@npmcli/arborist 4.2.1 → 5.0.0

package/lib/arborist/build-ideal-tree.js

@@ -14,6 +14,7 @@ const fs = require('fs')
 const lstat = promisify(fs.lstat)
 const readlink = promisify(fs.readlink)
 const { depth } = require('treeverse')
+const log = require('proc-log')
 
 const {
   OK,
@@ -248,7 +249,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
       try {
         c()
       } catch (er) {
-        this.log.warn(er.code, er.message, {
+        log.warn(er.code, er.message, {
           package: er.pkgid,
           required: er.required,
           current: er.current,
@@ -269,6 +270,22 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     this[_complete] = !!options.complete
     this[_preferDedupe] = !!options.preferDedupe
     this[_legacyBundling] = !!options.legacyBundling
+
+    // validates list of update names, they must
+    // be dep names only, no semver ranges are supported
+    for (const name of update.names) {
+      const spec = npa(name)
+      const validationError =
+        new TypeError(`Update arguments must not contain package version specifiers
+
+Try using the package name instead, e.g:
+    npm update ${spec.name}`)
+      validationError.code = 'EUPDATEARGS'
+
+      if (spec.fetchSpec !== 'latest') {
+        throw validationError
+      }
+    }
     this[_updateNames] = update.names
 
     this[_updateAll] = update.all
@@ -320,7 +337,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
       // Load on a new Arborist object, so the Nodes aren't the same,
       // or else it'll get super confusing when we change them!
       .then(async root => {
-        if (!this[_updateAll] && !this[_global] && !root.meta.loadedFromDisk) {
+        if ((!this[_updateAll] && !this[_global] && !root.meta.loadedFromDisk) || (this[_global] && this[_updateNames].length)) {
           await new this.constructor(this.options).loadActual({ root })
           const tree = root.target
           // even though we didn't load it from a package-lock.json FILE,
@@ -516,7 +533,6 @@ module.exports = cls => class IdealTreeBuilder extends cls {
         saveBundle,
         saveType,
         path: this.path,
-        log: this.log,
       })
     })
   }
@@ -586,7 +602,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
         // be printed by npm-audit-report as if they can be fixed, because
         // they can't.
         if (bundler) {
-          this.log.warn(`audit fix ${node.name}@${node.version}`,
+          log.warn(`audit fix ${node.name}@${node.version}`,
             `${node.location}\nis a bundled dependency of\n${
             bundler.name}@${bundler.version} at ${bundler.location}\n` +
             'It cannot be fixed automatically.\n' +
@@ -621,14 +637,14 @@ module.exports = cls => class IdealTreeBuilder extends cls {
           if (!node.isProjectRoot && !node.isWorkspace) {
             // not something we're going to fix, sorry.  have to cd into
             // that directory and fix it yourself.
-            this.log.warn('audit', 'Manual fix required in linked project ' +
+            log.warn('audit', 'Manual fix required in linked project ' +
               `at ./${node.location} for ${name}@${simpleRange}.\n` +
               `'cd ./${node.location}' and run 'npm audit' for details.`)
             continue
           }
 
           if (!fixAvailable) {
-            this.log.warn('audit', `No fix available for ${name}@${simpleRange}`)
+            log.warn('audit', `No fix available for ${name}@${simpleRange}`)
             continue
           }
 
@@ -636,7 +652,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
           const breakingMessage = isSemVerMajor
             ? 'a SemVer major change'
             : 'outside your stated dependency range'
-          this.log.warn('audit', `Updating ${name} to ${version},` +
+          log.warn('audit', `Updating ${name} to ${version},` +
             `which is ${breakingMessage}.`)
 
           await this[_add](node, { add: [`${name}@${version}`] })
@@ -711,7 +727,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     const heading = ancient ? 'ancient lockfile' : 'old lockfile'
     if (ancient || !this.options.lockfileVersion ||
         this.options.lockfileVersion >= defaultLockfileVersion) {
-      this.log.warn(heading,
+      log.warn(heading,
         `
 The ${meta.type} file was created with an old version of npm,
 so supplemental metadata must be fetched from the registry.
@@ -728,7 +744,7 @@ This is a one-time fix-up, please be patient...
       }
 
