npm-pkg-lint 3.6.8 → 3.7.1

package/README.md

@@ -218,6 +218,8 @@ Examples of obsolete packages:
 - `mkdirp` - `fs#mkdir` supports the `recursive` flag since NodeJS v10.
 - `stable` - `Array#sort` is stable since NodeJS v12.
 
+If needed, `--allow-dependency` can be used to ignore one or more dependencies.
+
 ## Shebang
 
 Require all binaries to have UNIX-style shebang at the beginning of the file.

package/dist/index.js

@@ -19792,43 +19792,72 @@ async function npmInfo(pkg, options = { ignoreUnpublished: false }) {
 
 // src/rules/deprecated-dependency.ts
 var ruleId2 = "no-deprecated-dependency";
+function createEntry(key, version3, source) {
+  if (version3.startsWith("npm:")) {
+    const [newKey, newVersion] = version3.slice("npm:".length).split("@", 2);
+    key = newKey;
+    version3 = newVersion;
+  }
+  if (key === "@types/node") {
+    return null;
+  }
+  const minVersion = import_semver.default.minVersion(version3);
+  return {
+    name: key,
+    version: version3,
+    spec: `${key}@${minVersion ? minVersion.version : version3}`,
+    source
+  };
+}
 function* getDependencies(pkg) {
   const { dependencies = {}, devDependencies = {}, peerDependencies = {} } = pkg;
-  const allDependencies = { ...dependencies, ...devDependencies, ...peerDependencies };
-  for (let [key, version3] of Object.entries(allDependencies)) {
-    if (version3.startsWith("npm:")) {
-      const [newKey, newVersion] = version3.slice("npm:".length).split("@", 2);
-      key = newKey;
-      version3 = newVersion;
+  for (const [key, version3] of Object.entries(dependencies)) {
+    const entry = createEntry(key, version3, "dependencies");
+    if (entry) {
+      yield entry;
     }
-    if (key === "@types/node") {
-      continue;
+  }
+  for (const [key, version3] of Object.entries(devDependencies)) {
+    const entry = createEntry(key, version3, "devDependencies");
+    if (entry) {
+      yield entry;
+    }
+  }
+  for (const [key, version3] of Object.entries(peerDependencies)) {
+    const entry = createEntry(key, version3, "peerDependencies");
+    if (entry) {
+      yield entry;
     }
-    const minVersion = import_semver.default.minVersion(version3);
-    yield `${key}@${minVersion ? minVersion.version : version3}`;
   }
 }
-async function deprecatedDependency(pkg) {
+async function deprecatedDependency(pkg, options) {
+  const { allowedDependencies: allowedDependencies2 } = options;
   const messages = [];
   for await (const dependency of getDependencies(pkg)) {
+    if (allowedDependencies2.has(dependency.name)) {
+      continue;
+    }
     try {
-      const { deprecated } = await npmInfo(dependency);
+      const { deprecated } = await npmInfo(dependency.spec);
       if (!deprecated) {
         continue;
       }
       messages.push({
         ruleId: ruleId2,
         severity: 2,
-        message: `"${dependency}" is deprecated and must not be used`,
+        message: `"${dependency.spec}" is deprecated and must not be used`,
         line: 1,
         column: 1
       });
     } catch (err) {
       if (isNpmInfoError(err) && err.code === "E404") {
+        if (dependency.source === "devDependencies") {
+          continue;
+        }
         messages.push({
           ruleId: ruleId2,
           severity: 1,
-          message: `the dependency "${dependency}" is not published to the NPM registry`,
+          message: `the dependency "${dependency.spec}" is not published to the NPM registry`,
           line: 1,
           column: 1
         });
@@ -20264,7 +20293,7 @@ function verifyDependencies(pkg, options) {
 async function verifyPackageJson(pkg, filePath, options = { allowedDependencies: /* @__PURE__ */ new Set(), ignoreNodeVersion: false }) {
   const { ignoreNodeVersion } = options;
   const messages = [
-    ...await deprecatedDependency(pkg),
+    ...await deprecatedDependency(pkg, options),
     ...await verifyEngineConstraint(pkg),
     ...exportsTypesOrder(pkg),
     ...verifyFields(pkg, options),