ic-mops 2.12.1 → 2.12.3

package/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 ## Next
 
+## 2.12.3
+- Fix `mops install --lock update` silently no-op'ing on a corrupt lockfile (#515)
+- `mops publish` no longer rejects unknown `mops.toml` sections, `package.*` keys, or `requirements.*` entries — these typo guards were the only place in the CLI that complained about unknown keys, drifted from the docs/types, and blocked publish on harmless local-only config like `[moc]`, `[canisters]`, `[build]`, and `[lint]` (#512)
+
+## 2.12.2
+- Fix `mops install` (and any `--lock check` flow) failing with "Mismatched number of resolved packages" when a project's resolved dependencies include multiple aliases (e.g. `base`, `base@0`, `base@0.16`) that pin to the same `name@version`
+
 ## 2.12.1
 - `mops check`/`build`/`check-stable` skip migration staging when only the pending `next` migration is needed, so `moc` diagnostics reference the real `next-migration/<file>` path.
 

package/commands/publish.ts

@@ -47,22 +47,6 @@ export async function publish(
 
   console.log(`Publishing ${config.package?.name}@${config.package?.version}`);
 
-  // validate
-  for (let key of Object.keys(config)) {
-    if (
-      ![
-        "package",
-        "dependencies",
-        "dev-dependencies",
-        "toolchain",
-        "requirements",
-      ].includes(key)
-    ) {
-      console.log(chalk.red("Error: ") + `Unknown config section [${key}]`);
-      process.exit(1);
-    }
-  }
-
   // required fields
   if (!config.package) {
     console.log(
@@ -97,29 +81,6 @@ export async function publish(
     }
   }
 
-  let packageKeys = [
-    "name",
-    "version",
-    "keywords",
-    "description",
-    "repository",
-    "documentation",
-    "homepage",
-    "baseDir",
-    "readme",
-    "license",
-    "files",
-    "dfx",
-    "moc",
-    "donation",
-  ];
-  for (let key of Object.keys(config.package)) {
-    if (!packageKeys.includes(key)) {
-      console.log(chalk.red("Error: ") + `Unknown config key 'package.${key}'`);
-      process.exit(1);
-    }
-  }
-
   // disabled fields
   for (let key of ["dfx", "moc", "homepage", "documentation", "donation"]) {
     if ((config.package as any)[key]) {
@@ -222,15 +183,6 @@ export async function publish(
     }
   }
 
-  if (config.requirements) {
-    Object.keys(config.requirements).forEach((name) => {
-      if (name !== "moc") {
-        console.log(chalk.red("Error: ") + `Unknown requirement "${name}"`);
-        return;
-      }
-    });
-  }
-
   let toBackendDep = (dep: Dependency): DependencyV2 => {
     return {
       ...dep,

package/dist/commands/publish.js

@@ -22,19 +22,6 @@ export async function publish(options = {}) {
     let rootDir = getRootDir();
     let config = readConfig();
     console.log(`Publishing ${config.package?.name}@${config.package?.version}`);
-    // validate
-    for (let key of Object.keys(config)) {
-        if (![
-            "package",
-            "dependencies",
-            "dev-dependencies",
-            "toolchain",
-            "requirements",
-        ].includes(key)) {
-            console.log(chalk.red("Error: ") + `Unknown config section [${key}]`);
-            process.exit(1);
-        }
-    }
     // required fields
     if (!config.package) {
         console.log(chalk.red("Error: ") +
@@ -63,28 +50,6 @@ export async function publish(options = {}) {
             }
         }
     }
-    let packageKeys = [
-        "name",
-        "version",
-        "keywords",
-        "description",
-        "repository",
-        "documentation",
-        "homepage",
-        "baseDir",
-        "readme",
-        "license",
-        "files",
-        "dfx",
-        "moc",
-        "donation",
-    ];
-    for (let key of Object.keys(config.package)) {
-        if (!packageKeys.includes(key)) {
-            console.log(chalk.red("Error: ") + `Unknown config key 'package.${key}'`);
-            process.exit(1);
-        }
-    }
     // disabled fields
     for (let key of ["dfx", "moc", "homepage", "documentation", "donation"]) {
         if (config.package[key]) {
@@ -167,14 +132,6 @@ export async function publish(options = {}) {
             }
         }
     }
-    if (config.requirements) {
-        Object.keys(config.requirements).forEach((name) => {
-            if (name !== "moc") {
-                console.log(chalk.red("Error: ") + `Unknown requirement "${name}"`);
-                return;
-            }
-        });
-    }
     let toBackendDep = (dep) => {
         return {
             ...dep,