       queue.push(async () => {
-        this.log.silly('inflate', node.location)
+        log.silly('inflate', node.location)
         const { resolved, version, path, name, location, integrity } = node
         // don't try to hit the registry for linked deps
         const useResolved = resolved && (
@@ -737,8 +753,7 @@ This is a one-time fix-up, please be patient...
         const id = useResolved ? resolved
           : version || `file:${node.path}`
         const spec = npa.resolve(name, id, dirname(path))
-        const sloc = location.substr('node_modules/'.length)
-        const t = `idealTree:inflate:${sloc}`
+        const t = `idealTree:inflate:${location}`
         this.addTracker(t)
         await pacote.manifest(spec, {
           ...this.options,
@@ -749,7 +764,7 @@ This is a one-time fix-up, please be patient...
           node.package = { ...mani, _id: `${mani.name}@${mani.version}` }
         }).catch((er) => {
           const warning = `Could not fetch metadata for ${name}@${id}`
-          this.log.warn(heading, warning, er)
+          log.warn(heading, warning, er)
         })
         this.finishTracker(t)
       })
@@ -778,7 +793,7 @@ This is a one-time fix-up, please be patient...
     this[_depsQueue].push(tree)
     // XXX also push anything that depends on a node with a name
     // in the override list
-    this.log.silly('idealTree', 'buildDeps')
+    log.silly('idealTree', 'buildDeps')
     this.addTracker('idealTree', tree.name, '')
     return this[_buildDepStep]()
       .then(() => process.emit('timeEnd', 'idealTree:buildDeps'))
@@ -1217,7 +1232,7 @@ This is a one-time fix-up, please be patient...
     if (this[_manifests].has(spec.raw)) {
       return this[_manifests].get(spec.raw)
     } else {
-      this.log.silly('fetch manifest', spec.raw)
+      log.silly('fetch manifest', spec.raw)
       const p = pacote.manifest(spec, options)
         .then(mani => {
           this[_manifests].set(spec.raw, mani)
@@ -1234,24 +1249,40 @@ This is a one-time fix-up, please be patient...
     // Don't bother to load the manifest for link deps, because the target
     // might be within another package that doesn't exist yet.
     const { legacyPeerDeps } = this
-    return spec.type === 'directory'
-      ? this[_linkFromSpec](name, spec, parent, edge)
-      : this[_fetchManifest](spec)
-        .then(pkg => new Node({ name, pkg, parent, legacyPeerDeps }), error => {
-          error.requiredBy = edge.from.location || '.'
-
-          // failed to load the spec, either because of enotarget or
-          // fetch failure of some other sort.  save it so we can verify
-          // later that it's optional, otherwise the error is fatal.
-          const n = new Node({
-            name,
-            parent,
-            error,
-            legacyPeerDeps,
-          })
-          this[_loadFailures].add(n)
-          return n
+
+    // spec is a directory, link it
+    if (spec.type === 'directory') {
+      return this[_linkFromSpec](name, spec, parent, edge)
+    }
+
+    // if the spec matches a workspace name, then see if the workspace node will
+    // satisfy the edge. if it does, we return the workspace node to make sure it
+    // takes priority.
+    if (this.idealTree.workspaces && this.idealTree.workspaces.has(spec.name)) {
+      const existingNode = this.idealTree.edgesOut.get(spec.name).to
+      if (existingNode && existingNode.isWorkspace && existingNode.satisfies(edge)) {
+        return edge.to
+      }
+    }
+
+    // spec isn't a directory, and either isn't a workspace or the workspace we have
+    // doesn't satisfy the edge. try to fetch a manifest and build a node from that.
+    return this[_fetchManifest](spec)
+      .then(pkg => new Node({ name, pkg, parent, legacyPeerDeps }), error => {
+        error.requiredBy = edge.from.location || '.'
+
+        // failed to load the spec, either because of enotarget or
+        // fetch failure of some other sort.  save it so we can verify
+        // later that it's optional, otherwise the error is fatal.
+        const n = new Node({
+          name,
+          parent,
+          error,
+          legacyPeerDeps,
         })
+        this[_loadFailures].add(n)
+        return n
+      })
   }
 
