isolate-package 1.33.0 → 1.35.0

package/src/lib/package-manager/helpers/infer-from-manifest.ts

@@ -1,8 +1,8 @@
 import fs from "fs-extra";
 import assert from "node:assert";
 import path from "node:path";
-import { useLogger } from "~/lib/logger";
-import { getMajorVersion } from "~/lib/utils/get-major-version";
+import { useLogger } from "#/lib/logger";
+import { getMajorVersion } from "#/lib/utils/get-major-version";
 import type { PackageManifest } from "../../types";
 import { readTypedJsonSync } from "../../utils";
 import type { PackageManagerName } from "../names";
@@ -11,19 +11,18 @@ import { getLockfileFileName, supportedPackageManagerNames } from "../names";
 export function inferFromManifest(workspaceRoot: string) {
   const log = useLogger();
 
-  const { packageManager: packageManagerString } =
-    readTypedJsonSync<PackageManifest>(
-      path.join(workspaceRoot, "package.json"),
-    );
+  const { packageManager: packageManagerString } = readTypedJsonSync(
+    path.join(workspaceRoot, "package.json"),
+  ) as PackageManifest;
 
   if (!packageManagerString) {
     log.debug("No packageManager field found in root manifest");
-    return;
+    return null;
   }
 
   const [name, version = "*"] = packageManagerString.split("@") as [
     PackageManagerName,
-    string,
+    string | undefined,
   ];
 
   assert(

package/src/lib/package-manager/index.ts

@@ -9,7 +9,7 @@ let packageManager: PackageManager | undefined;
 
 export function usePackageManager() {
   if (!packageManager) {
-    throw Error(
+    throw new Error(
       "No package manager detected. Make sure to call detectPackageManager() before usePackageManager()",
     );
   }

package/src/lib/package-manager/names.ts

@@ -14,15 +14,13 @@ export type PackageManager = {
   packageManagerString?: string;
 };
 
+const lockfileFileNamesByPackageManager: Record<PackageManagerName, string> = {
+  bun: "bun.lock",
+  pnpm: "pnpm-lock.yaml",
+  yarn: "yarn.lock",
+  npm: "package-lock.json",
+};
+
 export function getLockfileFileName(name: PackageManagerName) {
-  switch (name) {
-    case "bun":
-      return "bun.lock";
-    case "pnpm":
-      return "pnpm-lock.yaml";
-    case "yarn":
-      return "yarn.lock";
-    case "npm":
-      return "package-lock.json";
-  }
+  return lockfileFileNamesByPackageManager[name];
 }

