@npmcli/arborist 7.5.0 → 7.5.2

package/lib/dep-valid.js

@@ -124,7 +124,7 @@ const linkValid = (child, requested, requestor) => {
   return isLink && relative(child.realpath, requested.fetchSpec) === ''
 }
 
-const tarballValid = (child, requested, requestor) => {
+const tarballValid = (child, requested) => {
   if (child.isLink) {
     return false
   }

package/lib/inventory.js

@@ -130,7 +130,7 @@ class Inventory extends Map {
     return super.get(node.location) === node
   }
 
-  set (k, v) {
+  set () {
     throw new Error('direct set() not supported, use inventory.add(node)')
   }
 }

package/lib/node.js

@@ -119,6 +119,8 @@ class Node {
     // package's dependencies in a virtual root.
     this.sourceReference = sourceReference
 
+    // TODO if this came from pacote.manifest we don't have to do this,
+    // we can be told to skip this step
     const pkg = sourceReference ? sourceReference.package
       : normalize(options.pkg || {})
 

package/lib/packument-cache.js

@@ -0,0 +1,77 @@
+const { LRUCache } = require('lru-cache')
+const { getHeapStatistics } = require('node:v8')
+const { log } = require('proc-log')
+
+// This is an in-memory cache that Pacote uses for packuments.
+// Packuments are usually cached on disk.  This allows for rapid re-requests
+// of the same packument to bypass disk reads.  The tradeoff here is memory
+// usage for disk reads.
+class PackumentCache extends LRUCache {
+  static #heapLimit = Math.floor(getHeapStatistics().heap_size_limit)
+
+  #sizeKey
+  #disposed = new Set()
+
+  #log (...args) {
+    log.silly('packumentCache', ...args)
+  }
+
+  constructor ({
+    // How much of this.#heapLimit to take up
+    heapFactor = 0.25,
+    // How much of this.#maxSize we allow any one packument to take up
+    // Anything over this is not cached
+    maxEntryFactor = 0.5,
+    sizeKey = '_contentLength',
+  } = {}) {
+    const maxSize = Math.floor(PackumentCache.#heapLimit * heapFactor)
+    const maxEntrySize = Math.floor(maxSize * maxEntryFactor)
+    super({
+      maxSize,
+      maxEntrySize,
+      sizeCalculation: (p) => {
+        // Don't cache if we dont know the size
+        // Some versions of pacote set this to `0`, newer versions set it to `null`
+        if (!p[sizeKey]) {
+          return maxEntrySize + 1
+        }
+        if (p[sizeKey] < 10_000) {
+          return p[sizeKey] * 2
+        }
+        if (p[sizeKey] < 1_000_000) {
+          return Math.floor(p[sizeKey] * 1.5)
+        }
+        // It is less beneficial to store a small amount of super large things
+        // at the cost of all other packuments.
+        return maxEntrySize + 1
+      },
+      dispose: (v, k) => {
+        this.#disposed.add(k)
+        this.#log(k, 'dispose')
+      },
+    })
+    this.#sizeKey = sizeKey
+    this.#log(`heap:${PackumentCache.#heapLimit} maxSize:${maxSize} maxEntrySize:${maxEntrySize}`)
+  }
+
+  set (k, v, ...args) {
+    // we use disposed only for a logging signal if we are setting packuments that
+    // have already been evicted from the cache previously. logging here could help
+    // us tune this in the future.
+    const disposed = this.#disposed.has(k)
+    /* istanbul ignore next - this doesnt happen consistently so hard to test without resorting to unit tests  */
+    if (disposed) {
+      this.#disposed.delete(k)
+    }
+    this.#log(k, 'set', `size:${v[this.#sizeKey]} disposed:${disposed}`)
+    return super.set(k, v, ...args)
+  }
+
+  has (k, ...args) {
+    const has = super.has(k, ...args)
+    this.#log(k, `cache-${has ? 'hit' : 'miss'}`)
+    return has
+  }
+}
+
+module.exports = PackumentCache

