isolate-package 1.32.0 → 1.33.0-0

package/dist/index.mjs

@@ -1,4 +1,4 @@
-import { c as detectPackageManager, i as defineConfig, l as readTypedJson, n as listInternalPackages, o as resolveConfig, r as createPackagesRegistry, s as resolveWorkspacePaths, t as isolate } from "./isolate-BRD2AgVJ.mjs";
+import { c as detectPackageManager, i as defineConfig, l as readTypedJson, n as listInternalPackages, o as resolveConfig, r as createPackagesRegistry, s as resolveWorkspacePaths, t as isolate } from "./isolate-DTwgcMAN.mjs";
 import path from "node:path";
 //#region src/get-internal-package-names.ts
 /**

package/dist/{isolate-BRD2AgVJ.mjs → isolate-DTwgcMAN.mjs}

@@ -486,30 +486,8 @@ function resolveConfig(initialConfig) {
 	return config;
 }
 //#endregion
-//#region src/lib/lockfile/helpers/generate-bun-lockfile.ts
-/**
-* Serialize a value to JSON with trailing commas after every array element and
-* object property, matching Bun's native bun.lock output format.
-*/
-function serializeWithTrailingCommas(value, indent = 2) {
-	/**
-	* Add trailing commas after values that precede a closing bracket/brace.
-	* Apply repeatedly because consecutive closing brackets (e.g. ]\n}) need
-	* multiple passes — the first pass adds a comma after the inner value, and
-	* subsequent passes handle the outer brackets.
-	*/
-	let result = JSON.stringify(value, null, indent);
-	let previous;
-	do {
-		previous = result;
-		result = result.replace(/(["\d\w\]}-])\n(\s*[\]}])/g, "$1,\n$2");
-	} while (result !== previous);
-	return result;
-}
-/**
-* Extract dependency names from a workspace entry, optionally including
-* devDependencies.
-*/
+//#region src/lib/lockfile/helpers/bun-lockfile.ts
+/** Extract dependency names from a workspace entry. */
 function collectDependencyNames(entry, includeDevDependencies) {
 	const names = /* @__PURE__ */ new Set();
 	for (const name of Object.keys(entry.dependencies ?? {})) names.add(name);
@@ -519,8 +497,8 @@ function collectDependencyNames(entry, includeDevDependencies) {
 	return [...names];
 }
 /**
-* Check whether a package entry represents a workspace package by examining its
-* identifier string (first element in the entry array).
+* Check whether a package entry represents a workspace package by examining
+* its identifier string (first element in the entry array).
 */
 function isWorkspacePackageEntry(entry) {
 	const ident = entry[0];
@@ -532,16 +510,16 @@ function isWorkspacePackageEntry(entry) {
 * - workspace packages: [ident, info] -> index 1
 * - git/github packages: [ident, info, checksum] -> index 1
 *
-* Detection: if the second element is a string (registry URL or checksum), the
-* info object is deeper. Workspace entries have only 2 elements.
+* Detection: if the second element is a string (registry URL or checksum),
+* the info object is deeper. Workspace entries have only 2 elements.
 */
 function getPackageInfoObject(entry) {
 	if (entry.length <= 1) return void 0;
 	/** Workspace entries: [ident, info] */
 	if (isWorkspacePackageEntry(entry)) return typeof entry[1] === "object" ? entry[1] : void 0;
 	/**
-	* npm entries with registry URL: [ident, registryUrl, info, checksum].
-	* The second element is a string (the registry URL).
+	* npm entries with registry URL: [ident, registryUrl, info, checksum]. The
+	* second element is a string (the registry URL).
 	*/
 	if (typeof entry[1] === "string") return typeof entry[2] === "object" ? entry[2] : void 0;
 	/** git/tarball entries: [ident, info, checksum] */
@@ -549,8 +527,8 @@ function getPackageInfoObject(entry) {
 }
 /**
 * Recursively collect all package keys that are required, starting from a set
-* of direct dependency names and walking through their transitive dependencies
-* in the packages section.
+* of direct dependency names and walking through their transitive
+* dependencies in the packages section.
