isolate-package 1.32.0 → 1.33.0-0

package/src/lib/lockfile/helpers/bun-lockfile.ts

@@ -0,0 +1,143 @@
+/**
+ * Shared types and walker logic for the Bun workspace lockfile (`bun.lock`).
+ *
+ * Used both when generating the isolated lockfile and when computing the set
+ * of package names that will end up installed in the isolate (so that patches
+ * for deep transitive deps are preserved).
+ */
+
+export type BunWorkspaceEntry = {
+  name?: string;
+  version?: string;
+  dependencies?: Record<string, string>;
+  devDependencies?: Record<string, string>;
+  optionalDependencies?: Record<string, string>;
+  peerDependencies?: Record<string, string>;
+  optionalPeers?: string[];
+};
+
+export type BunLockfile = {
+  lockfileVersion: number;
+  workspaces: Record<string, BunWorkspaceEntry>;
+  packages: Record<string, unknown[]>;
+  trustedDependencies?: string[];
+  patchedDependencies?: Record<string, string>;
+  overrides?: Record<string, string>;
+};
+
+/** Extract dependency names from a workspace entry. */
+export function collectDependencyNames(
+  entry: BunWorkspaceEntry,
+  includeDevDependencies: boolean,
+): string[] {
+  const names = new Set<string>();
+
+  for (const name of Object.keys(entry.dependencies ?? {})) {
+    names.add(name);
+  }
+  for (const name of Object.keys(entry.optionalDependencies ?? {})) {
+    names.add(name);
+  }
+  for (const name of Object.keys(entry.peerDependencies ?? {})) {
+    names.add(name);
+  }
+
+  if (includeDevDependencies) {
+    for (const name of Object.keys(entry.devDependencies ?? {})) {
+      names.add(name);
+    }
+  }
+
+  return [...names];
+}
+
+/**
+ * Check whether a package entry represents a workspace package by examining
+ * its identifier string (first element in the entry array).
+ */
+export function isWorkspacePackageEntry(entry: unknown[]): boolean {
+  const ident = entry[0];
+  return typeof ident === "string" && ident.includes("@workspace:");
+}
+
+/**
+ * Extract the info object from a packages entry. The position varies by type:
+ * - npm packages: [ident, registry, info, checksum] -> index 2
+ * - workspace packages: [ident, info] -> index 1
+ * - git/github packages: [ident, info, checksum] -> index 1
+ *
+ * Detection: if the second element is a string (registry URL or checksum),
+ * the info object is deeper. Workspace entries have only 2 elements.
+ */
+export function getPackageInfoObject(
+  entry: unknown[],
+): Record<string, unknown> | undefined {
+  if (entry.length <= 1) return undefined;
+
+  /** Workspace entries: [ident, info] */
+  if (isWorkspacePackageEntry(entry)) {
+    return typeof entry[1] === "object"
+      ? (entry[1] as Record<string, unknown>)
+      : undefined;
+  }
+
+  /**
+   * npm entries with registry URL: [ident, registryUrl, info, checksum]. The
+   * second element is a string (the registry URL).
+   */
+  if (typeof entry[1] === "string") {
+    return typeof entry[2] === "object"
+      ? (entry[2] as Record<string, unknown>)
+      : undefined;
+  }
+
+  /** git/tarball entries: [ident, info, checksum] */
+  return typeof entry[1] === "object"
+    ? (entry[1] as Record<string, unknown>)
+    : undefined;
+}
+
+/**
+ * Recursively collect all package keys that are required, starting from a set
+ * of direct dependency names and walking through their transitive
+ * dependencies in the packages section.
+ */
+export function collectRequiredPackages(
+  directDependencyNames: Set<string>,
+  packages: Record<string, unknown[]>,
+): Set<string> {
+  const required = new Set<string>();
+  const queue = [...directDependencyNames];
+
+  while (queue.length > 0) {
+    const name = queue.pop()!;
+
+    if (required.has(name)) continue;
+
+    const entry = packages[name];
+    if (!entry) continue;
+
+    required.add(name);
+
+    const info = getPackageInfoObject(entry);
+    if (!info) continue;
+
+    /** Walk transitive dependencies from the info object */
+    for (const depField of [
+      "dependencies",
+      "optionalDependencies",
+      "peerDependencies",
+    ]) {
+      const deps = info[depField];
+      if (deps && typeof deps === "object") {
+        for (const depName of Object.keys(deps as Record<string, unknown>)) {
+          if (!required.has(depName)) {
+            queue.push(depName);
+          }
+        }
+      }
+    }
+  }
+
+  return required;
+}

