Skip to content

Commit 7edf8a2

Browse files
jdaltonjdalton
committed
Update OverrideSet#getEdgeRule method to align with npm/cli#7025 
1 parent 1b66227 commit 7edf8a2

File tree

2 files changed

+50
-1
lines changed

2 files changed

+50
-1
lines changed

package-lock.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/shadow/arborist.ts

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ import config from '@socketsecurity/config'
1010
import chalk from 'chalk'
1111
import isInteractive from 'is-interactive'
1212
import ora, { spinners } from 'ora'
13+
import npmPackageArg from 'npm-package-arg'
14+
import semver from 'semver'
1315

1416
import { API_V0_URL, ENV } from '../constants'
1517
import { createTTYServer } from './tty-server'
@@ -31,6 +33,7 @@ import type {
3133
Options as ArboristOptions
3234
} from '@npmcli/arborist'
3335
import type { Options as OraOptions } from 'ora'
36+
import type { AliasResult, RegistryResult } from 'npm-package-arg'
3437

3538
type ArboristClass = typeof BaseArborist & {
3639
new (...args: any): typeof BaseArborist
@@ -1032,6 +1035,52 @@ class SafeOverrideSet extends OverrideSet {
10321035
return true
10331036
}
10341037

1038+
override getEdgeRule(edge: SafeEdge): OverrideSetClass {
1039+
for (const rule of this.ruleset.values()) {
1040+
if (rule.name !== edge.name) {
1041+
continue
1042+
}
1043+
// If keySpec is * we found our override.
1044+
if (rule.keySpec === '*') {
1045+
return rule
1046+
}
1047+
// Patch replacing
1048+
// let spec = npa(`${edge.name}@${edge.spec}`)
1049+
// is based on https://github.com/npm/cli/pull/7025.
1050+
//
1051+
// We need to use the rawSpec here, because the spec has the overrides
1052+
// applied to it already.
1053+
let spec = npmPackageArg(`${edge.name}@${edge.rawSpec}`)
1054+
if (spec.type === 'alias') {
1055+
spec = (<AliasResult>spec).subSpec
1056+
}
1057+
if (spec.type === 'git') {
1058+
if (
1059+
spec.gitRange &&
1060+
rule.keySpec &&
1061+
semver.intersects(spec.gitRange, rule.keySpec)
1062+
) {
1063+
return rule
1064+
}
1065+
continue
1066+
}
1067+
if (spec.type === 'range' || spec.type === 'version') {
1068+
if (
1069+
rule.keySpec &&
1070+
semver.intersects((<RegistryResult>spec).fetchSpec, rule.keySpec)
1071+
) {
1072+
return rule
1073+
}
1074+
continue
1075+
}
1076+
// If we got this far, the spec type is one of tag, directory or file
1077+
// which means we have no real way to make version comparisons, so we
1078+
// just accept the override.
1079+
return rule
1080+
}
1081+
return this
1082+
}
1083+
10351084
// Patch adding isEqual is based on
10361085
// https://github.com/npm/cli/pull/7025.
10371086
override isEqual(otherOverrideSet: OverrideSetClass | undefined) {

0 commit comments

Comments
 (0)