 */
 function collectRequiredPackages(directDependencyNames, packages) {
 	const required = /* @__PURE__ */ new Set();
@@ -577,6 +555,27 @@ function collectRequiredPackages(directDependencyNames, packages) {
 	}
 	return required;
 }
+//#endregion
+//#region src/lib/lockfile/helpers/generate-bun-lockfile.ts
+/**
+* Serialize a value to JSON with trailing commas after every array element and
+* object property, matching Bun's native bun.lock output format.
+*/
+function serializeWithTrailingCommas(value, indent = 2) {
+	/**
+	* Add trailing commas after values that precede a closing bracket/brace.
+	* Apply repeatedly because consecutive closing brackets (e.g. ]\n}) need
+	* multiple passes — the first pass adds a comma after the inner value, and
+	* subsequent passes handle the outer brackets.
+	*/
+	let result = JSON.stringify(value, null, indent);
+	let previous;
+	do {
+		previous = result;
+		result = result.replace(/(["\d\w\]}-])\n(\s*[\]}])/g, "$1,\n$2");
+	} while (result !== previous);
+	return result;
+}
 async function generateBunLockfile({ workspaceRootDir, targetPackageDir, isolateDir, internalDepPackageNames, packagesRegistry, includeDevDependencies }) {
 	const log = useLogger();
 	log.debug("Generating Bun lockfile...");
@@ -1553,10 +1552,252 @@ function listInternalPackages(manifest, packagesRegistry, { includeDevDependenci
 	return [...new Set(result)];
 }
 //#endregion
+//#region src/lib/patches/collect-installed-names-bun.ts
+/**
+* Walk the workspace bun.lock starting from the target package and its
+* internal workspace dependencies, returning the set of every package name
+* that will end up installed in the isolate (including deep
+* external-to-external transitives).
+*
+* Used by `copyPatches` to preserve patches for transitive deps that aren't
+* directly listed on any internal manifest. Returns an empty set on any
+* failure so the caller falls back to manifest-based reachability.
+*/
+function collectInstalledNamesFromBunLockfile({ workspaceRootDir, targetPackageDir, internalDepPackageNames, packagesRegistry, includeDevDependencies }) {
+	const log = useLogger();
+	try {
+		const lockfilePath = path.join(workspaceRootDir, "bun.lock");
+		if (!fs.existsSync(lockfilePath)) {
+			log.debug("No bun.lock available for installed-names walk");
+			return /* @__PURE__ */ new Set();
+		}
+		const lockfile = readTypedJsonSync(lockfilePath);
+		const targetWorkspaceKey = path.relative(workspaceRootDir, targetPackageDir).split(path.sep).join(path.posix.sep);
+		const internalWorkspaceKeys = internalDepPackageNames.map((name) => {
+			const pkg = packagesRegistry[name];
+			if (!pkg) return null;
+			return pkg.rootRelativeDir.split(path.sep).join(path.posix.sep);
+		}).filter((key) => Boolean(key));
+		const directDependencyNames = /* @__PURE__ */ new Set();
+		const targetEntry = lockfile.workspaces[targetWorkspaceKey];
+		if (targetEntry) for (const name of collectDependencyNames(targetEntry, includeDevDependencies)) directDependencyNames.add(name);
+		for (const workspaceKey of internalWorkspaceKeys) {
+			const entry = lockfile.workspaces[workspaceKey];
+			if (!entry) continue;
+			/** Internal workspace deps never bring in their devDependencies */
+			for (const name of collectDependencyNames(entry, false)) directDependencyNames.add(name);
+		}
+		return collectRequiredPackages(directDependencyNames, lockfile.packages);
+	} catch (err) {
+		log.debug(`Failed to walk bun.lock for installed names: ${err instanceof Error ? err.message : String(err)}`);
+		return /* @__PURE__ */ new Set();
+	}
+}
+//#endregion
+//#region src/lib/patches/collect-installed-names-pnpm.ts
+/**
+* Walk the workspace pnpm lockfile starting from the target package and its
+* internal workspace dependencies, returning the set of every package name
+* that will end up installed in the isolate (including deep
+* external-to-external transitives).
+*
+* Used by `copyPatches` to preserve patches for transitive deps that aren't
+* directly listed on any internal manifest. Returns an empty set on any
+* failure so the caller falls back to manifest-based reachability. When the
+* lockfile is present but lacks a `packages` section, returns just the
+* direct importer dep names.
