poe-code 3.0.376 → 3.0.377
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -59,30 +59,58 @@ function collectBundledPrivateDependencyViolations(options) {
|
|
|
59
59
|
visited.add(current.pkg.name);
|
|
60
60
|
for (const edge of dependencyEdges(current.pkg)) {
|
|
61
61
|
const dep = options.modelByName.get(edge.name);
|
|
62
|
-
if (!dep
|
|
62
|
+
if (!dep) {
|
|
63
|
+
if (isProvidedExternalRuntimeEdge(options.consumer, current.pkg, edge, options.consumerBundled)) {
|
|
64
|
+
continue;
|
|
65
|
+
}
|
|
66
|
+
violations.push({
|
|
67
|
+
rule: id,
|
|
68
|
+
package: options.consumer.name,
|
|
69
|
+
severity: "error",
|
|
70
|
+
via: edge.field,
|
|
71
|
+
detail: {
|
|
72
|
+
dependency: edge.name,
|
|
73
|
+
field: edge.field,
|
|
74
|
+
bundledVia: current.via
|
|
75
|
+
},
|
|
76
|
+
message: `published package bundles ${current.via.join(" -> ")}, whose ${edge.field} requires external package ${edge.name}`,
|
|
77
|
+
fix: `Add ${edge.name} to ${options.consumer.name} "dependencies" or vendor it with bundledDependencies so ${current.pkg.name} can resolve it after install.`
|
|
78
|
+
});
|
|
63
79
|
continue;
|
|
64
80
|
}
|
|
65
|
-
if (
|
|
66
|
-
|
|
67
|
-
|
|
81
|
+
if (dep.private) {
|
|
82
|
+
if (isBundledRuntimeEdge(current.pkg, edge, dep, options.consumerBundled)) {
|
|
83
|
+
pending.push({ pkg: dep, via: [...current.via, dep.name] });
|
|
84
|
+
continue;
|
|
85
|
+
}
|
|
86
|
+
violations.push({
|
|
87
|
+
rule: id,
|
|
88
|
+
package: options.consumer.name,
|
|
89
|
+
severity: "error",
|
|
90
|
+
via: edge.field,
|
|
91
|
+
detail: {
|
|
92
|
+
dependency: dep.name,
|
|
93
|
+
field: edge.field,
|
|
94
|
+
bundledVia: current.via
|
|
95
|
+
},
|
|
96
|
+
message: `published package bundles ${current.via.join(" -> ")}, whose ${edge.field} requires private workspace package ${dep.name}`,
|
|
97
|
+
fix: `Bundle ${dep.name} into ${current.pkg.name}, publish ${dep.name}, or remove the ${edge.field} edge from the bundled package manifest.`
|
|
98
|
+
});
|
|
68
99
|
}
|
|
69
|
-
violations.push({
|
|
70
|
-
rule: id,
|
|
71
|
-
package: options.consumer.name,
|
|
72
|
-
severity: "error",
|
|
73
|
-
via: edge.field,
|
|
74
|
-
detail: {
|
|
75
|
-
dependency: dep.name,
|
|
76
|
-
field: edge.field,
|
|
77
|
-
bundledVia: current.via
|
|
78
|
-
},
|
|
79
|
-
message: `published package bundles ${current.via.join(" -> ")}, whose ${edge.field} requires private workspace package ${dep.name}`,
|
|
80
|
-
fix: `Bundle ${dep.name} into ${current.pkg.name}, publish ${dep.name}, or remove the ${edge.field} edge from the bundled package manifest.`
|
|
81
|
-
});
|
|
82
100
|
}
|
|
83
101
|
}
|
|
84
102
|
return violations;
|
|
85
103
|
}
|
|
104
|
+
function hasOwn(record, name) {
|
|
105
|
+
return Object.prototype.hasOwnProperty.call(record, name);
|
|
106
|
+
}
|
|
107
|
+
function isProvidedExternalRuntimeEdge(consumer, pkg, edge, consumerBundled) {
|
|
108
|
+
return (edge.field === "peerDependencies" ||
|
|
109
|
+
pkg.bundledDependencies.includes(edge.name) ||
|
|
110
|
+
consumerBundled.has(edge.name) ||
|
|
111
|
+
hasOwn(consumer.dependencies, edge.name) ||
|
|
112
|
+
hasOwn(consumer.optionalDependencies, edge.name));
|
|
113
|
+
}
|
|
86
114
|
function isBundledRuntimeEdge(pkg, edge, dep, consumerBundled) {
|
|
87
115
|
return (edge.field !== "peerDependencies" &&
|
|
88
116
|
(pkg.bundledDependencies.includes(dep.name) || consumerBundled.has(dep.name)));
|