npm - @npmcli/arborist - Versions diffs - 8.0.3 → 8.0.4 - Mend

@npmcli/arborist 8.0.3 → 8.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/arborist/reify.js CHANGED Viewed

@@ -139,9 +139,11 @@ module.exports = cls => class Reifier extends cls {
       // of Node/Link trees
       log.warn('reify', 'The "linked" install strategy is EXPERIMENTAL and may contain bugs.')
       this.idealTree = await this.createIsolatedTree()
-      this.#linkedActualForDiff = this.#buildLinkedActualForDiff(
-        this.idealTree, this.actualTree
-      )
+      if (this.actualTree) {
+        this.#linkedActualForDiff = this.#buildLinkedActualForDiff(
+          this.idealTree, this.actualTree
+        )
+      }
     }
     await this[_diffTrees]()
     await this[_reifyPackages]()
@@ -849,6 +851,10 @@ module.exports = cls => class Reifier extends cls {
       if (combined.has(child.path) || !existsSync(child.path)) {
         continue
       }
+      // Skip store links whose ideal realpath doesn't exist on disk yet — the store hash changed and the symlink needs recreating via ADD.
+      if (child.isLink && child.resolved?.startsWith('file:.store/') && !existsSync(child.realpath)) {
+        continue
+      }
       let entry
       if (child.isLink) {
         entry = new IsolatedLink(child)

package/lib/override-set.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const npa = require('npm-package-arg')
 const semver = require('semver')
+const { log } = require('proc-log')
 class OverrideSet {
   constructor ({ overrides, key, parent }) {
@@ -44,6 +45,43 @@ class OverrideSet {
     }
   }
+  childrenAreEqual (other) {
+    if (this.children.size !== other.children.size) {
+      return false
+    }
+    for (const [key] of this.children) {
+      if (!other.children.has(key)) {
+        return false
+      }
+      if (this.children.get(key).value !== other.children.get(key).value) {
+        return false
+      }
+      if (!this.children.get(key).childrenAreEqual(other.children.get(key))) {
+        return false
+      }
+    }
+    return true
+  }
+  isEqual (other) {
+    if (this === other) {
+      return true
+    }
+    if (!other) {
+      return false
+    }
+    if (this.key !== other.key || this.value !== other.value) {
+      return false
+    }
+    if (!this.childrenAreEqual(other)) {
+      return false
+    }
+    if (!this.parent) {
+      return !other.parent
+    }
+    return this.parent.isEqual(other.parent)
+  }
   getEdgeRule (edge) {
     for (const rule of this.ruleset.values()) {
       if (rule.name !== edge.name) {
@@ -142,6 +180,123 @@ class OverrideSet {
     return ruleset
   }
+  static findSpecificOverrideSet (first, second) {
+    for (let overrideSet = second; overrideSet; overrideSet = overrideSet.parent) {
+      if (overrideSet.isEqual(first)) {
+        return second
+      }
+    }
+    for (let overrideSet = first; overrideSet; overrideSet = overrideSet.parent) {
+      if (overrideSet.isEqual(second)) {
+        return first
+      }
+    }
+    // The override sets are incomparable (e.g. siblings like the "react" and "react-dom" children of the root override set). Check if they have semantically conflicting rules before treating this as an error.
+    if (this.haveConflictingRules(first, second)) {
+      log.silly('Conflicting override sets', first, second)
+      return undefined
+    }
+    // The override sets are structurally incomparable but have compatible rules. Fall back to their nearest common ancestor so the node still has a valid override set.
+    return this.findCommonAncestor(first, second)
+  }
+  static findCommonAncestor (first, second) {
+    const firstAncestors = []
+    for (const ancestor of first.ancestry()) {
+      firstAncestors.push(ancestor)
+    }
+    for (const secondAnc of second.ancestry()) {
+      for (const firstAnc of firstAncestors) {
+        if (firstAnc.isEqual(secondAnc)) {
+          return firstAnc
+        }
+      }
+    }
+    return null
+  }
+  static doOverrideSetsConflict (first, second) {
+    // If override sets contain one another then we can try to use the more specific one.
+    // If neither one is more specific, check for semantic conflicts.
+    const specificSet = this.findSpecificOverrideSet(first, second)
+    if (specificSet !== undefined) {
+      // One contains the other, so no conflict
+      return false
+    }
+    // The override sets are structurally incomparable, but this doesn't necessarily
+    // mean they conflict. We need to check if they have conflicting version requirements
+    // for any package that appears in both rulesets.
+    return this.haveConflictingRules(first, second)
+  }
+  static haveConflictingRules (first, second) {
+    // Get all rules from both override sets
+    const firstRules = first.ruleset
+    const secondRules = second.ruleset
+    // Check each package that appears in both rulesets
+    for (const [key, firstRule] of firstRules) {
+      const secondRule = secondRules.get(key)
+      if (!secondRule) {
+        // Package only appears in one ruleset, no conflict
+        continue
+      }
+      // Same rule object means no conflict
+      if (firstRule === secondRule || firstRule.isEqual(secondRule)) {
+        continue
+      }
+      // Both rulesets have rules for this package with different values.
+      // Check if the version requirements are actually incompatible.
+      const firstValue = firstRule.value
+      const secondValue = secondRule.value
+      // If either value is a reference (starts with $), we can't determine
+      // compatibility here - the reference might resolve to compatible versions.
+      // We defer to runtime resolution rather than failing early.
+      if (firstValue.startsWith('$') || secondValue.startsWith('$')) {
+        continue
+      }
+      // Check if the version ranges are compatible using semver
+      // If both specify version ranges, they conflict only if they have no overlap
+      try {
+        const firstSpec = npa(`${firstRule.name}@${firstValue}`)
+        const secondSpec = npa(`${secondRule.name}@${secondValue}`)
+        // For range/version types, check if they intersect
+        if ((firstSpec.type === 'range' || firstSpec.type === 'version') &&
+            (secondSpec.type === 'range' || secondSpec.type === 'version')) {
+          // Check if the ranges intersect
+          const firstRange = firstSpec.fetchSpec
+          const secondRange = secondSpec.fetchSpec
+          // If the ranges don't intersect, we have a real conflict
+          if (!semver.intersects(firstRange, secondRange)) {
+            log.silly('Found conflicting override rules', {
+              package: firstRule.name,
+              first: firstValue,
+              second: secondValue,
+            })
+            return true
+          }
+        }
+        // For other types (git, file, directory, tag), we can't easily determine
+        // compatibility, so we conservatively assume no conflict
+      } catch {
+        // If we can't parse the specs, conservatively assume no conflict
+        // Real conflicts will be caught during dependency resolution
+      }
+    }
+    // No conflicting rules found
+    return false
+  }
 }
 module.exports = OverrideSet

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "8.0.3",
+  "version": "8.0.4",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",