package/dist/integrity.d.ts

@@ -20,6 +20,8 @@ export declare function getLocalFileHash(fileId: string): string;
 export declare function checkRemote(): Promise<void>;
 export declare function readLockFile(): LockFile | null;
 export declare function checkLockFileLight(): boolean;
-export declare function updateLockFile(): Promise<void>;
+export declare function updateLockFile({ force, }?: {
+    force?: boolean;
+}): Promise<void>;
 export declare function checkLockFile(force?: boolean): Promise<void>;
 export {};

package/dist/integrity.js

@@ -13,7 +13,7 @@ export async function checkIntegrity(lock) {
         lock = process.env["CI"] ? "check" : "update";
     }
     if (lock === "update") {
-        await updateLockFile();
+        await updateLockFile({ force });
         await checkLockFile(force);
     }
     else if (lock === "check") {
@@ -31,7 +31,8 @@ async function getResolvedMopsPackageIds() {
     let packageIds = Object.entries(resolvedPackages)
         .filter(([_, version]) => getDependencyType(version) === "mops")
         .map(([name, version]) => getPackageId(name, version));
-    return packageIds;
+    // dedupe: aliases like `base@0`, `base@0.16` collapse to the same packageId
+    return [...new Set(packageIds)];
 }
 // get hash of local file from '.mops' dir by fileId
 export function getLocalFileHash(fileId) {
@@ -107,9 +108,11 @@ export function checkLockFileLight() {
     }
     return false;
 }
-export async function updateLockFile() {
+export async function updateLockFile({ force = false, } = {}) {
     // if lock file exists and mops.toml hasn't changed, don't update it
-    if (checkLockFileLight()) {
+    // (unless forced: `--lock update` must unconditionally regenerate so users
+    // can recover from a corrupt lockfile without `rm mops.lock`)
+    if (!force && checkLockFileLight()) {
         return;
     }
     let resolvedDeps = await resolvePackages();
@@ -227,6 +230,9 @@ export async function checkLockFile(force = false) {
                 console.error(`Mismatched hash for ${fileId}`);
                 console.error(`Locked hash: ${lockedHash}`);
                 console.error(`Actual hash: ${localHash}`);
+                console.error("");
+                console.error("If you have not modified files under .mops/, your lockfile may be stale or corrupt.");
+                console.error("Run `mops install --lock update` to regenerate it.");
                 process.exit(1);
             }
         }

package/dist/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ic-mops",
-  "version": "2.12.1",
+  "version": "2.12.3",
   "type": "module",
   "bin": {
     "mops": "bin/mops.js",

