@pnpm/installing.deps-installer 1102.1.1 → 1102.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/install/index.js +27 -19
- package/package.json +46 -46
package/lib/install/index.js
CHANGED
|
@@ -19,7 +19,7 @@ import { extendProjectsWithTargetDirs, headlessInstall } from '@pnpm/installing.
|
|
|
19
19
|
import { readModulesManifest, writeModulesManifest } from '@pnpm/installing.modules-yaml';
|
|
20
20
|
import { cleanGitBranchLockfiles, getWantedLockfileName, isEmptyLockfile, readEnvLockfile, readWantedLockfile, readWantedLockfileFile, writeCurrentLockfile, writeEnvLockfile, writeLockfiles, writeWantedLockfile, } from '@pnpm/lockfile.fs';
|
|
21
21
|
import { getPreferredVersionsFromLockfileAndManifests } from '@pnpm/lockfile.preferred-versions';
|
|
22
|
-
import { calcPatchHashes, createOverridesMapFromParsed, getOutdatedLockfileSetting, } from '@pnpm/lockfile.settings-checker';
|
|
22
|
+
import { calcPatchHashes, createOverridesMapFromParsed, getOutdatedLockfileSetting, resolvePatchedDependencies, } from '@pnpm/lockfile.settings-checker';
|
|
23
23
|
import { PACKAGE_MAP_FILENAME, writePackageMap, writePnpFile } from '@pnpm/lockfile.to-pnp';
|
|
24
24
|
import { allProjectsAreUpToDate, satisfiesPackageManifest } from '@pnpm/lockfile.verification';
|
|
25
25
|
import { globalInfo, logger, streamParser } from '@pnpm/logger';
|
|
@@ -399,20 +399,17 @@ export async function mutateModules(projects, maybeOpts) {
|
|
|
399
399
|
}
|
|
400
400
|
const packageExtensionsChecksum = hashObjectNullableWithPrefix(opts.packageExtensions);
|
|
401
401
|
const pnpmfileChecksum = await opts.hooks.calculatePnpmfileChecksum?.();
|
|
402
|
+
const resolvedPatchedDeps = resolvePatchedDependencies(opts.patchedDependencies, opts.lockfileDir);
|
|
402
403
|
const patchedDependencies = opts.ignorePackageManifest
|
|
403
404
|
? ctx.wantedLockfile.patchedDependencies
|
|
404
|
-
: (
|
|
405
|
-
const patchGroupInput =
|
|
405
|
+
: (resolvedPatchedDeps ? await calcPatchHashes(resolvedPatchedDeps) : {});
|
|
406
|
+
const patchGroupInput = resolvedPatchedDeps
|
|
406
407
|
? Object.fromEntries(Object.entries(patchedDependencies ?? {}).map(([key, hash]) => {
|
|
407
|
-
let patchFilePath =
|
|
408
|
-
? path.resolve(opts.lockfileDir, opts.patchedDependencies[key])
|
|
409
|
-
: undefined;
|
|
408
|
+
let patchFilePath = resolvedPatchedDeps[key];
|
|
410
409
|
if (!patchFilePath) {
|
|
411
410
|
const lastAt = key.lastIndexOf('@');
|
|
412
411
|
const pkgName = lastAt > 0 ? key.slice(0, lastAt) : key;
|
|
413
|
-
|
|
414
|
-
patchFilePath = path.resolve(opts.lockfileDir, opts.patchedDependencies[pkgName]);
|
|
415
|
-
}
|
|
412
|
+
patchFilePath = resolvedPatchedDeps[pkgName];
|
|
416
413
|
}
|
|
417
414
|
return [key, { hash, patchFilePath }];
|
|
418
415
|
}))
|
|
@@ -1069,10 +1066,23 @@ const _installInContext = async (projects, ctx, opts) => {
|
|
|
1069
1066
|
prefix: ctx.lockfileDir,
|
|
1070
1067
|
stage: 'resolution_started',
|
|
1071
1068
|
});
|
|
1072
|
-
|
|
1073
|
-
|
|
1074
|
-
|
|
1075
|
-
|
|
1069
|
+
// Always seed preferred versions from the lockfile, even for update
|
|
1070
|
+
// mutations. Gating this on `update` (the previous behavior) nullified
|
|
1071
|
+
// the seed globally during `pnpm up -r <pkg>`, so unrelated packages
|
|
1072
|
+
// with open ranges lost their pins and re-resolved to newest-in-range
|
|
1073
|
+
// (pnpm/pnpm#10662). The targeted package still bumps: `updateRequested`
|
|
1074
|
+
// at the npm picker subtracts the lockfile-derived weight from its pins,
|
|
1075
|
+
// so the target re-resolves exactly as a fresh install would after its
|
|
1076
|
+
// lockfile entries were deleted.
