@pnpm/lockfile.utils 1100.0.3 → 1100.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import url from 'node:url';
|
|
2
|
+
import * as dp from '@pnpm/deps.path';
|
|
2
3
|
import { isGitHostedPkgUrl } from '@pnpm/fetching.pick-fetcher';
|
|
3
4
|
import getNpmTarballUrl from 'get-npm-tarball-url';
|
|
4
5
|
import { nameVerFromPkgSnapshot } from './nameVerFromPkgSnapshot.js';
|
|
@@ -8,6 +9,16 @@ export function pkgSnapshotToResolution(depPath, pkgSnapshot, registries) {
|
|
|
8
9
|
isGitHostedPkgUrl(pkgSnapshot.resolution.tarball ?? '')) {
|
|
9
10
|
return pkgSnapshot.resolution;
|
|
10
11
|
}
|
|
12
|
+
// Recover the tarball field for `file:` snapshots whose resolution lost
|
|
13
|
+
// its tarball (e.g. lockfiles written by an earlier pnpm 11 version that
|
|
14
|
+
// dropped the tarball under `lockfile-include-tarball-url=false`).
|
|
15
|
+
const nonSemverVersion = dp.parse(depPath).nonSemverVersion;
|
|
16
|
+
if (nonSemverVersion?.startsWith('file:')) {
|
|
17
|
+
return {
|
|
18
|
+
...pkgSnapshot.resolution,
|
|
19
|
+
tarball: nonSemverVersion,
|
|
20
|
+
};
|
|
21
|
+
}
|
|
11
22
|
const { name, version } = nameVerFromPkgSnapshot(depPath, pkgSnapshot);
|
|
12
23
|
let registry = '';
|
|
13
24
|
if (name != null) {
|
|
@@ -1,12 +1,24 @@
|
|
|
1
|
+
import { isGitHostedPkgUrl } from '@pnpm/fetching.pick-fetcher';
|
|
1
2
|
import getNpmTarballUrl from 'get-npm-tarball-url';
|
|
2
3
|
export function toLockfileResolution(pkg, resolution, registry, lockfileIncludeTarballUrl) {
|
|
3
4
|
if (resolution.type !== undefined || !resolution['integrity']) {
|
|
4
5
|
return resolution;
|
|
5
6
|
}
|
|
7
|
+
const tarball = resolution['tarball'];
|
|
6
8
|
if (lockfileIncludeTarballUrl) {
|
|
7
9
|
return {
|
|
8
10
|
integrity: resolution['integrity'],
|
|
9
|
-
tarball
|
|
11
|
+
tarball,
|
|
12
|
+
};
|
|
13
|
+
}
|
|
14
|
+
// Tarball URLs that cannot be reconstructed from the package name, version,
|
|
15
|
+
// and registry must always stay in the lockfile, otherwise the package can
|
|
16
|
+
// no longer be re-fetched. This covers local `file:` tarballs and tarballs
|
|
17
|
+
// served by git providers (GitHub, GitLab, Bitbucket).
|
|
18
|
+
if (tarball != null && (tarball.startsWith('file:') || isGitHostedPkgUrl(tarball))) {
|
|
19
|
+
return {
|
|
20
|
+
integrity: resolution['integrity'],
|
|
21
|
+
tarball,
|
|
10
22
|
};
|
|
11
23
|
}
|
|
12
24
|
if (lockfileIncludeTarballUrl === false) {
|
|
@@ -18,11 +30,11 @@ export function toLockfileResolution(pkg, resolution, registry, lockfileIncludeT
|
|
|
18
30
|
// For instance, when they are hosted on npm Enterprise. See https://github.com/pnpm/pnpm/issues/867
|
|
19
31
|
// Or in other weird cases, like https://github.com/pnpm/pnpm/issues/1072
|
|
20
32
|
const expectedTarball = getNpmTarballUrl(pkg.name, pkg.version, { registry });
|
|
21
|
-
const actualTarball =
|
|
33
|
+
const actualTarball = tarball.replaceAll('%2f', '/');
|
|
22
34
|
if (removeProtocol(expectedTarball) !== removeProtocol(actualTarball)) {
|
|
23
35
|
return {
|
|
24
36
|
integrity: resolution['integrity'],
|
|
25
|
-
tarball
|
|
37
|
+
tarball,
|
|
26
38
|
};
|
|
27
39
|
}
|
|
28
40
|
return {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/lockfile.utils",
|
|
3
|
-
"version": "1100.0.
|
|
3
|
+
"version": "1100.0.4",
|
|
4
4
|
"description": "Utils for dealing with pnpm-lock.yaml",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -28,20 +28,21 @@
|
|
|
28
28
|
"dependencies": {
|
|
29
29
|
"get-npm-tarball-url": "^2.1.0",
|
|
30
30
|
"ramda": "npm:@pnpm/ramda@0.28.1",
|
|
31
|
-
"@pnpm/deps.path": "1100.0.
|
|
31
|
+
"@pnpm/deps.path": "1100.0.2",
|
|
32
32
|
"@pnpm/error": "1100.0.0",
|
|
33
|
-
"@pnpm/
|
|
34
|
-
"@pnpm/lockfile.types": "1100.0.
|
|
35
|
-
"@pnpm/resolving.resolver-base": "1100.1.
|
|
36
|
-
"@pnpm/types": "
|
|
37
|
-
"@pnpm/
|
|
33
|
+
"@pnpm/fetching.pick-fetcher": "1100.0.4",
|
|
34
|
+
"@pnpm/lockfile.types": "1100.0.3",
|
|
35
|
+
"@pnpm/resolving.resolver-base": "1100.1.1",
|
|
36
|
+
"@pnpm/hooks.types": "1100.0.4",
|
|
37
|
+
"@pnpm/types": "1101.0.0"
|
|
38
38
|
},
|
|
39
39
|
"devDependencies": {
|
|
40
|
+
"@jest/globals": "30.3.0",
|
|
40
41
|
"@types/ramda": "0.31.1",
|
|
41
42
|
"tempy": "3.0.0",
|
|
42
43
|
"write-yaml-file": "^6.0.0",
|
|
43
44
|
"yaml-tag": "1.1.0",
|
|
44
|
-
"@pnpm/lockfile.utils": "1100.0.
|
|
45
|
+
"@pnpm/lockfile.utils": "1100.0.4"
|
|
45
46
|
},
|
|
46
47
|
"engines": {
|
|
47
48
|
"node": ">=22.13"
|