1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
const { resolve, basename } = require('path')
const util = require('util')
const fs = require('fs')
const { unlink } = fs.promises || { unlink: util.promisify(fs.unlink) }
const Arborist = require('@npmcli/arborist')
const log = require('npmlog')
const BaseCommand = require('./base-command.js')
class Shrinkwrap extends BaseCommand {
/* istanbul ignore next - see test/lib/load-all-commands.js */
static get description () {
return 'Lock down dependency versions for publication'
}
/* istanbul ignore next - see test/lib/load-all-commands.js */
static get name () {
return 'shrinkwrap'
}
exec (args, cb) {
this.shrinkwrap().then(() => cb()).catch(cb)
}
async shrinkwrap () {
// if has a npm-shrinkwrap.json, nothing to do
// if has a package-lock.json, rename to npm-shrinkwrap.json
// if has neither, load the actual tree and save that as npm-shrinkwrap.json
// in all cases, re-cast to current lockfile version
//
// loadVirtual, fall back to loadActual
// rename shrinkwrap file type, and tree.meta.save()
if (this.npm.config.get('global')) {
const er = new Error('`npm shrinkwrap` does not work for global packages')
er.code = 'ESHRINKWRAPGLOBAL'
throw er
}
const path = this.npm.prefix
const sw = resolve(path, 'npm-shrinkwrap.json')
const arb = new Arborist({ ...this.npm.flatOptions, path })
const tree = await arb.loadVirtual().catch(() => arb.loadActual())
const { meta } = tree
const newFile = meta.hiddenLockfile || !meta.loadedFromDisk
const oldFilename = meta.filename
const notSW = !newFile && basename(oldFilename) !== 'npm-shrinkwrap.json'
meta.hiddenLockfile = false
meta.filename = sw
await meta.save()
if (newFile)
log.notice('', 'created a lockfile as npm-shrinkwrap.json')
else if (notSW) {
await unlink(oldFilename)
log.notice('', 'package-lock.json has been renamed to npm-shrinkwrap.json')
} else if (meta.originalLockfileVersion !== this.npm.lockfileVersion)
log.notice('', `npm-shrinkwrap.json updated to version ${this.npm.lockfileVersion}`)
else
log.notice('', 'npm-shrinkwrap.json up to date')
}
}
module.exports = Shrinkwrap
|