npm - socket - Versions diffs - 1.0.70 → 1.0.72 - Mend

socket 1.0.70 → 1.0.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/bin/npm-cli.js +1 -1
package/bin/npx-cli.js +1 -1
package/dist/cli.js +79 -43
package/dist/cli.js.map +1 -1
package/dist/constants.js +4 -4
package/dist/constants.js.map +1 -1
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/fix/npm-fix.d.mts.map +1 -1
package/dist/types/commands/fix/pnpm-fix.d.mts.map +1 -1
package/dist/types/utils/pnpm.d.mts.map +1 -1
package/dist/utils.js +6 -2
package/dist/utils.js.map +1 -1
package/package.json +4 -4
package/shadow-bin/npm +1 -1
package/shadow-bin/npx +1 -1

package/bin/npm-cli.js CHANGED Viewed

@@ -6,5 +6,5 @@ const path = require('node:path')
 const rootPath = path.join(__dirname, '..')
 Module.enableCompileCache?.(path.join(rootPath, '.cache'))
-const shadowBin = require(path.join(rootPath, 'dist/shadow-bin.js'))
+const shadowBin = require(path.join(rootPath, 'dist/shadow-npm-bin.js'))
 shadowBin('npm')

package/bin/npx-cli.js CHANGED Viewed

@@ -6,5 +6,5 @@ const path = require('node:path')
 const rootPath = path.join(__dirname, '..')
 Module.enableCompileCache?.(path.join(rootPath, '.cache'))
-const shadowBin = require(path.join(rootPath, 'dist/shadow-bin.js'))
+const shadowBin = require(path.join(rootPath, 'dist/shadow-npm-bin.js'))
 shadowBin('npx')

