summaryrefslogtreecommitdiff
path: root/deps/npm/lib/install/read-shrinkwrap.js
blob: 913c303482a59669b1b0f3de661a06a1ad5edf86 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

'use strict'

const BB = require('bluebird')

const fs = require('graceful-fs')
const iferr = require('iferr')
const inflateShrinkwrap = require('./inflate-shrinkwrap.js')
const log = require('npmlog')
const parseJSON = require('../utils/parse-json.js')
const path = require('path')
const PKGLOCK_VERSION = require('../npm.js').lockfileVersion
const pkgSri = require('../utils/package-integrity.js')

const readFileAsync = BB.promisify(fs.readFile)

module.exports = readShrinkwrap
function readShrinkwrap (child, next) {
  if (child.package._shrinkwrap) return process.nextTick(next)
  BB.join(
    maybeReadFile('npm-shrinkwrap.json', child),
    // Don't read non-root lockfiles
    child.isTop && maybeReadFile('package-lock.json', child),
    child.isTop && maybeReadFile('package.json', child),
    (shrinkwrap, lockfile, pkgJson) => {
      if (shrinkwrap && lockfile) {
        log.warn('read-shrinkwrap', 'Ignoring package-lock.json because there is already an npm-shrinkwrap.json. Please use only one of the two.')
      }
      const name = shrinkwrap ? 'npm-shrinkwrap.json' : 'package-lock.json'
      let parsed = null
      if (shrinkwrap || lockfile) {
        try {
          parsed = parseJSON(shrinkwrap || lockfile)
        } catch (ex) {
          throw ex
        }
      }
      if (
        pkgJson &&
        parsed &&
        parsed.packageIntegrity &&
        !pkgSri.check(JSON.parse(pkgJson), parsed.packageIntegrity)
      ) {
        log.info('read-shrinkwrap', `${name} will be updated because package.json does not match what it was generated against.`)
      }
      if (parsed && parsed.lockfileVersion !== PKGLOCK_VERSION) {
        log.warn('read-shrinkwrap', `This version of npm is compatible with lockfileVersion@${PKGLOCK_VERSION}, but ${name} was generated for lockfileVersion@${parsed.lockfileVersion || 0}. I'll try to do my best with it!`)
      }
      child.package._shrinkwrap = parsed
    }
  ).then(() => next(), next)
}

function maybeReadFile (name, child) {
  return readFileAsync(
    path.join(child.path, name)
  ).catch({code: 'ENOENT'}, () => null)
}

module.exports.andInflate = function (child, next) {
  readShrinkwrap(child, iferr(next, function () {
    if (child.package._shrinkwrap) {
      return inflateShrinkwrap(child, child.package._shrinkwrap.dependencies || {}, next)
    } else {
      return next()
    }
  }))
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-21 23:16:21 +0000