package/dist/tests/cli.test.js

@@ -1,5 +1,5 @@
 import { describe, expect, jest, test } from "@jest/globals";
-import { existsSync, rmSync } from "node:fs";
+import { existsSync, readFileSync, rmSync, writeFileSync } from "node:fs";
 import path from "path";
 import { cli } from "./helpers";
 describe("cli", () => {
@@ -67,4 +67,53 @@ describe("install", () => {
     });
     // mops add/remove/update/sync are not separately tested here because they
     // all route through the same checkIntegrity code path tested above.
+    // Regression: aliases pinning the same package@version (e.g. `core` and
+    // `core@1` both at "1.0.0") inflated the resolved-packageIds count and
+    // tripped the lockfile integrity check with a spurious
+    // "Mismatched number of resolved packages" error. See issue #506.
+    test("integrity check passes when aliases resolve to the same package@version", async () => {
+        const cwd = path.join(import.meta.dirname, "install/aliases");
+        const lockFile = path.join(cwd, "mops.lock");
+        rmSync(lockFile, { force: true });
+        try {
+            const result = await cli(["install"], { cwd, env: { CI: undefined } });
+            expect(result.stderr).not.toMatch(/Mismatched number of resolved packages/);
+            expect(result.exitCode).toBe(0);
+            expect(existsSync(lockFile)).toBe(true);
+        }
+        finally {
+            rmSync(lockFile, { force: true });
+            rmSync(path.join(cwd, ".mops"), { recursive: true, force: true });
+        }
+    });
+    // Regression: `install --lock update` used to early-return if mops.toml's
+    // deps hash was unchanged, even when the lockfile's per-file hashes were
+    // stale/corrupt. The subsequent checkLockFile would then fail and exit 1,
+    // so `--lock update` could never recover a broken lock — the only escape
+    // was `rm mops.lock`. See issue #514.
+    test("--lock update rewrites a lockfile with a corrupt file hash", async () => {
+        const cwd = path.join(import.meta.dirname, "install/success");
+        const lockFile = path.join(cwd, "mops.lock");
+        rmSync(lockFile, { force: true });
+        try {
+            const first = await cli(["install"], { cwd, env: { CI: undefined } });
+            expect(first.exitCode).toBe(0);
+            expect(existsSync(lockFile)).toBe(true);
+            const bad = "BAD0000000000000000000000000000000000000000000000000000000000BAD";
+            const original = readFileSync(lockFile, "utf8");
+            const corrupted = original.replace(/"core@1\.0\.0\/mops\.toml":\s*"[0-9a-f]{64}"/, `"core@1.0.0/mops.toml": "${bad}"`);
+            expect(corrupted).not.toBe(original);
+            writeFileSync(lockFile, corrupted);
+            const result = await cli(["install", "--lock", "update"], {
+                cwd,
+                env: { CI: undefined },
+            });
+            expect(result.exitCode).toBe(0);
+            expect(readFileSync(lockFile, "utf8")).not.toContain(bad);
+        }
+        finally {
+            rmSync(lockFile, { force: true });
+            rmSync(path.join(cwd, ".mops"), { recursive: true, force: true });
+        }
+    });
 });

package/integrity.ts

@@ -41,7 +41,7 @@ export async function checkIntegrity(lock?: "check" | "update" | "ignore") {
   }
 
   if (lock === "update") {
-    await updateLockFile();
+    await updateLockFile({ force });
     await checkLockFile(force);
   } else if (lock === "check") {
     await checkLockFile(force);
@@ -63,7 +63,8 @@ async function getResolvedMopsPackageIds(): Promise<string[]> {
   let packageIds = Object.entries(resolvedPackages)
     .filter(([_, version]) => getDependencyType(version) === "mops")
     .map(([name, version]) => getPackageId(name, version));
-  return packageIds;
+  // dedupe: aliases like `base@0`, `base@0.16` collapse to the same packageId
+  return [...new Set(packageIds)];
 }
 
 // get hash of local file from '.mops' dir by fileId
@@ -158,9 +159,13 @@ export function checkLockFileLight(): boolean {
   return false;
 }
 
-export async function updateLockFile() {
+export async function updateLockFile({
+  force = false,
+}: { force?: boolean } = {}) {
   // if lock file exists and mops.toml hasn't changed, don't update it
-  if (checkLockFileLight()) {
+  // (unless forced: `--lock update` must unconditionally regenerate so users
+  // can recover from a corrupt lockfile without `rm mops.lock`)
+  if (!force && checkLockFileLight()) {
     return;
   }
 