|
|
1077
|
+
// Caller-supplied preferred versions (audit-fix vulnerability penalties)
|
|
1078
|
+
// layer on top of the seed per package name — replacing the seed with
|
|
1079
|
+
// them would unpin every unrelated package.
|
|
1080
|
+
// Null-prototype merge target so a crafted package name (e.g. `__proto__`)
|
|
1081
|
+
// lands as a plain own key instead of invoking the prototype setter.
|
|
1082
|
+
const preferredVersions = Object.assign(Object.create(null), getPreferredVersionsFromLockfileAndManifests(ctx.wantedLockfile.packages, Object.values(ctx.projects).map(({ manifest }) => manifest)));
|
|
1083
|
+
for (const [pkgName, selectors] of Object.entries(opts.preferredVersions ?? {})) {
|
|
1084
|
+
preferredVersions[pkgName] = { ...preferredVersions[pkgName], ...selectors };
|
|
1085
|
+
}
|
|
1076
1086
|
const forceFullResolution = ctx.wantedLockfile.lockfileVersion !== LOCKFILE_VERSION ||
|
|
1077
1087
|
!opts.currentLockfileIsUpToDate ||
|
|
1078
1088
|
opts.force ||
|
|
@@ -2043,12 +2053,11 @@ async function installViaPnprServer(manifest, rootDir, opts, allInstallProjects)
|
|
|
2043
2053
|
throw new PnpmError('TRUST_POLICY_INCOMPATIBLE_WITH_PNPR', 'The pnpr server does not yet enforce `trustPolicy: no-downgrade`, so running an install through it under this policy would produce a lockfile that the local verifier rejects.', { hint: 'Unset `trustPolicy` for this install, or disable the pnpr server (unset `--pnpr-server` / `pnprServer` in pnpm-workspace.yaml) so resolution runs locally and the trust check applies.' });
|
|
2044
2054
|
}
|
|
2045
2055
|
const { resolveViaPnprServer } = await import('@pnpm/pnpr.client');
|
|
2046
|
-
const { createGetAuthHeaderByURI
|
|
2047
|
-
//
|
|
2048
|
-
//
|
|
2049
|
-
//
|
|
2056
|
+
const { createGetAuthHeaderByURI } = await import('@pnpm/network.auth-header');
|
|
2057
|
+
// Identify the caller to pnpr's gate. The client does not forward its
|
|
2058
|
+
// upstream registry credentials: pnpr selects upstream credentials from
|
|
2059
|
+
// its own route policy, so they never travel in the request body.
|
|
2050
2060
|
const configByUri = opts.configByUri ?? {};
|
|
2051
|
-
const forwardedAuthHeaders = getAuthHeadersFromCreds(configByUri);
|
|
2052
2061
|
const pnprAuthorization = createGetAuthHeaderByURI(configByUri)(opts.pnprServer);
|
|
2053
2062
|
try {
|
|
2054
2063
|
const lockfileDir = opts.lockfileDir ?? rootDir;
|
|
@@ -2079,7 +2088,6 @@ async function installViaPnprServer(manifest, rootDir, opts, allInstallProjects)
|
|
|
2079
2088
|
projects: projectsList,
|
|
2080
2089
|
registry: opts.registries?.default,
|
|
2081
2090
|
namedRegistries: opts.namedRegistries,
|
|
2082
|
-
authHeaders: getAuthHeadersByScope(forwardedAuthHeaders),
|
|
2083
2091
|
authorization: pnprAuthorization,
|
|
2084
2092
|
overrides: opts.overrides,
|
|
2085
2093
|
minimumReleaseAge: opts.minimumReleaseAge,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/installing.deps-installer",
|
|
3
|
-
"version": "1102.
|
|
3
|
+
"version": "1102.2.1",
|
|
4
4
|
"description": "Fast, disk space efficient installation engine",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -65,62 +65,62 @@
|
|
|
65
65
|
"ramda": "npm:@pnpm/ramda@0.28.1",
|
|
66
66
|
"run-groups": "^5.0.0",
|
|
67
67
|
"semver": "^7.8.4",
|
|
68
|
-
"@pnpm/bins.remover": "1100.0.
