npm - isolate-package - Versions diffs - 1.31.0 → 1.32.1 - Mend

isolate-package 1.31.0 → 1.32.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/src/lib/registry/collect-reachable-package-names.test.ts ADDED Viewed

@@ -0,0 +1,239 @@
+import { describe, expect, it } from "vitest";
+import type { PackageManifest, PackagesRegistry } from "~/lib/types";
+import { collectReachablePackageNames } from "./collect-reachable-package-names";
+function entry(manifest: PackageManifest) {
+  return {
+    absoluteDir: `/workspace/packages/${manifest.name}`,
+    rootRelativeDir: `packages/${manifest.name}`,
+    manifest,
+  };
+}
+describe("collectReachablePackageNames", () => {
+  it("returns target direct deps", () => {
+    const manifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      dependencies: { lodash: "^4.0.0", tslib: "^2.0.0" },
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: manifest,
+      packagesRegistry: {},
+      includeDevDependencies: false,
+    });
+    expect([...result].sort()).toEqual(["lodash", "tslib"]);
+  });
+  it("excludes target devDependencies when includeDevDependencies is false", () => {
+    const manifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      dependencies: { lodash: "^4.0.0" },
+      devDependencies: { vitest: "^1.0.0" },
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: manifest,
+      packagesRegistry: {},
+      includeDevDependencies: false,
+    });
+    expect(result.has("lodash")).toBe(true);
+    expect(result.has("vitest")).toBe(false);
+  });
+  it("includes target devDependencies when includeDevDependencies is true", () => {
+    const manifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      dependencies: { lodash: "^4.0.0" },
+      devDependencies: { vitest: "^1.0.0" },
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: manifest,
+      packagesRegistry: {},
+      includeDevDependencies: true,
+    });
+    expect([...result].sort()).toEqual(["lodash", "vitest"]);
+  });
+  it("recurses through internal workspace packages to pick up their deps", () => {
+    /** Mirrors issue #167: consumer → firebase-package (internal) → tslib */
+    const consumerManifest: PackageManifest = {
+      name: "consumer",
+      version: "1.0.0",
+      dependencies: { "firebase-package": "workspace:*" },
+    };
+    const firebaseManifest: PackageManifest = {
+      name: "firebase-package",
+      version: "1.0.0",
+      dependencies: { tslib: "^2.0.0" },
+    };
+    const registry: PackagesRegistry = {
+      "firebase-package": entry(firebaseManifest),
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: consumerManifest,
+      packagesRegistry: registry,
+      includeDevDependencies: false,
+    });
+    expect(result.has("firebase-package")).toBe(true);
+    expect(result.has("tslib")).toBe(true);
+  });
+  it("does not include devDependencies of internal packages", () => {
+    const consumerManifest: PackageManifest = {
+      name: "consumer",
+      version: "1.0.0",
+      dependencies: { "firebase-package": "workspace:*" },
+    };
+    const firebaseManifest: PackageManifest = {
+      name: "firebase-package",
+      version: "1.0.0",
+      dependencies: { tslib: "^2.0.0" },
+      devDependencies: { vitest: "^1.0.0" },
+    };
+    const registry: PackagesRegistry = {
+      "firebase-package": entry(firebaseManifest),
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: consumerManifest,
+      packagesRegistry: registry,
+      /**
+       * Even with includeDevDependencies true for the target, internal
+       * packages' devDependencies stay out — they aren't installed in the
+       * isolate.
+       */
+      includeDevDependencies: true,
+    });
+    expect(result.has("tslib")).toBe(true);
+    expect(result.has("vitest")).toBe(false);
+  });
+  it("handles multi-level internal chains", () => {
+    const appManifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      dependencies: { "pkg-a": "workspace:*" },
+    };
+    const pkgAManifest: PackageManifest = {
+      name: "pkg-a",
+      version: "1.0.0",
+      dependencies: { "pkg-b": "workspace:*" },
+    };
+    const pkgBManifest: PackageManifest = {
+      name: "pkg-b",
+      version: "1.0.0",
+      dependencies: { "@scope/leaf": "^1.0.0" },
+    };
+    const registry: PackagesRegistry = {
+      "pkg-a": entry(pkgAManifest),
+      "pkg-b": entry(pkgBManifest),
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: appManifest,
+      packagesRegistry: registry,
+      includeDevDependencies: false,
+    });
+    expect([...result].sort()).toEqual(["@scope/leaf", "pkg-a", "pkg-b"]);
+  });
+  it("walks optionalDependencies of target and internal packages", () => {
+    const appManifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      dependencies: { "pkg-a": "workspace:*" },
+      optionalDependencies: { "optional-on-target": "^1.0.0" },
+    };
+    const pkgAManifest: PackageManifest = {
+      name: "pkg-a",
+      version: "1.0.0",
+      optionalDependencies: { "optional-on-internal": "^1.0.0" },
+    };
+    const registry: PackagesRegistry = {
+      "pkg-a": entry(pkgAManifest),
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: appManifest,
+      packagesRegistry: registry,
+      includeDevDependencies: false,
+    });
+    expect(result.has("optional-on-target")).toBe(true);
+    expect(result.has("optional-on-internal")).toBe(true);
+  });
+  it("walks peerDependencies of target and internal packages", () => {
+    /**
+     * With pnpm's default autoInstallPeers, peer deps typically end up
+     * installed in the isolate and may carry patches.
+     */
+    const appManifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      dependencies: { "pkg-a": "workspace:*" },
+      peerDependencies: { "peer-on-target": "^1.0.0" },
+    };
+    const pkgAManifest: PackageManifest = {
+      name: "pkg-a",
+      version: "1.0.0",
+      peerDependencies: { "peer-on-internal": "^1.0.0" },
+    };
+    const registry: PackagesRegistry = {
+      "pkg-a": entry(pkgAManifest),
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: appManifest,
+      packagesRegistry: registry,
+      includeDevDependencies: false,
+    });
+    expect(result.has("peer-on-target")).toBe(true);
+    expect(result.has("peer-on-internal")).toBe(true);
+  });
+  it("tolerates cycles between internal packages", () => {
+    /** Each package already visited is skipped on re-entry */
+    const aManifest: PackageManifest = {
+      name: "pkg-a",
+      version: "1.0.0",
+      dependencies: { "pkg-b": "workspace:*", tslib: "^2.0.0" },
+    };
+    const bManifest: PackageManifest = {
+      name: "pkg-b",
+      version: "1.0.0",
+      dependencies: { "pkg-a": "workspace:*" },
+    };
+    const registry: PackagesRegistry = {
+      "pkg-a": entry(aManifest),
+      "pkg-b": entry(bManifest),
+    };
+    const result = collectReachablePackageNames({
+      targetPackageManifest: aManifest,
+      packagesRegistry: registry,
+      includeDevDependencies: false,
+    });
+    expect([...result].sort()).toEqual(["pkg-a", "pkg-b", "tslib"]);
+  });
+});