@@ -312,6 +317,11 @@ export async function checkLockFile(force = false) {
         console.error(`Mismatched hash for ${fileId}`);
         console.error(`Locked hash: ${lockedHash}`);
         console.error(`Actual hash: ${localHash}`);
+        console.error("");
+        console.error(
+          "If you have not modified files under .mops/, your lockfile may be stale or corrupt.",
+        );
+        console.error("Run `mops install --lock update` to regenerate it.");
         process.exit(1);
       }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ic-mops",
-  "version": "2.12.1",
+  "version": "2.12.3",
   "type": "module",
   "bin": {
     "mops": "dist/bin/mops.js",

package/tests/cli.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, jest, test } from "@jest/globals";
-import { existsSync, rmSync } from "node:fs";
+import { existsSync, readFileSync, rmSync, writeFileSync } from "node:fs";
 import path from "path";
 import { cli } from "./helpers";
 
@@ -71,4 +71,61 @@ describe("install", () => {
 
   // mops add/remove/update/sync are not separately tested here because they
   // all route through the same checkIntegrity code path tested above.
+
+  // Regression: aliases pinning the same package@version (e.g. `core` and
+  // `core@1` both at "1.0.0") inflated the resolved-packageIds count and
+  // tripped the lockfile integrity check with a spurious
+  // "Mismatched number of resolved packages" error. See issue #506.
+  test("integrity check passes when aliases resolve to the same package@version", async () => {
+    const cwd = path.join(import.meta.dirname, "install/aliases");
+    const lockFile = path.join(cwd, "mops.lock");
+    rmSync(lockFile, { force: true });
+    try {
+      const result = await cli(["install"], { cwd, env: { CI: undefined } });
+      expect(result.stderr).not.toMatch(
+        /Mismatched number of resolved packages/,
+      );
+      expect(result.exitCode).toBe(0);
+      expect(existsSync(lockFile)).toBe(true);
+    } finally {
+      rmSync(lockFile, { force: true });
+      rmSync(path.join(cwd, ".mops"), { recursive: true, force: true });
+    }
+  });
+
+  // Regression: `install --lock update` used to early-return if mops.toml's
+  // deps hash was unchanged, even when the lockfile's per-file hashes were
+  // stale/corrupt. The subsequent checkLockFile would then fail and exit 1,
+  // so `--lock update` could never recover a broken lock — the only escape
+  // was `rm mops.lock`. See issue #514.
+  test("--lock update rewrites a lockfile with a corrupt file hash", async () => {
+    const cwd = path.join(import.meta.dirname, "install/success");
+    const lockFile = path.join(cwd, "mops.lock");
+    rmSync(lockFile, { force: true });
+    try {
+      const first = await cli(["install"], { cwd, env: { CI: undefined } });
+      expect(first.exitCode).toBe(0);
+      expect(existsSync(lockFile)).toBe(true);
+
+      const bad =
+        "BAD0000000000000000000000000000000000000000000000000000000000BAD";
+      const original = readFileSync(lockFile, "utf8");
+      const corrupted = original.replace(
+        /"core@1\.0\.0\/mops\.toml":\s*"[0-9a-f]{64}"/,
+        `"core@1.0.0/mops.toml": "${bad}"`,
+      );
+      expect(corrupted).not.toBe(original);
+      writeFileSync(lockFile, corrupted);
+
+      const result = await cli(["install", "--lock", "update"], {
+        cwd,
+        env: { CI: undefined },
+      });
+      expect(result.exitCode).toBe(0);
+      expect(readFileSync(lockFile, "utf8")).not.toContain(bad);
+    } finally {
+      rmSync(lockFile, { force: true });
+      rmSync(path.join(cwd, ".mops"), { recursive: true, force: true });
+    }
+  });
 });

package/tests/install/aliases/mops.toml

@@ -0,0 +1,3 @@
+[dependencies]
+core = "1.0.0"
+"core@1" = "1.0.0"