package/src/lib/patches/collect-installed-names-bun.test.ts

@@ -0,0 +1,154 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { collectInstalledNamesFromBunLockfile } from "./collect-installed-names-bun";
+
+vi.mock("fs-extra", () => ({
+  default: {
+    existsSync: vi.fn(),
+  },
+}));
+
+vi.mock("#/lib/utils", () => ({
+  readTypedJsonSync: vi.fn(),
+}));
+
+const fs = vi.mocked((await import("fs-extra")).default);
+const { readTypedJsonSync } = vi.mocked(await import("#/lib/utils"));
+
+const baseArgs = {
+  workspaceRootDir: "/workspace",
+  targetPackageDir: "/workspace/packages/consumer",
+  internalDepPackageNames: [],
+  packagesRegistry: {},
+  includeDevDependencies: false,
+};
+
+describe("collectInstalledNamesFromBunLockfile", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it("returns an empty set when bun.lock is missing", () => {
+    fs.existsSync.mockReturnValue(false);
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result).toEqual(new Set());
+  });
+
+  it("walks external-to-external transitives from the target workspace entry", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockReturnValue({
+      lockfileVersion: 1,
+      workspaces: {
+        "packages/consumer": {
+          name: "consumer",
+          dependencies: { "@react-pdf/renderer": "^4.0.0" },
+        },
+      },
+      packages: {
+        "@react-pdf/renderer": [
+          "@react-pdf/renderer@4.0.0",
+          "https://registry/...",
+          { dependencies: { "@react-pdf/render": "4.3.0" } },
+          "checksum",
+        ],
+        "@react-pdf/render": [
+          "@react-pdf/render@4.3.0",
+          "https://registry/...",
+          {},
+          "checksum",
+        ],
+      },
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result.has("@react-pdf/renderer")).toBe(true);
+    expect(result.has("@react-pdf/render")).toBe(true);
+  });
+
+  it("walks transitives reachable through internal workspace entries", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockReturnValue({
+      lockfileVersion: 1,
+      workspaces: {
+        "packages/consumer": {
+          name: "consumer",
+          dependencies: { "firebase-package": "workspace:*" },
+        },
+        "packages/firebase-package": {
+          name: "firebase-package",
+          dependencies: { tslib: "^2.0.0" },
+        },
+      },
+      packages: {
+        tslib: ["tslib@2.0.0", "https://registry/...", {}, "checksum"],
+      },
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+      internalDepPackageNames: ["firebase-package"],
+      packagesRegistry: {
+        "firebase-package": {
+          absoluteDir: "/workspace/packages/firebase-package",
+          rootRelativeDir: "packages/firebase-package",
+          manifest: { name: "firebase-package", version: "1.0.0" },
+        },
+      },
+    });
+
+    expect(result.has("tslib")).toBe(true);
+  });
+
+  it("skips devDependencies of the target when includeDevDependencies is false", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockReturnValue({
+      lockfileVersion: 1,
+      workspaces: {
+        "packages/consumer": {
+          name: "consumer",
+          dependencies: { lodash: "^4.0.0" },
+          devDependencies: { typescript: "^5.0.0" },
+        },
+      },
+      packages: {
+        lodash: ["lodash@4.17.21", "https://registry/...", {}, "checksum"],
+        typescript: [
+          "typescript@5.5.0",
+          "https://registry/...",
+          {},
+          "checksum",
+        ],
+      },
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result.has("lodash")).toBe(true);
+    expect(result.has("typescript")).toBe(false);
+  });
+
+  it("returns an empty set when the lockfile read throws", () => {
+    fs.existsSync.mockReturnValue(true);
+    readTypedJsonSync.mockImplementation(() => {
+      throw new Error("invalid json");
+    });
+
+    const result = collectInstalledNamesFromBunLockfile({
+      ...baseArgs,
+    });
+
+    expect(result).toEqual(new Set());
+  });
+});