package/src/lib/registry/collect-reachable-package-names.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import type { PackageManifest, PackagesRegistry } from "../types";
+/**
+ * Walk the target manifest and the manifests of any internal (workspace)
+ * packages reachable from it, collecting every dependency name encountered
+ * (both internal and external).
+ *
+ * The resulting set is a superset of the target's direct dependencies: it also
+ * includes dependencies of internal workspace packages that will end up in the
+ * isolated output. This is used to filter workspace-level
+ * `patchedDependencies` so that patches for deps introduced via internal
+ * packages aren't dropped.
+ *
+ * `dependencies`, `optionalDependencies`, and `peerDependencies` are all
+ * walked — any of them can lead to a package being installed in the isolate
+ * (pnpm installs peers by default via `autoInstallPeers`). devDependencies of
+ * internal packages are never followed, and devDependencies of the *target*
+ * are followed only when `includeDevDependencies` is true.
+ *
+ * Note: only recurses through internal packages — manifests of external deps
+ * aren't available here. Deep external→external transitives therefore won't
+ * appear in the set.
+ */
+export function collectReachablePackageNames({
+  targetPackageManifest,
+  packagesRegistry,
+  includeDevDependencies,
+}: {
+  targetPackageManifest: PackageManifest;
+  packagesRegistry: PackagesRegistry;
+  includeDevDependencies: boolean;
+}): Set<string> {
+  const names = new Set<string>();
+  const visitedInternal = new Set<string>();
+  walk(targetPackageManifest, true);
+  return names;
+  function walk(manifest: PackageManifest, isTarget: boolean) {
+    const depNames = [
+      ...Object.keys(manifest.dependencies ?? {}),
+      ...Object.keys(manifest.optionalDependencies ?? {}),
+      ...Object.keys(manifest.peerDependencies ?? {}),
+      ...(isTarget && includeDevDependencies
+        ? Object.keys(manifest.devDependencies ?? {})
+        : []),
+    ];
+    for (const name of depNames) {
+      names.add(name);
+      const internalPkg = packagesRegistry[name];
+      if (internalPkg && !visitedInternal.has(name)) {
+        visitedInternal.add(name);
+        walk(internalPkg.manifest, false);
+      }
+    }
+  }
+}