+*/
+async function collectInstalledNamesFromPnpmLockfile({ workspaceRootDir, targetPackageDir, internalDepPackageNames, packagesRegistry, majorVersion, includeDevDependencies }) {
+	const log = useLogger();
+	try {
+		const useVersion9 = majorVersion >= 9;
+		const isRush = isRushWorkspace(workspaceRootDir);
+		const lockfileDir = isRush ? path.join(workspaceRootDir, "common/config/rush") : workspaceRootDir;
+		const lockfile = useVersion9 ? await readWantedLockfile$1(lockfileDir, { ignoreIncompatible: false }) : await readWantedLockfile(lockfileDir, { ignoreIncompatible: false });
+		if (!lockfile) {
+			log.debug("No pnpm lockfile available for installed-names walk");
+			return /* @__PURE__ */ new Set();
+		}
+		/**
+		* Normalize separators to POSIX so Windows callers match the lockfile's
+		* importer keys (mirrors generate-pnpm-lockfile.ts). Applied once here so
+		* the `isTarget` equality check below compares apples-to-apples — without
+		* this, on Windows the raw id with backslashes wouldn't match the
+		* normalized id used as the importers map key.
+		*/
+		const targetImporterId = toLockfileImporterKey(useVersion9 ? getLockfileImporterId$1(workspaceRootDir, targetPackageDir) : getLockfileImporterId(workspaceRootDir, targetPackageDir), isRush);
+		const importerIds = [targetImporterId, ...internalDepPackageNames.map((name) => packagesRegistry[name]?.rootRelativeDir).filter((dir) => Boolean(dir)).map((dir) => toLockfileImporterKey(dir, isRush))];
+		const packages = lockfile.packages;
+		if (!packages) {
+			log.debug("Lockfile has no packages section to walk");
+			return collectImporterDirectNames(lockfile.importers, importerIds, targetImporterId, includeDevDependencies);
+		}
+		const names = /* @__PURE__ */ new Set();
+		const seen = /* @__PURE__ */ new Set();
+		const queue = [];
+		for (const importerId of importerIds) {
+			const importer = lockfile.importers[importerId];
+			if (!importer) continue;
+			enqueueImporterDeps({
+				importer,
+				names,
+				queue,
+				useVersion9,
+				includeDevDependencies: importerId === targetImporterId && includeDevDependencies
+			});
+		}
+		while (queue.length > 0) {
+			const depPath = queue.pop();
+			if (seen.has(depPath)) continue;
+			seen.add(depPath);
+			names.add(extractPackageName(depPath));
+			const pkg = packages[depPath];
+			if (!pkg) continue;
+			enqueueResolvedDeps(pkg.dependencies, names, queue, useVersion9, seen);
+			enqueueResolvedDeps(pkg.optionalDependencies, names, queue, useVersion9, seen);
+			/**
+			* Peer requirement values are name → semver-range, not resolved depPaths.
+			* Just record the names so a patch on a peer-only external transitive
+			* survives filtering (mirrors the bun walker and the sister manifest
+			* walker, which both include peerDependencies).
+			*/
+			collectNames(pkg.peerDependencies, names);
+		}
+		return names;
+	} catch (err) {
+		log.debug(`Failed to walk pnpm lockfile for installed names: ${err instanceof Error ? err.message : String(err)}`);
+		return /* @__PURE__ */ new Set();
+	}
+}
+/**
+* Convert a raw importer id (as returned by `getLockfileImporterId` or a
+* package's rootRelativeDir) to the form actually used as a key in
+* `lockfile.importers`: POSIX separators, with the Rush `../../` prefix when
+* the workspace lives under `common/config/rush`. Lockfile keys are always
+* POSIX regardless of the host OS, so backslashes are normalized
+* unconditionally rather than relying on `path.sep`.