   [_linkFromSpec] (name, spec, parent, edge) {

package/lib/arborist/index.js

@@ -28,7 +28,6 @@
 
 const { resolve } = require('path')
 const { homedir } = require('os')
-const procLog = require('proc-log')
 const { depth } = require('treeverse')
 const { saveTypeMap } = require('../add-rm-pkg-deps.js')
 
@@ -74,7 +73,6 @@ class Arborist extends Base {
       path: options.path || '.',
       cache: options.cache || `${homedir()}/.npm/_cacache`,
       packumentCache: options.packumentCache || new Map(),
-      log: options.log || procLog,
       workspacesEnabled: options.workspacesEnabled !== false,
       lockfileVersion: lockfileVersion(options.lockfileVersion),
     }
@@ -94,7 +92,7 @@ class Arborist extends Base {
 
   // returns an array of the actual nodes for all the workspaces
   workspaceNodes (tree, workspaces) {
-    return getWorkspaceNodes(tree, workspaces, this.log)
+    return getWorkspaceNodes(tree, workspaces)
   }
 
   // returns a set of workspace nodes and all their deps

package/lib/arborist/load-actual.js

@@ -212,7 +212,8 @@ module.exports = cls => class ActualLoader extends cls {
     const promises = []
     for (const path of tree.workspaces.values()) {
       if (!this[_cache].has(path)) {
-        const p = this[_loadFSNode]({ path, root: this[_actualTree] })
+        // workspace overrides use the root overrides
+        const p = this[_loadFSNode]({ path, root: this[_actualTree], useRootOverrides: true })
           .then(node => this[_loadFSTree](node))
         promises.push(p)
       }
@@ -240,7 +241,7 @@ module.exports = cls => class ActualLoader extends cls {
     this[_actualTree] = root
   }
 
-  [_loadFSNode] ({ path, parent, real, root, loadOverrides }) {
+  [_loadFSNode] ({ path, parent, real, root, loadOverrides, useRootOverrides }) {
     if (!real) {
       return realpath(path, this[_rpcache], this[_stcache])
         .then(
@@ -250,6 +251,7 @@ module.exports = cls => class ActualLoader extends cls {
             real,
             root,
             loadOverrides,
+            useRootOverrides,
           }),
           // if realpath fails, just provide a dummy error node
           error => new Node({
@@ -289,6 +291,9 @@ module.exports = cls => class ActualLoader extends cls {
           parent,
           root,
           loadOverrides,
+          ...(useRootOverrides && root.overrides
+            ? { overrides: root.overrides.getNodeRule({ name: pkg.name, version: pkg.version }) }
+            : {}),
         })
       })
       .then(node => {

package/lib/arborist/rebuild.js

@@ -13,6 +13,7 @@ const {
   isNodeGypPackage,
   defaultGypInstallScript,
 } = require('@npmcli/node-gyp')
+const log = require('proc-log')
 
 const boolEnv = b => b ? '1' : ''
 const sortNodes = (a, b) =>
@@ -297,7 +298,7 @@ module.exports = cls => class Builder extends cls {
 