|
|
69
|
-
"@pnpm/building.during-install": "1102.0.2",
|
|
68
|
+
"@pnpm/bins.remover": "1100.0.12",
|
|
70
69
|
"@pnpm/bins.linker": "1100.0.16",
|
|
70
|
+
"@pnpm/building.during-install": "1102.0.4",
|
|
71
|
+
"@pnpm/building.after-install": "1102.0.4",
|
|
72
|
+
"@pnpm/building.policy": "1100.0.12",
|
|
71
73
|
"@pnpm/catalogs.config": "1100.0.2",
|
|
72
|
-
"@pnpm/building.policy": "1100.0.11",
|
|
73
|
-
"@pnpm/building.after-install": "1102.0.2",
|
|
74
|
-
"@pnpm/catalogs.types": "1100.0.0",
|
|
75
|
-
"@pnpm/catalogs.resolver": "1100.0.0",
|
|
76
74
|
"@pnpm/catalogs.protocol-parser": "1100.0.0",
|
|
77
|
-
"@pnpm/
|
|
78
|
-
"@pnpm/
|
|
75
|
+
"@pnpm/catalogs.resolver": "1100.0.0",
|
|
76
|
+
"@pnpm/catalogs.types": "1100.0.0",
|
|
79
77
|
"@pnpm/config.matcher": "1100.0.1",
|
|
78
|
+
"@pnpm/config.normalize-registries": "1100.0.8",
|
|
80
79
|
"@pnpm/core-loggers": "1100.2.1",
|
|
81
80
|
"@pnpm/constants": "1100.0.0",
|
|
81
|
+
"@pnpm/deps.graph-hasher": "1100.2.8",
|
|
82
|
+
"@pnpm/crypto.object-hasher": "1100.0.0",
|
|
83
|
+
"@pnpm/deps.path": "1100.0.8",
|
|
82
84
|
"@pnpm/crypto.hash": "1100.0.1",
|
|
83
|
-
"@pnpm/deps.graph-hasher": "1100.2.6",
|
|
84
85
|
"@pnpm/deps.graph-sequencer": "1100.0.0",
|
|
85
|
-
"@pnpm/crypto.object-hasher": "1100.0.0",
|
|
86
86
|
"@pnpm/error": "1100.0.1",
|
|
87
87
|
"@pnpm/fs.read-modules-dir": "1100.0.1",
|
|
88
|
-
"@pnpm/
|
|
89
|
-
"@pnpm/exec.lifecycle": "1100.1.1",
|
|
88
|
+
"@pnpm/hooks.types": "1100.1.1",
|
|
90
89
|
"@pnpm/fs.symlink-dependency": "1100.0.10",
|
|
91
|
-
"@pnpm/
|
|
92
|
-
"@pnpm/
|
|
93
|
-
"@pnpm/installing.deps-resolver": "1100.2.
|
|
94
|
-
"@pnpm/
|
|
90
|
+
"@pnpm/installing.context": "1100.0.22",
|
|
91
|
+
"@pnpm/exec.lifecycle": "1100.1.2",
|
|
92
|
+
"@pnpm/installing.deps-resolver": "1100.2.7",
|
|
93
|
+
"@pnpm/config.parse-overrides": "1100.0.2",
|
|
95
94
|
"@pnpm/hooks.read-package-hook": "1100.0.9",
|
|
96
|
-
"@pnpm/installing.linking.direct-dep-linker": "1100.0.10",
|
|
97
95
|
"@pnpm/installing.linking.hoist": "1100.0.16",
|
|
96
|
+
"@pnpm/installing.linking.direct-dep-linker": "1100.0.10",
|
|
97
|
+
"@pnpm/installing.deps-restorer": "1102.1.3",
|
|
98
98
|
"@pnpm/installing.modules-yaml": "1100.0.9",
|
|
99
|
-
"@pnpm/
|
|
100
|
-
"@pnpm/installing.
|
|
101
|
-
"@pnpm/lockfile.
|
|
102
|
-
"@pnpm/lockfile.
|
|
103
|
-
"@pnpm/lockfile.
|
|
104
|
-
"@pnpm/lockfile.
|
|
105
|
-
"@pnpm/lockfile.
|
|
106
|
-
"@pnpm/lockfile.
|
|
107
|
-
"@pnpm/lockfile.