package/src/lib/lockfile/helpers/generate-bun-lockfile.ts

@@ -8,25 +8,13 @@ import {
   getPackageName,
   readTypedJsonSync,
 } from "~/lib/utils";
-
-type BunWorkspaceEntry = {
-  name?: string;
-  version?: string;
-  dependencies?: Record<string, string>;
-  devDependencies?: Record<string, string>;
-  optionalDependencies?: Record<string, string>;
-  peerDependencies?: Record<string, string>;
-  optionalPeers?: string[];
-};
-
-type BunLockfile = {
-  lockfileVersion: number;
-  workspaces: Record<string, BunWorkspaceEntry>;
-  packages: Record<string, unknown[]>;
-  trustedDependencies?: string[];
-  patchedDependencies?: Record<string, string>;
-  overrides?: Record<string, string>;
-};
+import {
+  type BunLockfile,
+  type BunWorkspaceEntry,
+  collectDependencyNames,
+  collectRequiredPackages,
+  isWorkspacePackageEntry,
+} from "./bun-lockfile";
 
 /**
  * Serialize a value to JSON with trailing commas after every array element and
@@ -54,126 +42,6 @@ export function serializeWithTrailingCommas(
   return result;
 }
 
-/**
- * Extract dependency names from a workspace entry, optionally including
- * devDependencies.
- */
-function collectDependencyNames(
-  entry: BunWorkspaceEntry,
-  includeDevDependencies: boolean,
-): string[] {
-  const names = new Set<string>();
-
-  for (const name of Object.keys(entry.dependencies ?? {})) {
-    names.add(name);
-  }
-  for (const name of Object.keys(entry.optionalDependencies ?? {})) {
-    names.add(name);
-  }
-  for (const name of Object.keys(entry.peerDependencies ?? {})) {
-    names.add(name);
-  }
-
-  if (includeDevDependencies) {
-    for (const name of Object.keys(entry.devDependencies ?? {})) {
-      names.add(name);
-    }
-  }
-
-  return [...names];
-}
-
-/**
- * Check whether a package entry represents a workspace package by examining its
- * identifier string (first element in the entry array).
- */
-function isWorkspacePackageEntry(entry: unknown[]): boolean {
-  const ident = entry[0];
-  return typeof ident === "string" && ident.includes("@workspace:");
-}
-
-/**
- * Extract the info object from a packages entry. The position varies by type:
- * - npm packages: [ident, registry, info, checksum] -> index 2
- * - workspace packages: [ident, info] -> index 1
- * - git/github packages: [ident, info, checksum] -> index 1
- *
- * Detection: if the second element is a string (registry URL or checksum), the
- * info object is deeper. Workspace entries have only 2 elements.
- */
-function getPackageInfoObject(
-  entry: unknown[],
-): Record<string, unknown> | undefined {
-  if (entry.length <= 1) return undefined;
-
-  /** Workspace entries: [ident, info] */
-  if (isWorkspacePackageEntry(entry)) {
-    return typeof entry[1] === "object"
-      ? (entry[1] as Record<string, unknown>)
-      : undefined;
-  }
-
-  /**
-   * npm entries with registry URL: [ident, registryUrl, info, checksum].
-   * The second element is a string (the registry URL).
-   */
-  if (typeof entry[1] === "string") {
-    return typeof entry[2] === "object"
-      ? (entry[2] as Record<string, unknown>)
-      : undefined;
-  }
-
-  /** git/tarball entries: [ident, info, checksum] */
-  return typeof entry[1] === "object"
-    ? (entry[1] as Record<string, unknown>)
-    : undefined;
-}
-
-/**
- * Recursively collect all package keys that are required, starting from a set
- * of direct dependency names and walking through their transitive dependencies
- * in the packages section.
- */
-function collectRequiredPackages(
-  directDependencyNames: Set<string>,
-  packages: Record<string, unknown[]>,
-): Set<string> {
-  const required = new Set<string>();
-  const queue = [...directDependencyNames];
-
-  while (queue.length > 0) {
-    const name = queue.pop()!;
-
-    if (required.has(name)) continue;
-
-    const entry = packages[name];
-    if (!entry) continue;
-
-    required.add(name);
-
-    const info = getPackageInfoObject(entry);
-    if (!info) continue;
-
-    /** Walk transitive dependencies from the info object */
-    for (const depField of [
-      "dependencies",
-      "optionalDependencies",
-      "peerDependencies",
-    ]) {
-      const deps = info[depField];
-      if (deps && typeof deps === "object") {
-        for (const depName of Object.keys(deps as Record<string, unknown>)) {
-          if (!required.has(depName)) {
-            queue.push(depName);
-          }
-        }
-      }
-    }
-  }
-
-  return required;
-}
-
 export async function generateBunLockfile({
   workspaceRootDir,
   targetPackageDir,