package/lib/query-selector-all.js

@@ -650,27 +650,27 @@ class Results {
 // operators for attribute selectors
 const attributeOperators = {
   // attribute value is equivalent
-  '=' ({ attr, value, insensitive }) {
+  '=' ({ attr, value }) {
     return attr === value
   },
   // attribute value contains word
-  '~=' ({ attr, value, insensitive }) {
+  '~=' ({ attr, value }) {
     return (attr.match(/\w+/g) || []).includes(value)
   },
   // attribute value contains string
-  '*=' ({ attr, value, insensitive }) {
+  '*=' ({ attr, value }) {
     return attr.includes(value)
   },
   // attribute value is equal or starts with
-  '|=' ({ attr, value, insensitive }) {
+  '|=' ({ attr, value }) {
     return attr.startsWith(`${value}-`)
   },
   // attribute value starts with
-  '^=' ({ attr, value, insensitive }) {
+  '^=' ({ attr, value }) {
     return attr.startsWith(value)
   },
   // attribute value ends with
-  '$=' ({ attr, value, insensitive }) {
+  '$=' ({ attr, value }) {
     return attr.endsWith(value)
   },
 }

package/lib/shrinkwrap.js

@@ -1153,7 +1153,8 @@ class Shrinkwrap {
       && this.originalLockfileVersion !== this.lockfileVersion
     ) {
       log.warn(
-      `Converting lock file (${relative(process.cwd(), this.filename)}) from v${this.originalLockfileVersion} -> v${this.lockfileVersion}`
+        'shrinkwrap',
+        `Converting lock file (${relative(process.cwd(), this.filename)}) from v${this.originalLockfileVersion} -> v${this.lockfileVersion}`
       )
     }
 

package/package.json

@@ -1,32 +1,33 @@
 {
   "name": "@npmcli/arborist",
-  "version": "7.5.0",
+  "version": "7.5.2",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
-    "@npmcli/fs": "^3.1.0",
+    "@npmcli/fs": "^3.1.1",
     "@npmcli/installed-package-contents": "^2.1.0",
     "@npmcli/map-workspaces": "^3.0.2",
-    "@npmcli/metavuln-calculator": "^7.1.0",
+    "@npmcli/metavuln-calculator": "^7.1.1",
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
     "@npmcli/package-json": "^5.1.0",
     "@npmcli/query": "^3.1.0",
-    "@npmcli/redact": "^1.1.0",
-    "@npmcli/run-script": "^8.0.0",
-    "bin-links": "^4.0.1",
-    "cacache": "^18.0.0",
+    "@npmcli/redact": "^2.0.0",
+    "@npmcli/run-script": "^8.1.0",
+    "bin-links": "^4.0.4",
+    "cacache": "^18.0.3",
     "common-ancestor-path": "^1.0.1",
-    "hosted-git-info": "^7.0.1",
-    "json-parse-even-better-errors": "^3.0.0",
+    "hosted-git-info": "^7.0.2",
+    "json-parse-even-better-errors": "^3.0.2",
     "json-stringify-nice": "^1.1.4",
+    "lru-cache": "^10.2.2",
     "minimatch": "^9.0.4",
-    "nopt": "^7.0.0",
+    "nopt": "^7.2.1",
     "npm-install-checks": "^6.2.0",
     "npm-package-arg": "^11.0.2",
-    "npm-pick-manifest": "^9.0.0",
-    "npm-registry-fetch": "^16.2.1",
-    "pacote": "^18.0.1",
+    "npm-pick-manifest": "^9.0.1",
+    "npm-registry-fetch": "^17.0.1",
+    "pacote": "^18.0.6",
     "parse-conflict-json": "^3.0.0",
     "proc-log": "^4.2.0",
     "proggy": "^2.0.0",
@@ -34,13 +35,13 @@
     "promise-call-limit": "^3.0.1",
     "read-package-json-fast": "^3.0.2",
     "semver": "^7.3.7",
-    "ssri": "^10.0.5",
+    "ssri": "^10.0.6",
     "treeverse": "^3.0.0",
     "walk-up-path": "^3.0.1"
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.21.3",
+    "@npmcli/template-oss": "4.22.0",
     "benchmark": "^2.1.4",
     "minify-registry-metadata": "^3.0.0",
     "nock": "^13.3.3",
@@ -62,7 +63,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/npm/cli.git",
+    "url": "git+https://github.com/npm/cli.git",
     "directory": "workspaces/arborist"
   },
   "author": "GitHub Inc.",
@@ -91,7 +92,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.21.3",
+    "version": "4.22.0",
     "content": "../../scripts/template-oss/index.js"
   }
 }