+*/
+function toLockfileImporterKey(importerId, isRush) {
+	const posix = importerId.split(path.sep).join(path.posix.sep).replace(/\\/g, "/");
+	return isRush ? `../../${posix}` : posix;
+}
+function enqueueImporterDeps({ importer, names, queue, useVersion9, includeDevDependencies }) {
+	enqueueResolvedDeps(importer.dependencies, names, queue, useVersion9);
+	enqueueResolvedDeps(importer.optionalDependencies, names, queue, useVersion9);
+	if (includeDevDependencies) enqueueResolvedDeps(importer.devDependencies, names, queue, useVersion9);
+	/**
+	* Importer peerDependencies usually aren't a separate map in the lockfile
+	* (autoInstallPeers folds them into `dependencies`), but record names if
+	* they happen to be present.
+	*/
+	collectNames(importer.peerDependencies, names);
+}
+function enqueueResolvedDeps(deps, names, queue, useVersion9, seen) {
+	if (!deps) return;
+	for (const [alias, ref] of Object.entries(deps)) {
+		/**
+		* The alias is the name as listed in the parent's dependencies map. For
+		* non-aliased installs this is also the resolved package name. We add it
+		* to the set as a candidate name; visiting the actual depPath below
+		* refines this with the true installed name.
+		*/
+		names.add(alias);
+		const depPath = refToRelative(ref, alias, useVersion9);
+		if (depPath && !seen?.has(depPath)) queue.push(depPath);
+	}
+}
+function collectNames(deps, names) {
+	if (!deps) return;
+	for (const name of Object.keys(deps)) names.add(name);
+}
+/**
+* Mirrors `@pnpm/dependency-path`'s `refToRelative`. The depPath shape differs
+* between pnpm 8 (lockfile v6, normalized to v5 keys like `/foo/1.0.0`) and
+* pnpm 9 (lockfile v9 keys like `foo@1.0.0`). Returns the depPath used as a
+* key in `lockfile.packages`, or null if the ref points to a workspace link.
+*/
+function refToRelative(reference, pkgName, useVersion9) {
+	if (!reference) return null;
+	if (reference.startsWith("link:")) return null;
+	return useVersion9 ? refToRelativeV9(reference, pkgName) : refToRelativeV8(reference, pkgName);
+}
+function refToRelativeV9(reference, pkgName) {
+	if (reference.startsWith("@")) return reference;
+	const atIndex = reference.indexOf("@");
+	if (atIndex === -1) return `${pkgName}@${reference}`;
+	const colonIndex = reference.indexOf(":");
+	const bracketIndex = reference.indexOf("(");
+	if ((colonIndex === -1 || atIndex < colonIndex) && (bracketIndex === -1 || atIndex < bracketIndex)) return reference;
+	return `${pkgName}@${reference}`;
+}
+/**
+* v8 form: pnpm 8 (lockfile v6) is normalized on read to v5-style depPaths
+* with leading slash and `/` separator between name and version. Plain
+* version refs build that key; refs already containing a `/` (peer-suffixed
+* or pre-formed) are returned verbatim. Mirrors `@pnpm/dependency-path@2.x`.
+*/
+function refToRelativeV8(reference, pkgName) {
+	if (reference.startsWith("file:")) return reference;
+	const slashIndex = reference.indexOf("/");
+	const bracketIndex = reference.indexOf("(");
+	const noSlashBeforeBracket = bracketIndex !== -1 && reference.lastIndexOf("/", bracketIndex) === -1;
+	if (slashIndex === -1 || noSlashBeforeBracket) return `/${pkgName}/${reference}`;
+	return reference;
+}
+/**
+* Extract the bare package name from a pnpm depPath. Strips the optional
+* peer-resolution suffix (e.g. `(react@18.0.0)`) before parsing. Handles
+* both v9 (`@scope/foo@1.0.0`) and v8 (`/@scope/foo/1.0.0`) shapes.
+*/
+function extractPackageName(depPath) {
+	const peerStart = indexOfPeersSuffix(depPath);
+	const trimmed = peerStart === -1 ? depPath : depPath.substring(0, peerStart);
+	if (trimmed.startsWith("/")) {
+		/** v8 v5-style: `/<name>/<version>` */
+		const stripped = trimmed.slice(1);
+		if (stripped.startsWith("@")) {
+			const secondSlash = stripped.indexOf("/", stripped.indexOf("/") + 1);
+			return secondSlash === -1 ? stripped : stripped.slice(0, secondSlash);
+		}
+		const firstSlash = stripped.indexOf("/");
+		return firstSlash === -1 ? stripped : stripped.slice(0, firstSlash);
+	}
+	return getPackageName(trimmed);
+}
+/**
+* Mirrors `@pnpm/dependency-path`'s `indexOfPeersSuffix`. Returns the index
+* where the peer-resolution suffix starts, or -1 if there is none.
