fix: yarn getPeerDependencies doesnt work on private reporsitories wh… #1471
Conversation
…en credentials are only set for yarn and not npm raineorshine#1470
| @@ -26,8 +26,8 @@ describe('npm', function () { | |||
| }) | |||
|
|
|||
| it('getPeerDependencies', async () => { | |||
| await npm.getPeerDependencies('ncu-test-return-version', '1.0').should.eventually.deep.equal({}) | |||
| await npm.getPeerDependencies('ncu-test-peer', '1.0').should.eventually.deep.equal({ | |||
| await npm.getPeerDependencies('ncu-test-return-version', '1.0.0').should.eventually.deep.equal({}) | |||
There was a problem hiding this comment.
@raineorshine as far as I understand, this method will only be called with specific versions.
If that is not the case, please let me know as the yarn version doesn't support specs currently
There was a problem hiding this comment.
getPeerDependenciesFromRegistry is presumed to only get exact versions numbers:
However, runLocal incorrectly passes a version spec:
npm-check-updates/src/lib/runLocal.ts
Line 195 in 264b7e6
I'm not actually sure what npm's behavior is when given a spec. Does it get the peer dependencies at the bottom of the range? Top of the range?
Open to your suggestion of how to best handle this. There is some risk of regression if we change runLocal to pass an exact version. If just limited the conversion to just yarn that would limit the surface area of the change, at the expense of some consistency.
There was a problem hiding this comment.
From docs at https://docs.npmjs.com/cli/v7/commands/npm-view
If the version range matches multiple versions then each printed value will be prefixed with the version it applies to.
Running this locally with the json flag returns many json objects, for each version in the spec.
Running it in the code, this returns an array.
In case the sepc is only resolved to a single version (like in the test) this will work as it will not return an array.
So seems like this should not work at all if it is given a spec that resolves to multiple versions (but it will not fail)
I think that we need to fix the runLocal behaviour, thoughts?
There was a problem hiding this comment.
yarn v2 works by giving latest version of the spec
we can make the same behavior for npm where we take the last element from the array, if such exists
the issue lies with yarn v1 which doesn't support spec at all. Let me check if that can be handled
There was a problem hiding this comment.
Ah, never mind. It was staring me right in the face; it already converts to minVersion of the range, that's why it works. We don't need to change anything.
npm-check-updates/src/lib/runLocal.ts
Line 201 in 264b7e6
The behavior is indeterminate of the spec is not a valid version range, but there's no need to address that at this point.
There was a problem hiding this comment.
I see but we have that in another place:
Which as far as I understand does provide a spec. Should I fix that with same mechanism of minVersion?
There was a problem hiding this comment.
Yes! Good catch.
I jumped the gun. Was trying to get it merged before my lunch break 😁
There was a problem hiding this comment.
haha Ok on it in another PR
|
@raineorshine would appreciate your review :-) |
…en credentials are only set for yarn and not npm
fix: #1470