fix(outdated): on project with shared shrinkwrap and direct peers

packages/outdated/src/index.ts

@@ -156,15 +156,20 @@ async function _outdated (
             throw new Error(`Invalid shrinkwrap.yaml file. ${relativeDepPath} not found in packages field`)
           }
 
+          const currentRef = currentShrinkwrap.importers[importerId][depType][packageName]
+          const currentRelative = currentRef && dp.refToRelative(currentRef, packageName)
+          const current = currentRelative && dp.parse(currentRelative).version || currentRef
+          const wanted = dp.parse(relativeDepPath).version || ref
+
           // It might be not the best solution to check for pkgSnapshot.name
           // TODO: add some other field to distinct packages not from the registry
           if (pkgSnapshot.resolution && (pkgSnapshot.resolution['type'] || pkgSnapshot.name)) { // tslint:disable-line:no-string-literal
-            if (currentShrinkwrap.importers[importerId][depType][packageName] !== wantedShrinkwrap.importers[importerId][depType]![packageName]) {
+            if (current !== wanted) {
               outdated.push({
-                current: currentShrinkwrap.importers[importerId][depType]![packageName],
+                current,
                 latest: undefined,
                 packageName,
-                wanted: wantedShrinkwrap.importers[importerId][depType]![packageName],
+                wanted,
               })
             }
             return
@@ -180,22 +185,21 @@ async function _outdated (
 
           const latest = resolution.latest
 
-          if (!currentShrinkwrap.importers[importerId][depType][packageName]) {
+          if (!current) {
             outdated.push({
               latest,
               packageName,
-              wanted: wantedShrinkwrap.importers[importerId][depType]![packageName],
+              wanted,
             })
             return
           }
 
-          if (currentShrinkwrap.importers[importerId][depType][packageName] !== wantedShrinkwrap.importers[importerId][depType]![packageName] ||
-            latest !== currentShrinkwrap.importers[importerId][depType][packageName]) {
+          if (current !== wanted || latest !== current) {
             outdated.push({
-              current: currentShrinkwrap.importers[importerId][depType][packageName],
+              current,
               latest,
               packageName,
-              wanted: wantedShrinkwrap.importers[importerId][depType]![packageName],
+              wanted,
             })
           }
         }),

packages/outdated/test/fixtures/package-with-external-shrinkwrap/.gitignore

@@ -0,0 +1 @@
+!node_modules

packages/outdated/test/fixtures/package-with-external-shrinkwrap/package/.gitignore

@@ -0,0 +1 @@
+node_modules

packages/outdated/test/fixtures/package-with-external-shrinkwrap/package/.npmrc

@@ -0,0 +1 @@
+shrinkwrap-directory=..

packages/outdated/test/fixtures/package-with-external-shrinkwrap/package/package.json

@@ -0,0 +1,8 @@
+{
+  "name": "package",
+  "version": "0.0.0",
+  "dependencies": {
+    "ajv-keywords": "3.2.0",
+    "ajv": "6.5.4"
+  }
+}

packages/outdated/test/fixtures/package-with-external-shrinkwrap/shrinkwrap.yaml

@@ -0,0 +1,52 @@
+importers:
+  package:
+    dependencies:
+      ajv: 6.5.4
+      ajv-keywords: /ajv-keywords/3.2.0/ajv@6.5.4
+    specifiers:
+      ajv: 6.5.4
+      ajv-keywords: 3.2.0
+packages:
+  /ajv-keywords/3.2.0/ajv@6.5.4:
+    dependencies:
+      ajv: 6.5.4
+    dev: false
+    id: registry.npmjs.org/ajv-keywords/3.2.0
+    peerDependencies:
+      ajv: ^6.0.0
+    resolution:
+      integrity: sha1-6GuBnGAs+IIa1jdBNpjx3sAhhHo=
+  /ajv/6.5.4:
+    dependencies:
+      fast-deep-equal: 2.0.1
+      fast-json-stable-stringify: 2.0.0
+      json-schema-traverse: 0.4.1
+      uri-js: 4.2.2
+    dev: false
+    resolution:
+      integrity: sha512-4Wyjt8+t6YszqaXnLDfMmG/8AlO5Zbcsy3ATHncCzjW/NoPzAId8AK6749Ybjmdt+kUY1gP60fCu46oDxPv/mg==
+  /fast-deep-equal/2.0.1:
+    dev: false
+    resolution:
+      integrity: sha1-ewUhjd+WZ79/Nwv3/bLLFf3Qqkk=
+  /fast-json-stable-stringify/2.0.0:
+    dev: false
+    resolution:
+      integrity: sha1-1RQsDK7msRifh9OnYREGT4bIu/I=
+  /json-schema-traverse/0.4.1:
+    dev: false
+    resolution:
+      integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==
+  /punycode/2.1.1:
+    dev: false
+    engines:
+      node: '>=6'
+    resolution:
+      integrity: sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
+  /uri-js/4.2.2:
+    dependencies:
+      punycode: 2.1.1
+    dev: false
+    resolution:
+      integrity: sha512-KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==
+shrinkwrapVersion: 4

packages/outdated/test/index.ts

@@ -140,3 +140,13 @@ test('outdated() on package that has one outdated dev dependency', async (t) =>
   ])
   t.end()
 })
+
+// NOTE: this test is unstable. It will fail if a new version of ajv will be released!
+test('outdated() on a package that has external shrinkwrap file and direct dependencies with resolved peers', async (t) => {
+  const outdatedPkgs = await outdated('package-with-external-shrinkwrap/package', {
+    ...outdatedOpts,
+    shrinkwrapDirectory: path.resolve('package-with-external-shrinkwrap'),
+  })
+  t.deepEqual(outdatedPkgs, [])
+  t.end()
+})