Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(npm): add support for npm packages in lock files #15938

Merged
merged 40 commits into from
Oct 25, 2022
Merged

fix(npm): add support for npm packages in lock files #15938

merged 40 commits into from
Oct 25, 2022

Conversation

bartlomieju
Copy link
Member

Closes #15696

dsherret
dsherret reviewed Sep 17, 2022
View reviewed changes
Copy link
Member

@dsherret dsherret left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we'll need to add version requirement to version resolution to the lockfile before landing this.

cli/tests/testdata/npm/lock_file/lock.json Outdated Show resolved Hide resolved
@bartlomieju
Copy link
Member Author

Discussed offline with @dsherret. This PR needs more work as we need to store way more information in the lock file. After some discussion we are in agreement that we need a new format for the config file, which is a much bigger endeavor and will probably be done in v1.27.

@bartlomieju bartlomieju modified the milestones: 1.28, 1.27 Sep 26, 2022
bartlomieju
bartlomieju commented Oct 21, 2022
View reviewed changes
cli/lockfile.rs Outdated Show resolved Hide resolved
cli/lockfile.rs Outdated Show resolved Hide resolved
cli/lockfile.rs Outdated Show resolved Hide resolved
dsherret
dsherret reviewed Oct 21, 2022
View reviewed changes
cli/lockfile.rs Outdated Show resolved Hide resolved
cli/lockfile.rs Outdated Show resolved Hide resolved
bartlomieju
bartlomieju commented Oct 24, 2022
View reviewed changes
cli/lockfile.rs Outdated Show resolved Hide resolved
dsherret
dsherret reviewed Oct 25, 2022
View reviewed changes
Copy link
Member

@dsherret dsherret left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should take the time to change the API to prepare this for use in the language server.

cli/lockfile.rs Outdated Show resolved Hide resolved
cli/lockfile.rs Outdated
.unwrap_or(&package.dist.shasum);
if &package_info.integrity != integrity {
return Err(anyhow!(
"Integrity check failed for npm package: {}. Pass --lock-write to update the lockfile.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do other tools recommend to update the lockfile if the integrity check fails?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Example from yarn:

Incorrect integrity when fetching from the cache for "vite". Cache has "sha512-m7jJe3nufUbuOfotkntGFupinL/fmuTNuQmiVE7cH2IZMuf4UbfbGYMUT3jVWgGYuRVLY9j8NnrRqgw5rr5QTg== sha1-+ikUQWfRm3c7r/1ls5cupMEjWck=" and remote has "sha512-asdfasdf". Run `yarn cache clean` to fix the problem

cli/npm/resolution.rs Outdated Show resolved Hide resolved
cli/npm/resolution.rs Outdated Show resolved Hide resolved
cli/proc_state.rs Outdated Show resolved Hide resolved
cli/proc_state.rs Outdated Show resolved Hide resolved
dsherret
dsherret reviewed Oct 25, 2022
View reviewed changes
cli/proc_state.rs Outdated Show resolved Hide resolved
dsherret
dsherret reviewed Oct 25, 2022
View reviewed changes
cli/lockfile.rs Outdated Show resolved Hide resolved
dsherret
dsherret approved these changes Oct 25, 2022
View reviewed changes
Copy link
Member

@dsherret dsherret left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

cli/lockfile.rs Show resolved Hide resolved
cli/lockfile.rs Outdated
Resolved to \"{}@{}\" and lockfile expects \"{}\".
Use \"--lock-write\" flag to update the lockfile.",
package_req.name, package_req.name, version, resolved_specifier
)));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this would ever occur because the resolution should be informed by the lockfile and it seems there's no test for this. Maybe we should remove this function?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I'm going to remove it then.

cli/proc_state.rs Outdated Show resolved Hide resolved
@bartlomieju bartlomieju merged commit 9835b09 into denoland:main Oct 25, 2022
@bartlomieju bartlomieju deleted the lock_file_npm branch October 25, 2022 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dsherret dsherret dsherret approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.27
Development

Successfully merging this pull request may close these issues.

Lockfile support for experimental npm specifiers
2 participants
@bartlomieju @dsherret