@pnpm/installing.deps-resolver 1100.1.2 → 1100.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/getNonDevWantedDependencies.d.ts +4 -1
- package/lib/getNonDevWantedDependencies.js +6 -0
- package/lib/getWantedDependencies.js +5 -0
- package/lib/resolveDependencies.d.ts +1 -0
- package/lib/resolveDependencies.js +9 -3
- package/lib/resolveDependencyTree.d.ts +1 -0
- package/lib/resolveDependencyTree.js +1 -0
- package/lib/validateDependencyAlias.d.ts +2 -0
- package/lib/validateDependencyAlias.js +24 -0
- package/package.json +24 -22
|
@@ -7,6 +7,9 @@ export interface WantedDependency {
|
|
|
7
7
|
injected?: boolean;
|
|
8
8
|
saveCatalogName?: string;
|
|
9
9
|
}
|
|
10
|
-
type GetNonDevWantedDependenciesManifest = Pick<DependencyManifest, 'bundleDependencies' | 'bundledDependencies' | 'optionalDependencies' | 'dependencies' | 'dependenciesMeta'
|
|
10
|
+
type GetNonDevWantedDependenciesManifest = Pick<DependencyManifest, 'bundleDependencies' | 'bundledDependencies' | 'optionalDependencies' | 'dependencies' | 'dependenciesMeta'> & {
|
|
11
|
+
name?: string;
|
|
12
|
+
version?: string;
|
|
13
|
+
};
|
|
11
14
|
export declare function getNonDevWantedDependencies(pkg: GetNonDevWantedDependenciesManifest): WantedDependency[];
|
|
12
15
|
export {};
|
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
import { pickBy } from 'ramda';
|
|
2
|
+
import { assertValidDependencyAliases } from './validateDependencyAlias.js';
|
|
2
3
|
export function getNonDevWantedDependencies(pkg) {
|
|
4
|
+
const pkgDescription = pkg.name != null
|
|
5
|
+
? `Package "${pkg.name}${pkg.version != null ? `@${pkg.version}` : ''}"`
|
|
6
|
+
: 'Package';
|
|
7
|
+
assertValidDependencyAliases(pkg.dependencies, pkgDescription);
|
|
8
|
+
assertValidDependencyAliases(pkg.optionalDependencies, pkgDescription);
|
|
3
9
|
let bd = pkg.bundledDependencies ?? pkg.bundleDependencies;
|
|
4
10
|
if (bd === true) {
|
|
5
11
|
bd = pkg.dependencies != null ? Object.keys(pkg.dependencies) : [];
|
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
import { filterDependenciesByType } from '@pnpm/pkg-manifest.utils';
|
|
2
|
+
import { assertValidDependencyAliases } from './validateDependencyAlias.js';
|
|
2
3
|
export function getWantedDependencies(pkg, opts) {
|
|
4
|
+
assertValidDependencyAliases(pkg.dependencies, 'The current package');
|
|
5
|
+
assertValidDependencyAliases(pkg.devDependencies, 'The current package');
|
|
6
|
+
assertValidDependencyAliases(pkg.optionalDependencies, 'The current package');
|
|
7
|
+
assertValidDependencyAliases(pkg.peerDependencies, 'The current package');
|
|
3
8
|
let depsToInstall = filterDependenciesByType(pkg, opts?.includeDirect ?? {
|
|
4
9
|
dependencies: true,
|
|
5
10
|
devDependencies: true,
|
|
@@ -321,8 +321,12 @@ export async function resolveDependencies(ctx, preferredVersions, wantedDependen
|
|
|
321
321
|
const postponedResolutionsQueue = [];
|
|
322
322
|
const postponedPeersResolutionQueue = [];
|
|
323
323
|
const pkgAddresses = [];
|
|
324
|
-
|
|
325
|
-
|
|
324
|
+
// Resolve in parallel, then drain the results in input order. Pushing
|
|
325
|
+
// from inside the Promise.all callbacks would leak completion-order timing
|
|
326
|
+
// into pkgAddresses / postponedResolutionsQueue, which downstream
|
|
327
|
+
// determines how cyclic peer suffixes are assigned. See pnpm/pnpm#8155.