package/src/lib/patches/collect-installed-names-bun.ts

@@ -0,0 +1,87 @@
+import fs from "fs-extra";
+import path from "node:path";
+import {
+  type BunLockfile,
+  collectDependencyNames,
+  collectRequiredPackages,
+} from "#/lib/lockfile/helpers/bun-lockfile";
+import { useLogger } from "#/lib/logger";
+import type { PackagesRegistry } from "#/lib/types";
+import { readTypedJsonSync } from "#/lib/utils";
+
+/**
+ * Walk the workspace bun.lock starting from the target package and its
+ * internal workspace dependencies, returning the set of every package name
+ * that will end up installed in the isolate (including deep
+ * external-to-external transitives).
+ *
+ * Used by `copyPatches` to preserve patches for transitive deps that aren't
+ * directly listed on any internal manifest. Returns an empty set on any
+ * failure so the caller falls back to manifest-based reachability.
+ */
+export function collectInstalledNamesFromBunLockfile({
+  workspaceRootDir,
+  targetPackageDir,
+  internalDepPackageNames,
+  packagesRegistry,
+  includeDevDependencies,
+}: {
+  workspaceRootDir: string;
+  targetPackageDir: string;
+  internalDepPackageNames: string[];
+  packagesRegistry: PackagesRegistry;
+  includeDevDependencies: boolean;
+}): Set<string> {
+  const log = useLogger();
+
+  try {
+    const lockfilePath = path.join(workspaceRootDir, "bun.lock");
+    if (!fs.existsSync(lockfilePath)) {
+      log.debug("No bun.lock available for installed-names walk");
+      return new Set();
+    }
+
+    const lockfile = readTypedJsonSync(lockfilePath) as BunLockfile;
+
+    const targetWorkspaceKey = path
+      .relative(workspaceRootDir, targetPackageDir)
+      .split(path.sep)
+      .join(path.posix.sep);
+
+    const internalWorkspaceKeys = internalDepPackageNames
+      .map((name) => {
+        const pkg = packagesRegistry[name];
+        if (!pkg) return null;
+        return pkg.rootRelativeDir.split(path.sep).join(path.posix.sep);
+      })
+      .filter(Boolean) as string[];
+
+    const directDependencyNames = new Set<string>();
+
+    const targetEntry = lockfile.workspaces[targetWorkspaceKey];
+    if (targetEntry) {
+      for (const name of collectDependencyNames(
+        targetEntry,
+        includeDevDependencies,
+      )) {
+        directDependencyNames.add(name);
+      }
+    }
+
+    for (const workspaceKey of internalWorkspaceKeys) {
+      const entry = lockfile.workspaces[workspaceKey];
+      if (!entry) continue;
+      /** Internal workspace deps never bring in their devDependencies */
+      for (const name of collectDependencyNames(entry, false)) {
+        directDependencyNames.add(name);
+      }
+    }
+
+    return collectRequiredPackages(directDependencyNames, lockfile.packages);
+  } catch (error) {
+    log.debug(
+      `Failed to walk bun.lock for installed names: ${error instanceof Error ? error.message : String(error)}`,
+    );
+    return new Set();
+  }
+}

