@pnpm/lockfile.utils 1100.0.5 → 1100.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/toLockfileResolution.js +15 -8
- package/package.json +7 -7
|
@@ -3,12 +3,18 @@ export function toLockfileResolution(pkg, resolution, registry, lockfileIncludeT
|
|
|
3
3
|
if (resolution.type !== undefined || !resolution['integrity']) {
|
|
4
4
|
return resolution;
|
|
5
5
|
}
|
|
6
|
+
// Tarball-typed resolutions are guaranteed to carry a tarball URL by the
|
|
7
|
+
// resolver, but guard for unexpected inputs (e.g. resolutions deserialized
|
|
8
|
+
// from external state) so we don't blow up on a missing field.
|
|
6
9
|
const tarball = resolution['tarball'];
|
|
10
|
+
if (tarball == null) {
|
|
11
|
+
return { integrity: resolution['integrity'] };
|
|
12
|
+
}
|
|
7
13
|
// Honor the resolver-supplied flag, with a URL fallback for resolutions
|
|
8
14
|
// that didn't go through the git resolver (e.g. config-dep migrations or
|
|
9
15
|
// legacy lockfiles read by callers that don't enrich the field).
|
|
10
16
|
const gitHosted = resolution.gitHosted === true ||
|
|
11
|
-
|
|
17
|
+
isGitHostedTarballUrl(tarball);
|
|
12
18
|
if (lockfileIncludeTarballUrl) {
|
|
13
19
|
return preservingGitHosted({
|
|
14
20
|
integrity: resolution['integrity'],
|
|
@@ -19,20 +25,21 @@ export function toLockfileResolution(pkg, resolution, registry, lockfileIncludeT
|
|
|
19
25
|
// and registry must always stay in the lockfile, otherwise the package can
|
|
20
26
|
// no longer be re-fetched. This covers local `file:` tarballs and tarballs
|
|
21
27
|
// served by git providers (GitHub, GitLab, Bitbucket).
|
|
22
|
-
if (tarball
|
|
28
|
+
if (tarball.startsWith('file:') || gitHosted) {
|
|
23
29
|
return preservingGitHosted({
|
|
24
30
|
integrity: resolution['integrity'],
|
|
25
31
|
tarball,
|
|
26
32
|
}, gitHosted);
|
|
27
33
|
}
|
|
28
|
-
if (lockfileIncludeTarballUrl === false) {
|
|
29
|
-
return {
|
|
30
|
-
integrity: resolution['integrity'],
|
|
31
|
-
};
|
|
32
|
-
}
|
|
33
34
|
// Sometimes packages are hosted under non-standard tarball URLs.
|
|
34
35
|
// For instance, when they are hosted on npm Enterprise. See https://github.com/pnpm/pnpm/issues/867
|
|
35
|
-
// Or in other weird cases, like https://github.com/pnpm/pnpm/issues/1072
|
|
36
|
+
// Or in other weird cases, like https://github.com/pnpm/pnpm/issues/1072.
|
|
37
|
+
// Even when the user explicitly sets `lockfileIncludeTarballUrl: false`, we
|
|
38
|
+
// must preserve such URLs — otherwise the package cannot be re-fetched on a
|
|
39
|
+
// frozen-lockfile install (e.g. GitHub Packages tarballs at
|
|
40
|
+
// `https://npm.pkg.github.com/download/<scope>/<name>/<version>/<hash>`).
|
|
41
|
+
// `lockfileIncludeTarballUrl` only controls whether URLs that *can* be
|
|
42
|
+
// derived from name+version+registry are written.
|
|
36
43
|
const expectedTarball = getNpmTarballUrl(pkg.name, pkg.version, { registry });
|
|
37
44
|
const actualTarball = tarball.replaceAll('%2f', '/');
|
|
38
45
|
if (removeProtocol(expectedTarball) !== removeProtocol(actualTarball)) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pnpm/lockfile.utils",
|
|
3
|
-
"version": "1100.0.
|
|
3
|
+
"version": "1100.0.7",
|
|
4
4
|
"description": "Utils for dealing with pnpm-lock.yaml",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pnpm",
|
|
@@ -28,12 +28,12 @@
|
|
|
28
28
|
"dependencies": {
|
|
29
29
|
"get-npm-tarball-url": "^2.1.0",
|
|
30
30
|
"ramda": "npm:@pnpm/ramda@0.28.1",
|
|
31
|
+
"@pnpm/deps.path": "1100.0.3",
|
|
32
|
+
"@pnpm/lockfile.types": "1100.0.5",
|
|
31
33
|
"@pnpm/error": "1100.0.0",
|
|
32
|
-
"@pnpm/
|
|
33
|
-
"@pnpm/
|
|
34
|
-
"@pnpm/
|
|
35
|
-
"@pnpm/resolving.resolver-base": "1100.1.2",
|
|
36
|
-
"@pnpm/types": "1101.0.0"
|
|
34
|
+
"@pnpm/types": "1101.1.0",
|
|
35
|
+
"@pnpm/resolving.resolver-base": "1100.1.3",
|
|
36
|
+
"@pnpm/hooks.types": "1100.0.6"
|
|
37
37
|
},
|
|
38
38
|
"devDependencies": {
|
|
39
39
|
"@jest/globals": "30.3.0",
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
"tempy": "3.0.0",
|
|
42
42
|
"write-yaml-file": "^6.0.0",
|
|
43
43
|
"yaml-tag": "1.1.0",
|
|
44
|
-
"@pnpm/lockfile.utils": "1100.0.
|
|
44
|
+
"@pnpm/lockfile.utils": "1100.0.7"
|
|
45
45
|
},
|
|
46
46
|
"engines": {
|
|
47
47
|
"node": ">=22.13"
|