|
|
328
|
+
const resolvedDependencies = await Promise.all(extendedWantedDeps.map((extendedWantedDep) => resolveDependenciesOfDependency(ctx, preferredVersions, options, extendedWantedDep)));
|
|
329
|
+
for (const { resolveDependencyResult, postponedResolution, postponedPeersResolution } of resolvedDependencies) {
|
|
326
330
|
if (resolveDependencyResult) {
|
|
327
331
|
pkgAddresses.push(resolveDependencyResult);
|
|
328
332
|
}
|
|
@@ -332,7 +336,7 @@ export async function resolveDependencies(ctx, preferredVersions, wantedDependen
|
|
|
332
336
|
if (postponedPeersResolution) {
|
|
333
337
|
postponedPeersResolutionQueue.push(postponedPeersResolution);
|
|
334
338
|
}
|
|
335
|
-
}
|
|
339
|
+
}
|
|
336
340
|
const newPreferredVersions = Object.create(preferredVersions);
|
|
337
341
|
const currentParentPkgAliases = {};
|
|
338
342
|
for (const pkgAddress of pkgAddresses) {
|
|
@@ -446,6 +450,7 @@ async function resolveDependenciesOfDependency(ctx, preferredVersions, options,
|
|
|
446
450
|
proceed: extendedWantedDep.proceed || updateShouldContinue || ctx.updatedSet.size > 0,
|
|
447
451
|
publishedBy: options.publishedBy,
|
|
448
452
|
update: update ? options.updateToLatest ? 'latest' : 'compatible' : false,
|
|
453
|
+
updateChecksums: ctx.updateChecksums,
|
|
449
454
|
updateDepth,
|
|
450
455
|
updateRequested,
|
|
451
456
|
supportedArchitectures: options.supportedArchitectures,
|
|
@@ -781,6 +786,7 @@ async function resolveDependency(wantedDependency, ctx, options) {
|
|
|
781
786
|
trustPolicyExclude: ctx.trustPolicyExclude,
|
|
782
787
|
trustPolicyIgnoreAfter: ctx.trustPolicyIgnoreAfter,
|
|
783
788
|
update: options.update,
|
|
789
|
+
updateChecksums: options.updateChecksums,
|
|
784
790
|
workspacePackages: ctx.workspacePackages,
|
|
785
791
|
supportedArchitectures: options.supportedArchitectures,
|
|
786
792
|
onFetchError: (err) => {
|
|
@@ -24,6 +24,7 @@ export async function resolveDependencyTree(importers, opts) {
|
|
|
24
24
|
engineStrict: opts.engineStrict,
|
|
25
25
|
force: opts.force,
|
|
26
26
|
forceFullResolution: opts.forceFullResolution,
|
|
27
|
+
updateChecksums: opts.updateChecksums,
|
|
27
28
|
ignoreScripts: opts.ignoreScripts,
|
|
28
29
|
injectWorkspacePackages: opts.injectWorkspacePackages,
|
|
29
30
|
linkWorkspacePackagesDepth: opts.linkWorkspacePackagesDepth ?? -1,
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { PnpmError } from '@pnpm/error';
|
|
2
|
+
import validateNpmPackageName from 'validate-npm-package-name';
|
|
3
|
+
// An alias is the directory name pnpm creates inside `node_modules`, so
|
|
4
|
+
// it must be a valid npm package name. Anything else (path-traversal
|
|
5
|
+
// shapes such as `@x/../../../../../.git/hooks`, control characters,
|
|
6
|
+
// names that collide with pnpm's own `node_modules` layout such as
|
|
7
|
+
// `.bin` / `.pnpm` / `node_modules`) is rejected. Matches the
|
|
8
|
+
// `validForOldPackages` check `parseWantedDependency` applies to
|
|
9
|
+
// CLI-given names.
|
|
10
|
+
export function isValidDependencyAlias(alias) {
|
|
11
|
+
return typeof alias === 'string' && validateNpmPackageName(alias).validForOldPackages;
|
|
12
|
+
}
|
|
13
|
+
export function assertValidDependencyAliases(deps, parentPkgDescription) {
|
|
14
|
+
if (deps == null)
|
|
15
|
+
return;
|
|
16
|
+
for (const alias of Object.keys(deps)) {
|
|
17
|
+
if (!isValidDependencyAlias(alias)) {
|
|
18
|
+
throw new PnpmError('INVALID_DEPENDENCY_NAME', `${parentPkgDescription} contains a dependency with an invalid name: ${JSON.stringify(alias)}`, {
|
|
19
|
+
hint: 'A dependency name must be a valid npm package name — a single `name` or `@scope/name` consisting of URL-friendly characters, with no leading `.` or `_`, and not equal to reserved names such as `node_modules`.',
|
|
20
|
+
});
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=validateDependencyAlias.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/installing.deps-resolver",
|
|
3
|
-
"version": "1100.1.
