@npmcli/arborist 7.4.2 → 7.5.1

package/lib/audit-report.js

@@ -13,7 +13,7 @@ const _fixAvailable = Symbol('fixAvailable')
 const _checkTopNode = Symbol('checkTopNode')
 const _init = Symbol('init')
 const _omit = Symbol('omit')
-const log = require('proc-log')
+const { log, time } = require('proc-log')
 
 const fetch = require('npm-registry-fetch')
 
@@ -117,7 +117,7 @@ class AuditReport extends Map {
   }
 
   async [_init] () {
-    process.emit('time', 'auditReport:init')
+    const timeEnd = time.start('auditReport:init')
 
     const promises = []
     for (const [name, advisories] of Object.entries(this.report)) {
@@ -210,7 +210,8 @@ class AuditReport extends Map {
         }
       }
     }
-    process.emit('timeEnd', 'auditReport:init')
+
+    timeEnd()
   }
 
   [_checkTopNode] (topNode, vuln, spec) {
@@ -306,7 +307,7 @@ class AuditReport extends Map {
       return null
     }
 
-    process.emit('time', 'auditReport:getReport')
+    const timeEnd = time.start('auditReport:getReport')
     try {
       try {
         // first try the super fast bulk advisory listing
@@ -347,7 +348,7 @@ class AuditReport extends Map {
       this.error = er
       return null
     } finally {
-      process.emit('timeEnd', 'auditReport:getReport')
+      timeEnd()
     }
   }
 }

package/lib/dep-valid.js

@@ -124,7 +124,7 @@ const linkValid = (child, requested, requestor) => {
   return isLink && relative(child.realpath, requested.fetchSpec) === ''
 }
 
-const tarballValid = (child, requested, requestor) => {
+const tarballValid = (child, requested) => {
   if (child.isLink) {
     return false
   }

package/lib/inventory.js

@@ -130,7 +130,7 @@ class Inventory extends Map {
     return super.get(node.location) === node
   }
 
-  set (k, v) {
+  set () {
     throw new Error('direct set() not supported, use inventory.add(node)')
   }
 }

package/lib/place-dep.js

@@ -8,7 +8,7 @@
 // a result.
 
 const localeCompare = require('@isaacs/string-locale-compare')('en')
-const log = require('proc-log')
+const { log } = require('proc-log')
 const { redact } = require('@npmcli/redact')
 const deepestNestingTarget = require('./deepest-nesting-target.js')
 const CanPlaceDep = require('./can-place-dep.js')

package/lib/query-selector-all.js

@@ -3,7 +3,7 @@
 const { resolve } = require('path')
 const { parser, arrayDelimiter } = require('@npmcli/query')
 const localeCompare = require('@isaacs/string-locale-compare')('en')
-const log = require('proc-log')
+const { log } = require('proc-log')
 const { minimatch } = require('minimatch')
 const npa = require('npm-package-arg')
 const pacote = require('pacote')
@@ -650,27 +650,27 @@ class Results {
 // operators for attribute selectors
 const attributeOperators = {
   // attribute value is equivalent
-  '=' ({ attr, value, insensitive }) {
+  '=' ({ attr, value }) {
     return attr === value
   },
   // attribute value contains word
-  '~=' ({ attr, value, insensitive }) {
+  '~=' ({ attr, value }) {
     return (attr.match(/\w+/g) || []).includes(value)
   },
   // attribute value contains string
-  '*=' ({ attr, value, insensitive }) {
+  '*=' ({ attr, value }) {
     return attr.includes(value)
   },
   // attribute value is equal or starts with
-  '|=' ({ attr, value, insensitive }) {
+  '|=' ({ attr, value }) {
     return attr.startsWith(`${value}-`)
   },
   // attribute value starts with
-  '^=' ({ attr, value, insensitive }) {
+  '^=' ({ attr, value }) {
     return attr.startsWith(value)
   },
   // attribute value ends with
-  '$=' ({ attr, value, insensitive }) {
+  '$=' ({ attr, value }) {
     return attr.endsWith(value)
   },
 }

package/lib/shrinkwrap.js

@@ -33,7 +33,7 @@ const mismatch = (a, b) => a && b && a !== b
 // After calling this.commit(), any nodes not present in the tree will have
 // been removed from the shrinkwrap data as well.
 
-const log = require('proc-log')
+const { log } = require('proc-log')
 const YarnLock = require('./yarn-lock.js')
 const {
   readFile,
@@ -1145,6 +1145,7 @@ class Shrinkwrap {
       throw new Error('run load() before saving data')
     }
 
+    // This must be called before the lockfile conversion check below since it sets properties as part of `commit()`
     const json = this.toString(options)
     if (
       !this.hiddenLockfile
@@ -1155,6 +1156,7 @@ class Shrinkwrap {
       `Converting lock file (${relative(process.cwd(), this.filename)}) from v${this.originalLockfileVersion} -> v${this.lockfileVersion}`
       )
     }
+
     return Promise.all([
       writeFile(this.filename, json).catch(er => {
         if (this.hiddenLockfile) {

package/lib/tracker.js

@@ -1,12 +1,12 @@
-const npmlog = require('npmlog')
+const proggy = require('proggy')
 
 module.exports = cls => class Tracker extends cls {
   #progress = new Map()
-  #setProgress
 
