('shrinkwrap', `failed to load ${rel}`, er)
+      /* istanbul ignore else */
+      if (typeof this.filename === 'string') {
+        const rel = relpath(this.path, this.filename)
+        this.log.verbose('shrinkwrap', `failed to load ${rel}`, er)
+      } else {
+        this.log.verbose('shrinkwrap', `failed to load ${this.path}`, er)
+      }
       this.loadingError = er
       this.loadedFromDisk = false
       this.ancientLockfile = false

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "4.2.1",
+  "version": "4.3.0",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
@@ -22,7 +22,7 @@
     "npm-install-checks": "^4.0.0",
     "npm-package-arg": "^8.1.5",
     "npm-pick-manifest": "^6.1.0",
-    "npm-registry-fetch": "^11.0.0",
+    "npm-registry-fetch": "^12.0.1",
     "pacote": "^12.0.2",
     "parse-conflict-json": "^2.0.1",
     "proc-log": "^1.0.0",