package/src/lib/patches/collect-installed-names-bun.test.ts

@@ -0,0 +1,154 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { collectInstalledNamesFromBunLockfile } from "./collect-installed-names-bun";
+
+vi.mock("fs-extra", () => ({
+  default: {
+    existsSync: vi.fn(),
+  },
+}));
+
+vi.mock("~/lib/utils", () => ({
+  readTypedJsonSync: vi.fn(),
+}));
+
+const fs = vi.mocked((await import("fs-extra")).default);
+const { readTypedJsonSync } = vi.mocked(await import("~/lib/utils"));
+
+const baseArgs = {
+  workspaceRootDir: "/workspace",
+  targetPackageDir: "/workspace/packages/consumer",
+  internalDepPackageNames: [],
+  packagesRegistry: {},
+  includeDevDependencies: false,
+};
+
+describe("collectInstalledNamesFromBunLockfile", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it("returns an empty set when bun.lock is missing", () => {
+    fs.existsSync.mockReturnValue(false);
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result).toEqual(new Set());
+  });
+
+  it("walks external-to-external transitives from the target workspace entry", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockReturnValue({
+      lockfileVersion: 1,
+      workspaces: {
+        "packages/consumer": {
+          name: "consumer",
+          dependencies: { "@react-pdf/renderer": "^4.0.0" },
+        },
+      },
+      packages: {
+        "@react-pdf/renderer": [
+          "@react-pdf/renderer@4.0.0",
+          "https://registry/...",
+          { dependencies: { "@react-pdf/render": "4.3.0" } },
+          "checksum",
+        ],
+        "@react-pdf/render": [
+          "@react-pdf/render@4.3.0",
+          "https://registry/...",
+          {},
+          "checksum",
+        ],
+      },
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result.has("@react-pdf/renderer")).toBe(true);
+    expect(result.has("@react-pdf/render")).toBe(true);
+  });
+
+  it("walks transitives reachable through internal workspace entries", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockReturnValue({
+      lockfileVersion: 1,
+      workspaces: {
+        "packages/consumer": {
+          name: "consumer",
+          dependencies: { "firebase-package": "workspace:*" },
+        },
+        "packages/firebase-package": {
+          name: "firebase-package",
+          dependencies: { tslib: "^2.0.0" },
+        },
+      },
+      packages: {
+        tslib: ["tslib@2.0.0", "https://registry/...", {}, "checksum"],
+      },
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+      internalDepPackageNames: ["firebase-package"],
+      packagesRegistry: {
+        "firebase-package": {
+          absoluteDir: "/workspace/packages/firebase-package",
+          rootRelativeDir: "packages/firebase-package",
+          manifest: { name: "firebase-package", version: "1.0.0" },
+        },
+      },
+    });
+
+    expect(result.has("tslib")).toBe(true);
+  });
+
+  it("skips devDependencies of the target when includeDevDependencies is false", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockReturnValue({
+      lockfileVersion: 1,
+      workspaces: {
+        "packages/consumer": {
+          name: "consumer",
+          dependencies: { lodash: "^4.0.0" },
+          devDependencies: { typescript: "^5.0.0" },
+        },
+      },
+      packages: {
+        lodash: ["lodash@4.17.21", "https://registry/...", {}, "checksum"],
+        typescript: [
+          "typescript@5.5.0",
+          "https://registry/...",
+          {},
+          "checksum",
+        ],
+      },
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result.has("lodash")).toBe(true);
+    expect(result.has("typescript")).toBe(false);
+  });
+
+  it("returns an empty set when the lockfile read throws", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockImplementation(() => {
+      throw new Error("invalid json");
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result).toEqual(new Set());
+  });
+});