package/dist/cli.js CHANGED Viewed

@@ -3994,12 +3994,12 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
             }
             continue infosLoop;
           }
+          spinner?.start();
           if (!hasAnnouncedWorkspace) {
             hasAnnouncedWorkspace = true;
             workspaceLogCallCount = logger.logger.logCallCount;
           }
           const newId = `${name}@${utils.applyRange(refRange, newVersion, rangeStyle)}`;
-          spinner?.start();
           spinner?.info(`Installing ${newId} in ${workspace}.`);
           let error;
           let errored = false;
@@ -4327,6 +4327,7 @@ async function npmFix(pkgEnvDetails, fixConfig) {
   return await agentFix(pkgEnvDetails, actualTree, alertsMap, install$1, {
     async beforeInstall(editablePkgJson) {
       revertData = {
+        // Track existing dependencies in the root package.json to revert to later.
         ...(editablePkgJson.content.dependencies && {
           dependencies: {
             ...editablePkgJson.content.dependencies
@@ -4345,24 +4346,34 @@ async function npmFix(pkgEnvDetails, fixConfig) {
       };
     },
     async afterUpdate(editablePkgJson, packument, oldVersion, newVersion) {
-      const isWorkspaceRoot = editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename;
-      if (isWorkspaceRoot) {
-        const arb = new shadowNpmInject.Arborist({
-          path: pkgEnvDetails.pkgPath,
-          ...flatConfig,
-          ...shadowNpmInject.SAFE_WITH_SAVE_ARBORIST_REIFY_OPTIONS_OVERRIDES
-        });
-        const idealTree = await arb.buildIdealTree();
-        const node = shadowNpmInject.findPackageNode(idealTree, packument.name, oldVersion);
-        if (node) {
-          shadowNpmInject.updateNode(node, newVersion, packument.versions[newVersion]);
-          await arb.reify();
-        }
+      // Exit early if not the root workspace.
+      if (editablePkgJson.filename !== pkgEnvDetails.editablePkgJson.filename) {
+        return;
+      }
+      // Update package-lock.json using @npmcli/arborist.
+      const arb = new shadowNpmInject.Arborist({
+        path: pkgEnvDetails.pkgPath,
+        ...flatConfig,
+        ...shadowNpmInject.SAFE_WITH_SAVE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+      });
+      // Build the ideal tree of nodes that are used to generated the saved
+      // package-lock.json
+      const idealTree = await arb.buildIdealTree();
+      const node = shadowNpmInject.findPackageNode(idealTree, packument.name, oldVersion);
+      if (node) {
+        // Update the ideal tree node.
+        shadowNpmInject.updateNode(node, newVersion, packument.versions[newVersion]);
+        // Save package-lock.json lockfile.
+        await arb.reify();
       }
     },
     async revertInstall(editablePkgJson) {
       if (revertData) {
+        // Revert package.json.
         editablePkgJson.update(revertData);
+        await editablePkgJson.save({
+          ignoreWhitespace: true
+        });
       }
     }
   }, fixConfig);
@@ -4449,9 +4460,7 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
   } = fixConfig;
   spinner?.start();
   let actualTree;
-  let {
-    lockSrc
-  } = pkgEnvDetails;
+  let lockSrc = pkgEnvDetails.lockSrc;
   let lockfile = utils.parsePnpmLockfile(lockSrc);
   // Update pnpm-lock.yaml if its version is older than what the installed pnpm
   // produces.
@@ -4461,10 +4470,13 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
       cwd,
       spinner
     });
-    const maybeLockSrc = maybeActualTree ? await utils.readLockfile(pkgEnvDetails.lockPath) : null;
-    if (maybeActualTree && maybeLockSrc) {
+    if (maybeActualTree) {
+      lockSrc = (await utils.readLockfile(pkgEnvDetails.lockPath)) ?? '';
+    } else {
+      lockSrc = '';
+    }
+    if (lockSrc) {
       actualTree = maybeActualTree;
-      lockSrc = maybeLockSrc;
       lockfile = utils.parsePnpmLockfile(lockSrc);
     } else {
       lockfile = null;
@@ -4498,27 +4510,32 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
   }
   let revertData;
   let revertOverrides;
-  let revertOverridesSrc;
+  let revertOverridesSrc = '';
   return await agentFix(pkgEnvDetails, actualTree, alertsMap, install, {
     async beforeInstall(editablePkgJson, packument, oldVersion, newVersion, vulnerableVersionRange, options) {
-      const isWorkspaceRoot = editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename;
-      // Get current overrides for revert logic.
-      const {
-        overrides: oldOverrides
-      } = getOverridesDataPnpm(pkgEnvDetails, editablePkgJson.content);
-      const oldPnpmSection = editablePkgJson.content[PNPM$6];
-      const overrideKey = `${packument.name}@${vulnerableVersionRange}`;
-      revertOverrides = undefined;
-      revertOverridesSrc = utils.extractOverridesFromPnpmLockSrc(lockSrc);
-      if (isWorkspaceRoot) {
+      lockSrc = (await utils.readLockfile(pkgEnvDetails.lockPath)) ?? '';
+      // Update overrides for the root workspace.
+      if (editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename) {
+        const {
+          overrides: oldOverrides
+        } = getOverridesDataPnpm(pkgEnvDetails, editablePkgJson.content);
+        const oldPnpmSection = editablePkgJson.content[PNPM$6];
+        const overrideKey = `${packument.name}@${vulnerableVersionRange}`;
+        revertOverridesSrc = utils.extractOverridesFromPnpmLockSrc(lockSrc);
+        // Track existing overrides in the root package.json to revert to later.
         revertOverrides = {
           [PNPM$6]: oldPnpmSection ? {
             ...oldPnpmSection,
             [OVERRIDES$1]: require$$7.hasKeys(oldOverrides) ? {
               ...oldOverrides,
               [overrideKey]: undefined
-            } : undefined
-          } : undefined
+            } :
+            // Properties with undefined values are deleted when saved as JSON.
+            undefined
+          } :
+          // Properties with undefined values are deleted when saved as JSON.
+          undefined
         };
         // Update overrides in the root package.json so that when `pnpm install`
         // generates pnpm-lock.yaml it updates transitive dependencies too.
@@ -4531,9 +4548,15 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
             }
           }
         });
+      } else {
+        revertOverrides = undefined;
+        revertOverridesSrc = '';
       }
       revertData = {
+        // If "pnpm" or "pnpm.overrides" fields are undefined they will be
+        // deleted when saved.
         ...revertOverrides,
+        // Track existing dependencies in the root package.json to revert to later.
         ...(editablePkgJson.content.dependencies && {
           dependencies: {
             ...editablePkgJson.content.dependencies
@@ -4556,19 +4579,32 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
         // Revert overrides metadata in package.json now that pnpm-lock.yaml
         // has been updated.
         editablePkgJson.update(revertOverrides);
+        await editablePkgJson.save({
+          ignoreWhitespace: true
+        });
       }
-      await editablePkgJson.save({
-        ignoreWhitespace: true
-      });
-      const updatedOverridesContent = utils.extractOverridesFromPnpmLockSrc(lockSrc);
-      if (updatedOverridesContent && revertOverridesSrc) {
-        lockSrc = lockSrc.replace(updatedOverridesContent, revertOverridesSrc);
-        await fs$1.promises.writeFile(pkgEnvDetails.lockPath, lockSrc, 'utf8');
+      lockSrc = (await utils.readLockfile(pkgEnvDetails.lockPath)) ?? '';
+      // Remove "overrides" block from pnpm-lock.yaml lockfile when processing
+      // the root workspace.
+      if (editablePkgJson.filename === pkgEnvDetails.editablePkgJson.filename) {
+        const updatedOverridesContent = utils.extractOverridesFromPnpmLockSrc(lockSrc);
+        if (updatedOverridesContent) {
+          // Remove "overrides" block from pnpm-lock.yaml lockfile.
+          lockSrc = lockSrc.replace(updatedOverridesContent, revertOverridesSrc);
+          // Save pnpm-lock.yaml lockfile.
+          await fs$1.promises.writeFile(pkgEnvDetails.lockPath, lockSrc, 'utf8');
+        }
       }
     },
     async revertInstall(editablePkgJson) {
       if (revertData) {
+        // Revert package.json.
         editablePkgJson.update(revertData);
+        await editablePkgJson.save({
+          ignoreWhitespace: true
+        });
+        // Revert pnpm-lock.yaml lockfile to be on the safe side.
+        await fs$1.promises.writeFile(pkgEnvDetails.lockPath, lockSrc, 'utf8');
       }
     }
   }, fixConfig);
@@ -7480,7 +7516,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
           }
         });
       } else {
-        // Properties with undefined values are omitted when saved as JSON.
+        // Properties with undefined values are deleted when saved as JSON.
         editablePkgJson.update(require$$7.hasKeys(oldValue) ? {
           [field]: {
             ...(isPnpmObj ? oldValue : {}),
@@ -7491,7 +7527,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
         });
       }
     } else if (field === OVERRIDES || field === RESOLUTIONS) {
-      // Properties with undefined values are omitted when saved as JSON.
+      // Properties with undefined values are deleted when saved as JSON.
       editablePkgJson.update({
         [field]: require$$7.hasKeys(value) ? value : undefined
       });
@@ -14595,5 +14631,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=c419b9c7-a1f4-4307-8197-19068fed4cd4
+//# debugId=e65f1be3-82a5-4c66-a17f-0c3cdbe8bf46
 //# sourceMappingURL=cli.js.map