do not save absolute paths in shrinkwraps ever

npm · Dec 4, 2020 · c329d99 · c329d99
1 parent f2ec4b0
commit c329d99
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 2 deletions.
diff --git a/lib/shrinkwrap.js b/lib/shrinkwrap.js
@@ -879,8 +879,17 @@ class Shrinkwrap {
           // omit peer deps from legacy lockfile requires field, because
           // npm v6 doesn't handle peer deps, and this triggers some bad
           // behavior if the dep can't be found in the dependencies list.
-          if (!v.peer)
-            set[k] = v.spec
+          const { spec, peer } = v
+          if (peer)
+            return set
+          if (spec.startsWith('file:')) {
+            // turn absolute file: paths into relative paths from the node
+            // this especially shows up with workspace edges when the root
+            // node is also a workspace in the set.
+            const p = resolve(node.realpath, spec.substr('file:'.length))
+            set[k] = `file:${relpath(node.realpath, p)}`
+          } else
+            set[k] = spec
           return set
         }, {})
       } else

diff --git a/tap-snapshots/test-arborist-reify.js-TAP.test.js b/tap-snapshots/test-arborist-reify.js-TAP.test.js
@@ -46018,17 +46018,84 @@ Object {
 
 exports[`test/arborist/reify.js TAP workspaces root as-a-workspace > should produce expected package-lock file 1`] = `
 Object {
+  "dependencies": Object {
+    "a": Object {
+      "requires": Object {
+        "abbrev": "^1.0.0",
+      },
+      "version": "file:a",
+    },
+    "abbrev": Object {
+      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
+      "version": "1.1.1",
+    },
+    "b": Object {
+      "version": "file:b",
+    },
+    "workspaces-root-linked": Object {
+      "dependencies": Object {
+        "a": Object {
+          "requires": Object {
+            "abbrev": "^1.0.0",
+          },
+          "version": "file:a",
+        },
+        "abbrev": Object {
+          "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+          "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
+          "version": "1.1.1",
+        },
+        "b": Object {
+          "version": "file:b",
+        },
+      },
+      "requires": Object {
+        "a": "file:a",
+        "b": "file:b",
+        "workspaces-root-linked": "file:",
+      },
+      "version": "file:",
+    },
+  },
   "lockfileVersion": 2,
   "name": "workspaces-root-linked",
   "packages": Object {
     "": Object {
+      "name": "workspaces-root-linked",
       "version": "1.0.0",
       "workspaces": Array [
         ".",
         "a",
         "b",
       ],
     },
+    "a": Object {
+      "dependencies": Object {
+        "abbrev": "^1.0.0",
+      },
+      "version": "1.0.0",
+    },
+    "b": Object {
+      "version": "1.0.0",
+    },
+    "node_modules/a": Object {
+      "link": true,
+      "resolved": "a",
+    },
+    "node_modules/abbrev": Object {
+      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
+      "version": "1.1.1",
+    },
+    "node_modules/b": Object {
+      "link": true,
+      "resolved": "b",
+    },
+    "node_modules/workspaces-root-linked": Object {
+      "link": true,
+      "resolved": "",
+    },
   },
   "requires": true,
   "version": "1.0.0",