package/src/lib/patches/collect-installed-names-pnpm.test.ts

@@ -0,0 +1,316 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { collectInstalledNamesFromPnpmLockfile } from "./collect-installed-names-pnpm";
+
+vi.mock("pnpm_lockfile_file_v8", () => ({
+  readWantedLockfile: vi.fn(() => Promise.resolve(null)),
+  getLockfileImporterId: vi.fn(
+    (root: string, dir: string) => dir.replace(`${root}/`, "") || ".",
+  ),
+}));
+
+vi.mock("pnpm_lockfile_file_v9", () => ({
+  readWantedLockfile: vi.fn(() => Promise.resolve(null)),
+  getLockfileImporterId: vi.fn(
+    (root: string, dir: string) => dir.replace(`${root}/`, "") || ".",
+  ),
+}));
+
+vi.mock("#/lib/utils", () => ({
+  getPackageName: vi.fn((spec: string) => {
+    if (spec.startsWith("@")) {
+      const parts = spec.split("@");
+      return `@${parts[1] ?? ""}`;
+    }
+    return spec.split("@")[0] ?? "";
+  }),
+  isRushWorkspace: vi.fn(() => false),
+}));
+
+const { readWantedLockfile: readWantedLockfile_v9 } = vi.mocked(
+  await import("pnpm_lockfile_file_v9"),
+);
+const { readWantedLockfile: readWantedLockfile_v8 } = vi.mocked(
+  await import("pnpm_lockfile_file_v8"),
+);
+
+const baseArgs = {
+  workspaceRootDir: "/workspace",
+  targetPackageDir: "/workspace/packages/consumer",
+  internalDepPackageNames: [],
+  packagesRegistry: {},
+  includeDevDependencies: false,
+};
+
+describe("collectInstalledNamesFromPnpmLockfile", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it("returns an empty set when the lockfile is missing", async () => {
+    readWantedLockfile_v9.mockResolvedValue(null);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+    });
+
+    expect(result).toEqual(new Set());
+  });
+
+  it("walks external-to-external transitives from the target importer", async () => {
+    readWantedLockfile_v9.mockResolvedValue({
+      lockfileVersion: "9.0",
+      importers: {
+        "packages/consumer": {
+          specifiers: { "@react-pdf/renderer": "^4.0.0" },
+          dependencies: { "@react-pdf/renderer": "4.0.0" },
+        },
+      },
+      packages: {
+        "@react-pdf/renderer@4.0.0": {
+          resolution: { integrity: "sha512-x" },
+          dependencies: { "@react-pdf/render": "4.3.0" },
+        },
+        "@react-pdf/render@4.3.0": {
+          resolution: { integrity: "sha512-y" },
+        },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v9>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+    });
+
+    expect(result.has("@react-pdf/renderer")).toBe(true);
+    expect(result.has("@react-pdf/render")).toBe(true);
+  });
+
+  it("walks transitives reachable through internal workspace importers", async () => {
+    readWantedLockfile_v9.mockResolvedValue({
+      lockfileVersion: "9.0",
+      importers: {
+        "packages/consumer": {
+          specifiers: { "firebase-package": "workspace:*" },
+          dependencies: { "firebase-package": "link:../firebase-package" },
+        },
+        "packages/firebase-package": {
+          specifiers: { tslib: "^2.0.0" },
+          dependencies: { tslib: "2.0.0" },
+        },
+      },
+      packages: {
+        "tslib@2.0.0": { resolution: { integrity: "sha512-z" } },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v9>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      internalDepPackageNames: ["firebase-package"],
+      packagesRegistry: {
+        "firebase-package": {
+          absoluteDir: "/workspace/packages/firebase-package",
+          rootRelativeDir: "packages/firebase-package",
+          manifest: { name: "firebase-package", version: "1.0.0" },
+        },
+      },
+      majorVersion: 9,
+    });
+
+    expect(result.has("tslib")).toBe(true);
+  });
+
+  it("does not include the target's devDependencies when includeDevDependencies is false", async () => {
+    readWantedLockfile_v9.mockResolvedValue({
+      lockfileVersion: "9.0",
+      importers: {
+        "packages/consumer": {
+          specifiers: { lodash: "^4.0.0", typescript: "^5.0.0" },
+          dependencies: { lodash: "4.17.21" },
+          devDependencies: { typescript: "5.5.0" },
+        },
+      },
+      packages: {
+        "lodash@4.17.21": { resolution: { integrity: "sha512-a" } },
+        "typescript@5.5.0": { resolution: { integrity: "sha512-b" } },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v9>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+    });
+
+    expect(result.has("lodash")).toBe(true);
+    expect(result.has("typescript")).toBe(false);
+  });
+
+  it("includes the target's devDependencies when includeDevDependencies is true", async () => {
+    readWantedLockfile_v9.mockResolvedValue({
+      lockfileVersion: "9.0",
+      importers: {
+        "packages/consumer": {
+          specifiers: { typescript: "^5.0.0" },
+          devDependencies: { typescript: "5.5.0" },
+        },
+      },