       const timer = `build:run:${event}:${location}`
       process.emit('time', timer)
-      this.log.info('run', pkg._id, event, location, pkg.scripts[event])
+      log.info('run', pkg._id, event, location, pkg.scripts[event])
       const env = {
         npm_package_resolved: resolved,
         npm_package_integrity: integrity,
@@ -319,7 +320,7 @@ module.exports = cls => class Builder extends cls {
       }
       const p = runScript(runOpts).catch(er => {
         const { code, signal } = er
-        this.log.info('run', pkg._id, event, { code, signal })
+        log.info('run', pkg._id, event, { code, signal })
         throw er
       }).then(({ args, code, signal, stdout, stderr }) => {
         this.scriptsRun.add({
@@ -333,7 +334,7 @@ module.exports = cls => class Builder extends cls {
           stdout,
           stderr,
         })
-        this.log.info('run', pkg._id, event, { code, signal })
+        log.info('run', pkg._id, event, { code, signal })
       })
 
       await (this[_doHandleOptionalFailure]

package/lib/arborist/reify.js

@@ -5,8 +5,10 @@ const pacote = require('pacote')
 const AuditReport = require('../audit-report.js')
 const { subset, intersects } = require('semver')
 const npa = require('npm-package-arg')
+const semver = require('semver')
 const debug = require('../debug.js')
 const walkUp = require('walk-up-path')
+const log = require('proc-log')
 
 const { dirname, resolve, relative } = require('path')
 const { depth: dfwalk } = require('treeverse')
@@ -389,7 +391,7 @@ module.exports = cls => class Reifier extends cls {
   [_addNodeToTrashList] (node, retire = false) {
     const paths = [node.path, ...node.binPaths]
     const moves = this[_retiredPaths]
-    this.log.silly('reify', 'mark', retire ? 'retired' : 'deleted', paths)
+    log.silly('reify', 'mark', retire ? 'retired' : 'deleted', paths)
     for (const path of paths) {
       if (retire) {
         const retired = retirePath(path)
@@ -412,7 +414,7 @@ module.exports = cls => class Reifier extends cls {
         this[_addNodeToTrashList](diff.actual, true)
       }
     }
-    this.log.silly('reify', 'moves', moves)
+    log.silly('reify', 'moves', moves)
     const movePromises = Object.entries(moves)
       .map(([from, to]) => this[_renamePath](from, to))
     return promiseAllRejectLate(movePromises)
@@ -531,7 +533,7 @@ module.exports = cls => class Reifier extends cls {
     return promiseAllRejectLate(unlinks)
       .then(() => {
         if (failures.length) {
-          this.log.warn('cleanup', 'Failed to remove some directories', failures)
+          log.warn('cleanup', 'Failed to remove some directories', failures)
         }
       })
       .then(() => process.emit('timeEnd', 'reify:rollback:createSparse'))
@@ -623,7 +625,7 @@ module.exports = cls => class Reifier extends cls {
       this[_nmValidated].add(nm)
       return
     }
-    this.log.warn('reify', 'Removing non-directory', nm)
+    log.warn('reify', 'Removing non-directory', nm)
     await rimraf(nm)
   }
 
@@ -646,8 +648,8 @@ module.exports = cls => class Reifier extends cls {
         'please re-try this operation once it completes\n' +
         'so that the damage can be corrected, or perform\n' +
         'a fresh install with no lockfile if the problem persists.'
-      this.log.warn('reify', warning)
-      this.log.verbose('reify', 'unrecognized node in tree', node.path)
+      log.warn('reify', warning)
+      log.verbose('reify', 'unrecognized node in tree', node.path)
       node.parent = null
       node.fsParent = null
       this[_addNodeToTrashList](node)
@@ -690,7 +692,7 @@ module.exports = cls => class Reifier extends cls {
   [_warnDeprecated] (node) {
     const { _id, deprecated } = node.package
     if (deprecated) {
-      this.log.warn('deprecated', `${_id}: ${deprecated}`)
+      log.warn('deprecated', `${_id}: ${deprecated}`)
     }
   }
 