+*/
+function indexOfPeersSuffix(depPath) {
+	if (!depPath.endsWith(")")) return -1;
+	let open = 1;
+	for (let i = depPath.length - 2; i >= 0; i--) if (depPath[i] === "(") open--;
+	else if (depPath[i] === ")") open++;
+	else if (!open) return i + 1;
+	return -1;
+}
+/**
+* Fallback when the lockfile is missing `packages`: just return importer
+* direct dep names so we at least cover some of the graph.
+*/
+function collectImporterDirectNames(importers, importerIds, targetImporterId, includeDevDependencies) {
+	const names = /* @__PURE__ */ new Set();
+	for (const importerId of importerIds) {
+		const importer = importers[importerId];
+		if (!importer) continue;
+		const isTarget = importerId === targetImporterId;
+		for (const name of Object.keys(importer.dependencies ?? {})) names.add(name);
+		for (const name of Object.keys(importer.optionalDependencies ?? {})) names.add(name);
+		for (const name of Object.keys(importer.peerDependencies ?? {})) names.add(name);
+		if (isTarget && includeDevDependencies) for (const name of Object.keys(importer.devDependencies ?? {})) names.add(name);
+	}
+	return names;
+}
+//#endregion
 //#region src/lib/patches/copy-patches.ts
-async function copyPatches({ workspaceRootDir, targetPackageManifest, packagesRegistry, isolateDir, includeDevDependencies }) {
+async function copyPatches({ workspaceRootDir, targetPackageDir, targetPackageManifest, packagesRegistry, internalDepPackageNames, isolateDir, includeDevDependencies }) {
 	const log = useLogger();
-	const { name: packageManagerName } = usePackageManager();
+	const { name: packageManagerName, majorVersion } = usePackageManager();
 	let patchedDependencies;
 	/**
 	* Only try reading pnpm-workspace.yaml for pnpm workspaces. Bun workspaces
@@ -1594,6 +1835,28 @@ async function copyPatches({ workspaceRootDir, targetPackageManifest, packagesRe
 		packagesRegistry,
 		includeDevDependencies
 	});
+	/**
+	* Manifest-based reachability misses external→external transitives because
+	* external manifests aren't loaded here. Walk the package-manager's
+	* lockfile to also pick up those names, so a patch for a deeply-nested
+	* external dep (e.g. `@react-pdf/render` reached via `@react-pdf/renderer`)
+	* survives isolation.
+	*/
+	const lockfileInstalledNames = packageManagerName === "pnpm" ? await collectInstalledNamesFromPnpmLockfile({
+		workspaceRootDir,
+		targetPackageDir,
+		internalDepPackageNames,
+		packagesRegistry,
+		majorVersion,
+		includeDevDependencies
+	}) : packageManagerName === "bun" ? collectInstalledNamesFromBunLockfile({
+		workspaceRootDir,
+		targetPackageDir,
+		internalDepPackageNames,
+		packagesRegistry,
+		includeDevDependencies
+	}) : /* @__PURE__ */ new Set();
+	for (const name of lockfileInstalledNames) reachableDependencyNames.add(name);
 	const filteredPatches = filterPatchedDependencies({
 		patchedDependencies,
 		targetPackageManifest,
@@ -1644,6 +1907,58 @@ async function readLockfilePatchedDependencies(workspaceRootDir) {
 	}
 }
 //#endregion
+//#region src/lib/patches/write-isolate-pnpm-workspace.ts
+/**
+* Copy `pnpm-workspace.yaml` from the workspace root to the isolate directory,
+* filtering its `patchedDependencies` field so it only references patches that
+* were actually copied to the isolate. Without this, `pnpm install` in the
+* isolate fails when patches that don't apply to the target package are
+* declared in the workspace root config (see issue #178).