+      packages: {
+        "typescript@5.5.0": { resolution: { integrity: "sha512-b" } },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v9>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+      includeDevDependencies: true,
+    });
+
+    expect(result.has("typescript")).toBe(true);
+  });
+
+  it("walks transitives via v8 v5-style depPath keys for pnpm major < 9", async () => {
+    /**
+     * After `readWantedLockfile_v8` normalizes a pnpm 8 lockfile (lockfile
+     * version 6.x), `lockfile.packages` is keyed in v5 form: leading slash
+     * with `/` separator between name and version, e.g. `/foo/1.0.0` and
+     * `/@scope/foo/1.0.0`.
+     */
+    readWantedLockfile_v8.mockResolvedValue({
+      lockfileVersion: 6.1,
+      importers: {
+        "packages/consumer": {
+          specifiers: { "@react-pdf/renderer": "^4.0.0" },
+          dependencies: { "@react-pdf/renderer": "4.0.0" },
+        },
+      },
+      packages: {
+        "/@react-pdf/renderer/4.0.0": {
+          resolution: { integrity: "sha512-x" },
+          dependencies: { "@react-pdf/render": "4.3.0" },
+        },
+        "/@react-pdf/render/4.3.0": {
+          resolution: { integrity: "sha512-y" },
+        },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v8>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 8,
+    });
+
+    expect(readWantedLockfile_v8).toHaveBeenCalled();
+    expect(readWantedLockfile_v9).not.toHaveBeenCalled();
+    expect(result.has("@react-pdf/renderer")).toBe(true);
+    expect(result.has("@react-pdf/render")).toBe(true);
+  });
+
+  it("includes peerDependencies of package snapshots in the name set", async () => {
+    /**
+     * Peer requirement values aren't resolved depPaths, so we just collect
+     * the names. This mirrors `collectReachablePackageNames` and the bun
+     * walker, both of which include peerDependencies.
+     */
+    readWantedLockfile_v9.mockResolvedValue({
+      lockfileVersion: "9.0",
+      importers: {
+        "packages/consumer": {
+          specifiers: { "some-pkg": "^1.0.0" },
+          dependencies: { "some-pkg": "1.0.0" },
+        },
+      },
+      packages: {
+        "some-pkg@1.0.0": {
+          resolution: { integrity: "sha512-p" },
+          peerDependencies: { "peer-only-dep": ">=1" },
+        },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v9>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+    });
+
+    expect(result.has("some-pkg")).toBe(true);
+    expect(result.has("peer-only-dep")).toBe(true);
+  });
+
+  it("strips peer-resolution suffixes when extracting package names", async () => {
+    readWantedLockfile_v9.mockResolvedValue({
+      lockfileVersion: "9.0",
+      importers: {
+        "packages/consumer": {
+          specifiers: { "react-dom": "^18.0.0" },
+          dependencies: {
+            "react-dom": "18.2.0(react@18.2.0)",
+          },
+        },
+      },
+      packages: {
+        "react-dom@18.2.0(react@18.2.0)": {
+          resolution: { integrity: "sha512-d" },
+          dependencies: { react: "18.2.0" },
+        },
+        "react@18.2.0": { resolution: { integrity: "sha512-e" } },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v9>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+    });
+
+    expect(result.has("react-dom")).toBe(true);
+    expect(result.has("react")).toBe(true);
+  });
+
+  it("returns an empty set when the lockfile read throws", async () => {
+    readWantedLockfile_v9.mockRejectedValueOnce(new Error("boom"));
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+    });
+
+    expect(result).toEqual(new Set());
+  });
+
+  it("normalizes the target importer id before the isTarget check (Windows)", async () => {
+    /**
+     * Simulate Windows: getLockfileImporterId returns a backslash-separated
+     * id, but the lockfile's importer keys use POSIX separators. Without
+     * normalizing the id used in the isTarget comparison, the target's
+     * devDependencies would be skipped even with includeDevDependencies=true.
+     */
+    const { getLockfileImporterId } = vi.mocked(
+      await import("pnpm_lockfile_file_v9"),
+    );
+    getLockfileImporterId.mockReturnValueOnce("packages\\consumer");
+
+    readWantedLockfile_v9.mockResolvedValue({
+      lockfileVersion: "9.0",
+      importers: {
+        "packages/consumer": {
+          specifiers: { typescript: "^5.0.0" },
+          devDependencies: { typescript: "5.5.0" },
+        },
+      },
+      packages: {
+        "typescript@5.5.0": { resolution: { integrity: "sha512-w" } },
+      },
+    } as unknown as Awaited<ReturnType<typeof readWantedLockfile_v9>>);
+
+    const result = await collectInstalledNamesFromPnpmLockfile({
+      ...baseArgs,
+      majorVersion: 9,
+      includeDevDependencies: true,
+    });
+
+    expect(result.has("typescript")).toBe(true);
+  });
+});