@@ -700,7 +702,7 @@ module.exports = cls => class Reifier extends cls {
     return (node.optional ? p.catch(er => {
       const set = optionalSet(node)
       for (node of set) {
-        this.log.verbose('reify', 'failed optional dependency', node.path)
+        log.verbose('reify', 'failed optional dependency', node.path)
         this[_addNodeToTrashList](node)
       }
     }) : p).then(() => node)
@@ -715,7 +717,7 @@ module.exports = cls => class Reifier extends cls {
     // Shrinkwrap and Node classes carefully, so for now, just treat
     // the default reg as the magical animal that it has been.
     return resolved && resolved
-      .replace(/^https?:\/\/registry.npmjs.org\//, this.registry)
+      .replace(/^https?:\/\/registry\.npmjs\.org\//, this.registry)
   }
 
   // bundles are *sort of* like shrinkwraps, in that the branch is defined
@@ -1128,7 +1130,7 @@ module.exports = cls => class Reifier extends cls {
 
     return promiseAllRejectLate(promises).then(() => {
       if (failures.length) {
-        this.log.warn('cleanup', 'Failed to remove some directories', failures)
+        log.warn('cleanup', 'Failed to remove some directories', failures)
       }
     })
       .then(() => process.emit('timeEnd', 'reify:trash'))
@@ -1273,6 +1275,21 @@ module.exports = cls => class Reifier extends cls {
       }
     }
 
+    // Returns true if any of the edges from this node has a semver
+    // range definition that is an exact match to the version installed
+    // e.g: should return true if for a given an installed version 1.0.0,
+    // range is either =1.0.0 or 1.0.0
+    const exactVersion = node => {
+      for (const edge of node.edgesIn) {
+        try {
+          if (semver.subset(edge.spec, node.version)) {
+            return false
+          }
+        } catch {}
+      }
+      return true
+    }
+
     // helper that retrieves an array of nodes that were
     // potentially updated during the reify process, in order
     // to limit the number of nodes to check and update, only
@@ -1284,6 +1301,8 @@ module.exports = cls => class Reifier extends cls {
       const filterDirectDependencies = node =>
         !node.isRoot && node.resolveParent.isRoot
         && (!names || names.includes(node.name))
+        && exactVersion(node) // skip update for exact ranges
+
       const directDeps = this.idealTree.inventory
         .filter(filterDirectDependencies)
 
@@ -1351,6 +1370,10 @@ module.exports = cls => class Reifier extends cls {
         devDependencies = {},
         optionalDependencies = {},
         peerDependencies = {},
+        // bundleDependencies is not required by PackageJson like the other fields here
+        // PackageJson also doesn't omit an empty array for this field so defaulting this
+        // to an empty array would add that field to every package.json file.
+        bundleDependencies,
       } = tree.package
 
       pkgJson.update({
@@ -1358,6 +1381,7 @@ module.exports = cls => class Reifier extends cls {
         devDependencies,
         optionalDependencies,
         peerDependencies,
+        bundleDependencies,
       })
       await pkgJson.save()
     }

package/lib/audit-report.js

@@ -13,7 +13,7 @@ const _fixAvailable = Symbol('fixAvailable')
 const _checkTopNode = Symbol('checkTopNode')
 const _init = Symbol('init')
 const _omit = Symbol('omit')
-const procLog = require('proc-log')
+const log = require('proc-log')
 
 const fetch = require('npm-registry-fetch')
 
@@ -98,14 +98,13 @@ class AuditReport extends Map {
     this.calculator = new Calculator(opts)
     this.error = null
     this.options = opts
-    this.log = opts.log || procLog
     this.tree = tree
     this.filterSet = opts.filterSet
   }
 
   async run () {
     this.report = await this[_getReport]()
-    this.log.silly('audit report', this.report)
+    log.silly('audit report', this.report)
     if (this.report) {
       await this[_init]()
     }
@@ -304,7 +303,7 @@ class AuditReport extends Map {
 
   async [_getReport] () {
     // if we're not auditing, just return false
-    if (this.options.audit === false || this.tree.inventory.size === 1) {
+    if (this.options.audit === false || this.options.offline === true || this.tree.inventory.size === 1) {
       return null
     }
 