package/src/lib/registry/index.ts CHANGED Viewed

@@ -1,2 +1,3 @@
+export * from "./collect-reachable-package-names";
 export * from "./create-packages-registry";
 export * from "./list-internal-packages";

package/src/lib/utils/filter-patched-dependencies.test.ts CHANGED Viewed

@@ -182,6 +182,83 @@ describe("filterPatchedDependencies", () => {
     expect(result).toBeUndefined();
   });
+  it("should include patches for packages reachable via internal workspace packages", () => {
+    /** Issue #167: patch targets a transitive dep via an internal package */
+    const manifest: PackageManifest = {
+      name: "consumer",
+      version: "1.0.0",
+      dependencies: { "firebase-package": "file:./packages/firebase-package" },
+    };
+    const result = filterPatchedDependencies({
+      patchedDependencies: { "tslib@2.0.0": "patches/tslib.patch" },
+      targetPackageManifest: manifest,
+      includeDevDependencies: false,
+      reachableDependencyNames: new Set(["firebase-package", "tslib"]),
+    });
+    expect(result).toEqual({ "tslib@2.0.0": "patches/tslib.patch" });
+  });
+  it("should exclude patches for packages not in direct deps nor the reachable set", () => {
+    const manifest: PackageManifest = {
+      name: "consumer",
+      version: "1.0.0",
+      dependencies: { "firebase-package": "file:./packages/firebase-package" },
+    };
+    const result = filterPatchedDependencies({
+      patchedDependencies: { "unrelated@1.0.0": "patches/unrelated.patch" },
+      targetPackageManifest: manifest,
+      includeDevDependencies: false,
+      reachableDependencyNames: new Set(["firebase-package", "tslib"]),
+    });
+    expect(result).toBeUndefined();
+  });
+  it("should include a patch when a target devDep is also reachable as a prod transitive", () => {
+    /**
+     * The target lists `tslib` as a devDep and runs with
+     * includeDevDependencies=false, but `tslib` is also a prod dep of an
+     * internal workspace package that IS installed in the isolate. The
+     * patch must be preserved because tslib will be present at install
+     * time through the internal package.
+     */
+    const manifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      dependencies: { "firebase-package": "file:./packages/firebase-package" },
+      devDependencies: { tslib: "^2.0.0" },
+    };
+    const result = filterPatchedDependencies({
+      patchedDependencies: { "tslib@2.0.0": "patches/tslib.patch" },
+      targetPackageManifest: manifest,
+      includeDevDependencies: false,
+      reachableDependencyNames: new Set(["firebase-package", "tslib"]),
+    });
+    expect(result).toEqual({ "tslib@2.0.0": "patches/tslib.patch" });
+  });
+  it("should still exclude a pure target devDep patch when not reachable and dev deps are off", () => {
+    const manifest: PackageManifest = {
+      name: "app",
+      version: "1.0.0",
+      devDependencies: { vitest: "^1.0.0" },
+    };
+    const result = filterPatchedDependencies({
+      patchedDependencies: { "vitest@1.0.0": "patches/vitest.patch" },
+      targetPackageManifest: manifest,
+      includeDevDependencies: false,
+      reachableDependencyNames: new Set(),
+    });
+    expect(result).toBeUndefined();
+  });
   it("should preserve patch value types", () => {
     const manifest: PackageManifest = {
       name: "test",