|
|
108
|
-
"@pnpm/
|
|
109
|
-
"@pnpm/lockfile.utils": "1100.1.0",
|
|
110
|
-
"@pnpm/lockfile.walker": "1100.0.12",
|
|
99
|
+
"@pnpm/lockfile.filtering": "1100.1.9",
|
|
100
|
+
"@pnpm/installing.linking.modules-cleaner": "1100.1.10",
|
|
101
|
+
"@pnpm/lockfile.preferred-versions": "1100.0.18",
|
|
102
|
+
"@pnpm/lockfile.pruner": "1100.0.13",
|
|
103
|
+
"@pnpm/lockfile.fs": "1100.1.9",
|
|
104
|
+
"@pnpm/lockfile.to-pnp": "1100.1.3",
|
|
105
|
+
"@pnpm/lockfile.verification": "1100.0.22",
|
|
106
|
+
"@pnpm/lockfile.utils": "1100.1.1",
|
|
107
|
+
"@pnpm/lockfile.settings-checker": "1100.1.1",
|
|
108
|
+
"@pnpm/lockfile.walker": "1100.0.13",
|
|
111
109
|
"@pnpm/network.auth-header": "1101.1.3",
|
|
110
|
+
"@pnpm/patching.config": "1100.0.9",
|
|
112
111
|
"@pnpm/pkg-manifest.utils": "1100.2.6",
|
|
113
112
|
"@pnpm/resolving.parse-wanted-dependency": "1100.0.1",
|
|
114
|
-
"@pnpm/
|
|
113
|
+
"@pnpm/resolving.resolver-base": "1100.5.1",
|
|
114
|
+
"@pnpm/store.controller-types": "1100.1.7",
|
|
115
|
+
"@pnpm/installing.package-requester": "1102.1.1",
|
|
115
116
|
"@pnpm/store.index": "1100.2.1",
|
|
116
|
-
"@pnpm/
|
|
117
|
-
"@pnpm/
|
|
118
|
-
"@pnpm/
|
|
119
|
-
"@pnpm/types": "1101.3.2"
|
|
117
|
+
"@pnpm/pnpr.client": "1.3.1",
|
|
118
|
+
"@pnpm/types": "1101.3.2",
|
|
119
|
+
"@pnpm/workspace.project-manifest-reader": "1100.0.14"
|
|
120
120
|
},
|
|
121
121
|
"peerDependencies": {
|
|
122
122
|
"@pnpm/logger": "^1100.0.0",
|
|
123
|
-
"@pnpm/worker": "^1100.2.
|
|
123
|
+
"@pnpm/worker": "^1100.2.3"
|
|
124
124
|
},
|
|
125
125
|
"devDependencies": {
|
|
126
126
|
"@jest/globals": "30.4.1",
|
|
@@ -141,22 +141,22 @@
|
|
|
141
141
|
"symlink-dir": "^10.0.1",
|
|
142
142
|
"write-json-file": "^7.0.0",
|
|
143
143
|
"write-yaml-file": "^6.0.0",
|
|
144
|
-
"@pnpm/assert-
|
|
145
|
-
"@pnpm/assert-store": "1100.0.17",
|
|
146
|
-
"@pnpm/installing.deps-installer": "1102.1.1",
|
|
147
|
-
"@pnpm/lockfile.types": "1100.0.12",
|
|
144
|
+
"@pnpm/assert-store": "1100.0.18",
|
|
148
145
|
"@pnpm/logger": "1100.0.0",
|
|
149
|
-
"@pnpm/
|
|
150
|
-
"@pnpm/
|
|
151
|
-
"@pnpm/
|
|
146
|
+
"@pnpm/installing.deps-installer": "1102.2.1",
|
|
147
|
+
"@pnpm/network.git-utils": "1100.0.2",
|
|
148
|
+
"@pnpm/lockfile.types": "1100.0.13",
|
|
149
|
+
"@pnpm/prepare": "1100.0.18",
|
|
152
150
|
"@pnpm/pkg-manifest.reader": "1100.0.9",
|
|
151
|
+
"@pnpm/resolving.registry.types": "1100.1.3",
|
|
152
|
+
"@pnpm/assert-project": "1100.0.18",
|
|
153
|
+
"@pnpm/store.cafs": "1100.1.12",
|
|
153
154
|
"@pnpm/store.path": "1100.0.2",
|
|
154
155
|
"@pnpm/test-fixtures": "1100.0.0",
|
|
155
156
|
"@pnpm/test-ipc-server": "1100.0.0",
|
|
157
|
+
"@pnpm/testing.registry-mock": "1100.0.8",
|
|
156
158
|
"@pnpm/testing.mock-agent": "1101.0.4",
|
|
157
|
-
"@pnpm/testing.temp-store": "1100.1.
|
|
158
|
-
"@pnpm/network.git-utils": "1100.0.2",
|
|
159
|
-
"@pnpm/testing.registry-mock": "1100.0.7"
|
|
159
|
+
"@pnpm/testing.temp-store": "1100.1.13"
|
|
160
160
|
},
|
|
161
161
|
"engines": {
|
|
162
162
|
"node": ">=22.13"
|