@@ -313,7 +312,7 @@ class AuditReport extends Map {
       try {
         // first try the super fast bulk advisory listing
         const body = prepareBulkData(this.tree, this[_omit], this.filterSet)
-        this.log.silly('audit', 'bulk request', body)
+        log.silly('audit', 'bulk request', body)
 
         // no sense asking if we don't have anything to audit,
         // we know it'll be empty
@@ -331,7 +330,7 @@ class AuditReport extends Map {
 
         return await res.json()
       } catch (er) {
-        this.log.silly('audit', 'bulk request failed', String(er.body))
+        log.silly('audit', 'bulk request failed', String(er.body))
         // that failed, try the quick audit endpoint
         const body = prepareData(this.tree, this.options)
         const res = await fetch('/-/npm/v1/security/audits/quick', {
@@ -344,8 +343,8 @@ class AuditReport extends Map {
         return AuditReport.auditToBulk(await res.json())
       }
     } catch (er) {
-      this.log.verbose('audit error', er)
-      this.log.silly('audit error', String(er.body))
+      log.verbose('audit error', er)
+      log.silly('audit error', String(er.body))
       this.error = er
       return null
     } finally {

package/lib/get-workspace-nodes.js

@@ -1,7 +1,10 @@
 // Get the actual nodes corresponding to a root node's child workspaces,
 // given a list of workspace names.
+
+const log = require('proc-log')
 const relpath = require('./relpath.js')
-const getWorkspaceNodes = (tree, workspaces, log) => {
+
+const getWorkspaceNodes = (tree, workspaces) => {
   const wsMap = tree.workspaces
   if (!wsMap) {
     log.warn('workspaces', 'filter set, but no workspaces present')

package/lib/shrinkwrap.js

@@ -33,7 +33,7 @@ const mismatch = (a, b) => a && b && a !== b
 // After calling this.commit(), any nodes not present in the tree will have
 // been removed from the shrinkwrap data as well.
 
-const procLog = require('proc-log')
+const log = require('proc-log')
 const YarnLock = require('./yarn-lock.js')
 const { promisify } = require('util')
 const rimraf = promisify(require('rimraf'))
@@ -80,8 +80,8 @@ const swKeyOrder = [
 ]
 
 // used to rewrite from yarn registry to npm registry
-const yarnRegRe = /^https?:\/\/registry.yarnpkg.com\//
-const npmRegRe = /^https?:\/\/registry.npmjs.org\//
+const yarnRegRe = /^https?:\/\/registry\.yarnpkg\.com\//
+const npmRegRe = /^https?:\/\/registry\.npmjs\.org\//
 
 // sometimes resolved: is weird or broken, or something npa can't handle
 const specFromResolved = resolved => {
@@ -329,14 +329,12 @@ class Shrinkwrap {
       newline = '\n',
       shrinkwrapOnly = false,
       hiddenLockfile = false,
-      log = procLog,
       lockfileVersion,
     } = options
 
     this.lockfileVersion = hiddenLockfile ? 3
       : lockfileVersion ? parseInt(lockfileVersion, 10)
       : null
-    this.log = log
     this[_awaitingUpdate] = new Map()
     this.tree = null
     this.path = resolve(path || '.')
@@ -476,8 +474,13 @@ class Shrinkwrap {
       // all good!  hidden lockfile is the newest thing in here.
       return data
     }).catch(er => {
-      const rel = relpath(this.path, this.filename)
-      this.log.verbose('shrinkwrap', `failed to load ${rel}`, er)
+      /* istanbul ignore else */
+      if (typeof this.filename === 'string') {
+        const rel = relpath(this.path, this.filename)
+        log.verbose('shrinkwrap', `failed to load ${rel}`, er)
+      } else {
+        log.verbose('shrinkwrap', `failed to load ${this.path}`, er)
+      }
       this.loadingError = er
       this.loadedFromDisk = false
       this.ancientLockfile = false

package/lib/tracker.js

@@ -1,20 +1,14 @@
 const _progress = Symbol('_progress')
 const _onError = Symbol('_onError')
-const procLog = require('proc-log')
+const npmlog = require('npmlog')
 
