Skip to content

fix(assembly): preserve pnpm workspace lockfile dependencies#803

Merged
mstykow merged 3 commits intomainfrom
verify/pnpm-parser
Apr 27, 2026
Merged

fix(assembly): preserve pnpm workspace lockfile dependencies#803
mstykow merged 3 commits intomainfrom
verify/pnpm-parser

Conversation

@mstykow
Copy link
Copy Markdown
Owner

@mstykow mstykow commented Apr 27, 2026
edited
Loading

Summary

  • Preserve sibling lockfile dependency hoisting when npm/pnpm workspace members are reassembled.
  • Preserve shared workspace-root lockfile dependencies even without a root package manifest, and stop removing workspace roots by shared PURL alone.
  • Normalize npm workspace lockfile path keys such as packages/foo back to linked package names instead of emitting path-derived npm PURLs.
  • Add a pnpm/pnpm benchmark checkpoint from .provenant/compare-runs/20260427T175225Z-pnpm-87511 and refresh the benchmark chart.

Issues

  • Covers:
  • Closes:

Scope and exclusions

  • Included:
    • src/assembly/npm_workspace_merge.rs
    • src/parsers/npm_lock.rs
    • src/parsers/npm_lock_test.rs
    • src/parsers/npm_scan_test.rs
    • docs/BENCHMARKS.md
    • docs/benchmarks/scan-duration-vs-files.svg
  • Explicit exclusions:
    • No scorecard row changes.
    • No golden expected file updates.

Intentional differences from Python

  • Keep URL-safe encoding for path-shaped lockfile metadata while preferring real linked package names over raw workspace path keys in npm lockfile-derived dependency identities.

Follow-up work

  • Created or intentionally deferred:
    • None.

Expected-output fixture changes

  • Files changed: none.
  • Why the new expected output is correct: focused npm and pnpm workspace regression tests plus the targeted test_assembly_npm_workspace, test_assembly_pnpm_workspace, and pnpm_lock goldens all passed without requiring fixture refreshes.

mstykow and others added 3 commits April 27, 2026 20:03
@mstykow @sisyphus-dev-ai
fix(assembly): preserve workspace lockfile dependencies
438ad3b 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Signed-off-by: Maxim Stykow <maxim.stykow@gmail.com>
@mstykow @sisyphus-dev-ai
docs(benchmarks): add pnpm verification checkpoint
0f1e62c 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Signed-off-by: Maxim Stykow <maxim.stykow@gmail.com>
@mstykow @sisyphus-dev-ai
fix(parsers): normalize npm workspace path dependencies
f86b474 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Signed-off-by: Maxim Stykow <maxim.stykow@gmail.com>
@mstykow mstykow enabled auto-merge (rebase) April 27, 2026 19:51
@mstykow mstykow disabled auto-merge April 27, 2026 19:51
@mstykow mstykow merged commit 48c7bb0 into main Apr 27, 2026
15 checks passed
@mstykow mstykow deleted the verify/pnpm-parser branch April 27, 2026 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mstykow