-  constructor (options = {}) {
-    super(options)
-    this.#setProgress = !!options.progress
+  #createTracker (key, name) {
+    const tracker = new proggy.Tracker(name ?? key)
+    tracker.on('done', () => this.#progress.delete(key))
+    this.#progress.set(key, tracker)
   }
 
   addTracker (section, subsection = null, key = null) {
@@ -26,22 +26,17 @@ module.exports = cls => class Tracker extends cls {
       this.#onError(`Tracker "${section}" already exists`)
     } else if (!hasTracker && subsection === null) {
       // 1. no existing tracker, no subsection
-      // Create a new tracker from npmlog
-      // starts progress bar
-      if (this.#setProgress && this.#progress.size === 0) {
-        npmlog.enableProgress()
-      }
-
-      this.#progress.set(section, npmlog.newGroup(section))
+      // Create a new progress tracker
+      this.#createTracker(section)
     } else if (!hasTracker && subsection !== null) {
       // 2. no parent tracker and subsection
       this.#onError(`Parent tracker "${section}" does not exist`)
     } else if (!hasTracker || !hasSubtracker) {
       // 3. existing parent tracker, no subsection tracker
-      // Create a new subtracker in this.#progress from parent tracker
-      this.#progress.set(`${section}:${key}`,
-        this.#progress.get(section).newGroup(`${section}:${subsection}`)
-      )
+      // Create a new subtracker and update parents
+      const parentTracker = this.#progress.get(section)
+      parentTracker.update(parentTracker.value, parentTracker.total + 1)
+      this.#createTracker(`${section}:${key}`, `${section}:${subsection}`)
     }
     // 4. existing parent tracker, existing subsection tracker
     // skip it
@@ -70,32 +65,22 @@ module.exports = cls => class Tracker extends cls {
           this.finishTracker(section, key)
         }
       }
-
       // remove parent tracker
       this.#progress.get(section).finish()
-      this.#progress.delete(section)
-
-      // remove progress bar if all
-      // trackers are finished
-      if (this.#setProgress && this.#progress.size === 0) {
-        npmlog.disableProgress()
-      }
     } else if (!hasTracker && subsection === null) {
       // 1. no existing parent tracker, no subsection
       this.#onError(`Tracker "${section}" does not exist`)
     } else if (!hasTracker || hasSubtracker) {
       // 2. subtracker exists
       // Finish subtracker and remove from this.#progress
+      const parentTracker = this.#progress.get(section)
+      parentTracker.update(parentTracker.value + 1)
       this.#progress.get(`${section}:${key}`).finish()
-      this.#progress.delete(`${section}:${key}`)
     }
     // 3. existing parent tracker, no subsection
   }
 
   #onError (msg) {
-    if (this.#setProgress) {
-      npmlog.disableProgress()
-    }
     throw new Error(msg)
   }
 }

package/package.json

@@ -1,19 +1,19 @@
 {
   "name": "@npmcli/arborist",
-  "version": "7.4.2",
+  "version": "7.5.1",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
     "@npmcli/fs": "^3.1.0",
-    "@npmcli/installed-package-contents": "^2.0.2",
+    "@npmcli/installed-package-contents": "^2.1.0",
     "@npmcli/map-workspaces": "^3.0.2",
-    "@npmcli/metavuln-calculator": "^7.0.0",
+    "@npmcli/metavuln-calculator": "^7.1.0",
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
-    "@npmcli/package-json": "^5.0.0",
+    "@npmcli/package-json": "^5.1.0",
     "@npmcli/query": "^3.1.0",
-    "@npmcli/redact": "^1.1.0",
-    "@npmcli/run-script": "^7.0.2",
+    "@npmcli/redact": "^2.0.0",
+    "@npmcli/run-script": "^8.1.0",
     "bin-links": "^4.0.1",
     "cacache": "^18.0.0",
     "common-ancestor-path": "^1.0.1",
@@ -23,13 +23,13 @@
     "minimatch": "^9.0.4",
     "nopt": "^7.0.0",
     "npm-install-checks": "^6.2.0",
-    "npm-package-arg": "^11.0.1",
+    "npm-package-arg": "^11.0.2",
     "npm-pick-manifest": "^9.0.0",
-    "npm-registry-fetch": "^16.2.0",
-    "npmlog": "^7.0.1",
-    "pacote": "^17.0.4",
+    "npm-registry-fetch": "^17.0.0",
+    "pacote": "^18.0.1",
     "parse-conflict-json": "^3.0.0",
-    "proc-log": "^3.0.0",
+    "proc-log": "^4.2.0",
+    "proggy": "^2.0.0",
     "promise-all-reject-late": "^1.0.0",
     "promise-call-limit": "^3.0.1",
     "read-package-json-fast": "^3.0.2",
@@ -62,7 +62,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/npm/cli.git",
+    "url": "git+https://github.com/npm/cli.git",
     "directory": "workspaces/arborist"
   },
   "author": "GitHub Inc.",