|
|
3
|
+
"version": "1100.1.4",
|
|
4
4
|
"description": "Resolves dependency graph of a package",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -36,43 +36,45 @@
|
|
|
36
36
|
"ramda": "npm:@pnpm/ramda@0.28.1",
|
|
37
37
|
"rename-overwrite": "^7.0.1",
|
|
38
38
|
"safe-promise-defer": "^2.0.0",
|
|
39
|
-
"semver": "^7.
|
|
39
|
+
"semver": "^7.8.1",
|
|
40
40
|
"semver-range-intersect": "^0.3.1",
|
|
41
|
+
"validate-npm-package-name": "7.0.2",
|
|
41
42
|
"version-selector-type": "^3.0.0",
|
|
42
43
|
"@pnpm/catalogs.types": "1100.0.0",
|
|
43
44
|
"@pnpm/constants": "1100.0.0",
|
|
44
|
-
"@pnpm/
|
|
45
|
-
"@pnpm/
|
|
46
|
-
"@pnpm/
|
|
47
|
-
"@pnpm/deps.
|
|
48
|
-
"@pnpm/deps.path": "1100.0.4",
|
|
45
|
+
"@pnpm/config.version-policy": "1100.1.2",
|
|
46
|
+
"@pnpm/core-loggers": "1100.1.2",
|
|
47
|
+
"@pnpm/deps.graph-hasher": "1100.2.2",
|
|
48
|
+
"@pnpm/deps.path": "1100.0.5",
|
|
49
49
|
"@pnpm/deps.peer-range": "1100.0.1",
|
|
50
|
-
"@pnpm/
|
|
50
|
+
"@pnpm/catalogs.resolver": "1100.0.0",
|
|
51
|
+
"@pnpm/hooks.types": "1100.0.9",
|
|
52
|
+
"@pnpm/fetching.pick-fetcher": "1100.0.9",
|
|
53
|
+
"@pnpm/lockfile.preferred-versions": "1100.0.12",
|
|
54
|
+
"@pnpm/lockfile.types": "1100.0.8",
|
|
55
|
+
"@pnpm/lockfile.utils": "1100.0.10",
|
|
56
|
+
"@pnpm/patching.config": "1100.0.5",
|
|
57
|
+
"@pnpm/lockfile.pruner": "1100.0.8",
|
|
58
|
+
"@pnpm/pkg-manifest.reader": "1100.0.5",
|
|
59
|
+
"@pnpm/resolving.npm-resolver": "1101.3.3",
|
|
51
60
|
"@pnpm/error": "1100.0.0",
|
|
52
|
-
"@pnpm/lockfile.preferred-versions": "1100.0.11",
|
|
53
|
-
"@pnpm/lockfile.pruner": "1100.0.7",
|
|
54
|
-
"@pnpm/lockfile.types": "1100.0.7",
|
|
55
|
-
"@pnpm/hooks.types": "1100.0.8",
|
|
56
|
-
"@pnpm/lockfile.utils": "1100.0.9",
|
|
57
|
-
"@pnpm/patching.config": "1100.0.4",
|
|
58
61
|
"@pnpm/patching.types": "1100.0.0",
|
|
59
|
-
"@pnpm/
|
|
60
|
-
"@pnpm/
|
|
61
|
-
"@pnpm/types": "1101.1.1",
|
|
62
|
-
"@pnpm/store.controller-types": "1100.1.1",
|
|
62
|
+
"@pnpm/resolving.resolver-base": "1100.3.1",
|
|
63
|
+
"@pnpm/store.controller-types": "1100.1.2",
|
|
63
64
|
"@pnpm/workspace.spec-parser": "1100.0.0",
|
|
64
|
-
"@pnpm/
|
|
65
|
-
"@pnpm/
|
|
65
|
+
"@pnpm/pkg-manifest.utils": "1100.2.1",
|
|
66
|
+
"@pnpm/types": "1101.2.0"
|
|
66
67
|
},
|
|
67
68
|
"peerDependencies": {
|
|
68
|
-
"@pnpm/logger": "
|
|
69
|
+
"@pnpm/logger": "^1001.0.1"
|
|
69
70
|
},
|
|
70
71
|
"devDependencies": {
|
|
71
72
|
"@jest/globals": "30.3.0",
|
|
72
73
|
"@types/normalize-path": "^3.0.2",
|
|
73
74
|
"@types/ramda": "0.31.1",
|
|
74
75
|
"@types/semver": "7.7.1",
|
|
75
|
-
"@
|
|
76
|
+
"@types/validate-npm-package-name": "^4.0.2",
|
|
77
|
+
"@pnpm/installing.deps-resolver": "1100.1.4",
|
|
76
78
|
"@pnpm/logger": "1100.0.0"
|
|
77
79
|
},
|
|
78
80
|
"engines": {
|