 module.exports = cls => class Tracker extends cls {
   constructor (options = {}) {
     super(options)
-    this.log = options.log || procLog
     this[_progress] = new Map()
   }
 
   addTracker (section, subsection = null, key = null) {
-    // TrackerGroup type object not found
-    if (!this.log.newGroup) {
-      return
-    }
-
     if (section === null || section === undefined) {
       this[_onError](`Tracker can't be null or undefined`)
     }
@@ -31,13 +25,13 @@ module.exports = cls => class Tracker extends cls {
       this[_onError](`Tracker "${section}" already exists`)
     } else if (!hasTracker && subsection === null) {
       // 1. no existing tracker, no subsection
-      // Create a new tracker from this.log
+      // Create a new tracker from npmlog
       // starts progress bar
       if (this[_progress].size === 0) {
-        this.log.enableProgress()
+        npmlog.enableProgress()
       }
 
-      this[_progress].set(section, this.log.newGroup(section))
+      this[_progress].set(section, npmlog.newGroup(section))
     } else if (!hasTracker && subsection !== null) {
       // 2. no parent tracker and subsection
       this[_onError](`Parent tracker "${section}" does not exist`)
@@ -53,11 +47,6 @@ module.exports = cls => class Tracker extends cls {
   }
 
   finishTracker (section, subsection = null, key = null) {
-    // TrackerGroup type object not found
-    if (!this.log.newGroup) {
-      return
-    }
-
     if (section === null || section === undefined) {
       this[_onError](`Tracker can't be null or undefined`)
     }
@@ -88,7 +77,7 @@ module.exports = cls => class Tracker extends cls {
       // remove progress bar if all
       // trackers are finished
       if (this[_progress].size === 0) {
-        this.log.disableProgress()
+        npmlog.disableProgress()
       }
     } else if (!hasTracker && subsection === null) {
       // 1. no existing parent tracker, no subsection
@@ -103,7 +92,7 @@ module.exports = cls => class Tracker extends cls {
   }
 
   [_onError] (msg) {
-    this.log.disableProgress()
+    npmlog.disableProgress()
     throw new Error(msg)
   }
 }

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@npmcli/arborist",
-  "version": "4.2.1",
+  "version": "5.0.0",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
     "@npmcli/installed-package-contents": "^1.0.7",
     "@npmcli/map-workspaces": "^2.0.0",
-    "@npmcli/metavuln-calculator": "^2.0.0",
+    "@npmcli/metavuln-calculator": "^3.0.0",
     "@npmcli/move-file": "^1.1.0",
     "@npmcli/name-from-folder": "^1.0.1",
     "@npmcli/node-gyp": "^1.0.3",
     "@npmcli/package-json": "^1.0.1",
-    "@npmcli/run-script": "^2.0.0",
+    "@npmcli/run-script": "^3.0.0",
     "bin-links": "^3.0.0",
     "cacache": "^15.0.3",
     "common-ancestor-path": "^1.0.1",
@@ -19,13 +19,15 @@
     "json-stringify-nice": "^1.1.4",
     "mkdirp": "^1.0.4",
     "mkdirp-infer-owner": "^2.0.0",
+    "nopt": "^5.0.0",
     "npm-install-checks": "^4.0.0",
-    "npm-package-arg": "^8.1.5",
-    "npm-pick-manifest": "^6.1.0",
-    "npm-registry-fetch": "^11.0.0",
-    "pacote": "^12.0.2",
+    "npm-package-arg": "^9.0.0",
+    "npm-pick-manifest": "^7.0.0",
+    "npm-registry-fetch": "^13.0.0",
+    "npmlog": "^6.0.1",
+    "pacote": "^13.0.2",
     "parse-conflict-json": "^2.0.1",
-    "proc-log": "^1.0.0",
+    "proc-log": "^2.0.0",
     "promise-all-reject-late": "^1.0.0",
     "promise-call-limit": "^1.0.1",
     "read-package-json-fast": "^2.0.2",