Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix the detection of invalid version

Modify the condition checking whether a dependency version satisfies
the range required in package.json, so that 'latest' is always
considered as valid.
  • Loading branch information...
commit d2956400e0386931c926e0f30c334840e0938f14 1 parent 6a0a96e
@bajtos bajtos authored isaacs committed
View
6 read-installed.js
@@ -174,7 +174,7 @@ function readInstalled_ (folder, parent, name, reqver, depth, maxDepth, dev, cb)
obj.realName = name || obj.name
obj.dependencies = obj.dependencies || {}
- // "foo":"http://blah" is always presumed valid
+ // "foo":"http://blah" and "foo":"latest" are always presumed valid
if (reqver
&& semver.validRange(reqver, true)
&& !semver.satisfies(obj.version, reqver, true)) {
@@ -283,9 +283,9 @@ function findUnmet (obj, log) {
r = r.link ? null : r.parent
continue
}
+ // "foo":"http://blah" and "foo":"latest" are always presumed valid
if ( typeof deps[d] === "string"
- // url deps presumed innocent.
- && !url.parse(deps[d]).protocol
+ && semver.validRange(deps[d], true)
&& !semver.satisfies(found.version, deps[d], true)) {
// the bad thing will happen
log("unmet dependency", obj.path + " requires "+d+"@'"+deps[d]
View
7 test/fixtures/peer-at-latest/node_modules/debug/package.json
@@ -0,0 +1,7 @@
+{
+ "name": "debug",
+ "version": "0.7.4",
+ "dependencies": {},
+ "_id": "debug@0.7.4",
+ "_from": "debug@latest"
+}
View
10 test/fixtures/peer-at-latest/node_modules/strong-task-emitter/package.json
@@ -0,0 +1,10 @@
+{
+ "name": "strong-task-emitter",
+ "version": "0.0.4",
+ "dependencies": {
+ "debug": "latest"
+ },
+ "_id": "strong-task-emitter@0.0.4",
+ "_from": "strong-task-emitter@0.0.4",
+ "_resolved": "https://registry.npmjs.org/strong-task-emitter/-/strong-task-emitter-0.0.4.tgz"
+}
View
14 test/peer-dep-at-latest.js
@@ -0,0 +1,14 @@
+var readInstalled = require('../read-installed.js')
+var test = require('tap').test
+var path = require('path');
+
+test('"latest" version is valid', function(t) {
+ // This test verifies npm#3860
+ readInstalled(
+ path.join(__dirname, 'fixtures/peer-at-latest'),
+ { log: console.error },
+ function(err, map) {
+ t.notOk(map.dependencies.debug.invalid, 'debug@latest is satisfied by a peer')
+ t.end()
+ })
+})
Please sign in to comment.
Something went wrong with that request. Please try again.