package/src/lib/patches/collect-installed-names-bun.ts

@@ -0,0 +1,87 @@
+import fs from "fs-extra";
+import path from "node:path";
+import {
+  type BunLockfile,
+  collectDependencyNames,
+  collectRequiredPackages,
+} from "~/lib/lockfile/helpers/bun-lockfile";
+import { useLogger } from "~/lib/logger";
+import type { PackagesRegistry } from "~/lib/types";
+import { readTypedJsonSync } from "~/lib/utils";
+
+/**
+ * Walk the workspace bun.lock starting from the target package and its
+ * internal workspace dependencies, returning the set of every package name
+ * that will end up installed in the isolate (including deep
+ * external-to-external transitives).
+ *
+ * Used by `copyPatches` to preserve patches for transitive deps that aren't
+ * directly listed on any internal manifest. Returns an empty set on any
+ * failure so the caller falls back to manifest-based reachability.
+ */
+export function collectInstalledNamesFromBunLockfile({
+  workspaceRootDir,
+  targetPackageDir,
+  internalDepPackageNames,
+  packagesRegistry,
+  includeDevDependencies,
+}: {
+  workspaceRootDir: string;
+  targetPackageDir: string;
+  internalDepPackageNames: string[];
+  packagesRegistry: PackagesRegistry;
+  includeDevDependencies: boolean;
+}): Set<string> {
+  const log = useLogger();
+
+  try {
+    const lockfilePath = path.join(workspaceRootDir, "bun.lock");
+    if (!fs.existsSync(lockfilePath)) {
+      log.debug("No bun.lock available for installed-names walk");
+      return new Set();
+    }
+
+    const lockfile = readTypedJsonSync<BunLockfile>(lockfilePath);
+
+    const targetWorkspaceKey = path
+      .relative(workspaceRootDir, targetPackageDir)
+      .split(path.sep)
+      .join(path.posix.sep);
+
+    const internalWorkspaceKeys = internalDepPackageNames
+      .map((name) => {
+        const pkg = packagesRegistry[name];
+        if (!pkg) return null;
+        return pkg.rootRelativeDir.split(path.sep).join(path.posix.sep);
+      })
+      .filter((key): key is string => Boolean(key));
+
+    const directDependencyNames = new Set<string>();
+
+    const targetEntry = lockfile.workspaces[targetWorkspaceKey];
+    if (targetEntry) {
+      for (const name of collectDependencyNames(
+        targetEntry,
+        includeDevDependencies,
+      )) {
+        directDependencyNames.add(name);
+      }
+    }
+
+    for (const workspaceKey of internalWorkspaceKeys) {
+      const entry = lockfile.workspaces[workspaceKey];
+      if (!entry) continue;
+      /** Internal workspace deps never bring in their devDependencies */
+      for (const name of collectDependencyNames(entry, false)) {
+        directDependencyNames.add(name);
+      }
+    }
+
+    return collectRequiredPackages(directDependencyNames, lockfile.packages);
+  } catch (err) {
+    log.debug(
+      `Failed to walk bun.lock for installed names: ${err instanceof Error ? err.message : String(err)}`,
+    );
+    return new Set();
+  }
+}