+*
+* The yaml is only rewritten when filtering is required. The file is copied
+* verbatim — preserving comments, key order, and trailing whitespace — when
+* any of the following hold:
+*
+* - The source yaml cannot be read or parsed.
+* - The parsed settings have no `patchedDependencies` field.
+* - Every entry in `patchedDependencies` is also present in `copiedPatches`
+*   (no exclusions, so rewriting would only churn formatting).
+*
+* Otherwise, `patchedDependencies` is rewritten to the entries in
+* `copiedPatches` (or removed entirely when none remain).
+*/
+function writeIsolatePnpmWorkspace({ workspaceRootDir, isolateDir, copiedPatches }) {
+	const log = useLogger();
+	const sourcePath = path.join(workspaceRootDir, "pnpm-workspace.yaml");
+	const targetPath = path.join(isolateDir, "pnpm-workspace.yaml");
+	let settings;
+	try {
+		settings = readTypedYamlSync(sourcePath);
+	} catch (error) {
+		log.warn(`Could not read pnpm-workspace.yaml, falling back to verbatim copy: ${error instanceof Error ? error.message : String(error)}`);
+		fs.copyFileSync(sourcePath, targetPath);
+		return;
+	}
+	if (!settings || !settings.patchedDependencies) {
+		fs.copyFileSync(sourcePath, targetPath);
+		return;
+	}
+	/**
+	* If every patch declared in the source yaml was kept, copy verbatim so
+	* comments, ordering, and trailing whitespace are preserved.
+	*/
+	const sourceSpecs = Object.keys(settings.patchedDependencies);
+	const copiedSpecs = new Set(Object.keys(copiedPatches));
+	if (!sourceSpecs.some((spec) => !copiedSpecs.has(spec))) {
+		fs.copyFileSync(sourcePath, targetPath);
+		return;
+	}
+	const filteredEntries = Object.entries(copiedPatches).map(([spec, patchFile]) => [spec, patchFile.path]);
+	if (filteredEntries.length > 0) settings.patchedDependencies = Object.fromEntries(filteredEntries);
+	else delete settings.patchedDependencies;
+	writeTypedYamlSync(targetPath, settings);
+}
+//#endregion
 //#region src/isolate.ts
 const __dirname = getDirname(import.meta.url);
 function createIsolator(config) {
@@ -1742,8 +2057,10 @@ function createIsolator(config) {
 		await writeManifest(isolateDir, outputManifest);
 		const copiedPatches = (packageManager.name === "pnpm" || packageManager.name === "bun") && !config.forceNpm ? await copyPatches({
 			workspaceRootDir,
+			targetPackageDir,
 			targetPackageManifest: outputManifest,
 			packagesRegistry,
+			internalDepPackageNames: internalPackageNames,
 			isolateDir,
 			includeDevDependencies: config.includeDevDependencies
 		}) : {};
@@ -1794,7 +2111,11 @@ function createIsolator(config) {
 			log.debug("Packages folder names:", packagesFolderNames);
 			const packages = packagesFolderNames.map((x) => path.join(x, "/*"));
 			writeTypedYamlSync(path.join(isolateDir, "pnpm-workspace.yaml"), { packages });
-		} else fs.copyFileSync(path.join(workspaceRootDir, "pnpm-workspace.yaml"), path.join(isolateDir, "pnpm-workspace.yaml"));
+		} else writeIsolatePnpmWorkspace({
+			workspaceRootDir,
+			isolateDir,
+			copiedPatches
+		});
 		if (packageManager.name === "bun" && !config.forceNpm) {
 			/** Add workspaces field to the manifest so Bun treats the isolate as a workspace */
 			const manifest = await readManifest(isolateDir);
@@ -1837,4 +2158,4 @@ async function isolate(config) {
 //#endregion
 export { loadConfigFromFile as a, detectPackageManager as c, defineConfig as i, readTypedJson as l, listInternalPackages as n, resolveConfig as o, createPackagesRegistry as r, resolveWorkspacePaths as s, isolate as t, filterObjectUndefined as u };
 
-//# sourceMappingURL=isolate-BRD2AgVJ.mjs.map
+//# sourceMappingURL=isolate-DTwgcMAN.mjs.map