package/src/lib/utils/filter-patched-dependencies.ts CHANGED Viewed

@@ -3,17 +3,26 @@ import type { PackageManifest } from "~/lib/types";
 import { getPackageName } from "./get-package-name";
 /**
- * Filters patched dependencies to only include patches for packages that are
- * present in the target package's dependencies based on dependency type.
+ * Filters patched dependencies to only include patches for packages that will
+ * be present in the isolated output, either as a direct dependency of the
+ * target or as a transitive dependency reachable through internal workspace
+ * packages.
  */
 export function filterPatchedDependencies<T>({
   patchedDependencies,
   targetPackageManifest,
   includeDevDependencies,
+  reachableDependencyNames,
 }: {
   patchedDependencies: Record<string, T> | undefined;
   targetPackageManifest: PackageManifest;
   includeDevDependencies: boolean;
+  /**
+   * Additional set of dependency names reachable from the target (e.g. via
+   * internal workspace packages). Used to preserve patches for transitive
+   * deps that are not listed directly on the target manifest.
+   */
+  reachableDependencyNames?: Set<string>;
 }): Record<string, T> | undefined {
   const log = useLogger();
   if (!patchedDependencies || typeof patchedDependencies !== "object") {
@@ -27,7 +36,7 @@ export function filterPatchedDependencies<T>({
   for (const [packageSpec, patchInfo] of Object.entries(patchedDependencies)) {
     const packageName = getPackageName(packageSpec);
-    /** Check if it's a production dependency */
+    /** Direct production dependency */
     if (targetPackageManifest.dependencies?.[packageName]) {
       filteredPatches[packageSpec] = patchInfo;
       includedCount++;
@@ -35,23 +44,38 @@ export function filterPatchedDependencies<T>({
       continue;
     }
-    /** Check if it's a dev dependency and we should include dev dependencies */
-    if (targetPackageManifest.devDependencies?.[packageName]) {
-      if (includeDevDependencies) {
-        filteredPatches[packageSpec] = patchInfo;
-        includedCount++;
-        log.debug(`Including dev dependency patch: ${packageSpec}`);
-      } else {
-        excludedCount++;
-        log.debug(`Excluding dev dependency patch: ${packageSpec}`);
-      }
+    /** Direct dev dependency (respects the dev-deps flag) */
+    if (
+      includeDevDependencies &&
+      targetPackageManifest.devDependencies?.[packageName]
+    ) {
+      filteredPatches[packageSpec] = patchInfo;
+      includedCount++;
+      log.debug(`Including dev dependency patch: ${packageSpec}`);
+      continue;
+    }
+    /**
+     * Reachable via an internal workspace package. This fires even when the
+     * package is also listed in the target's devDependencies with
+     * `includeDevDependencies=false`, because the package is still installed
+     * in the isolate as a prod transitive.
+     */
+    if (reachableDependencyNames?.has(packageName)) {
+      filteredPatches[packageSpec] = patchInfo;
+      includedCount++;
+      log.debug(`Including transitive dependency patch: ${packageSpec}`);
       continue;
     }
-    /** Package not found in dependencies or devDependencies */
-    log.debug(
-      `Excluding patch: ${packageSpec} (package "${packageName}" not in target dependencies)`,
-    );
+    /** Package won't be installed in the isolate */
+    if (targetPackageManifest.devDependencies?.[packageName]) {
+      log.debug(`Excluding dev dependency patch: ${packageSpec}`);
+    } else {
+      log.debug(
+        `Excluding patch: ${packageSpec} (package "${packageName}" not reachable from target)`,
+      );
+    }
     excludedCount++;
   }