fix(arborist): skip engine validation for omitted dependencies#9145
Open
Max1mus5 wants to merge 2 commits intonpm:latestfrom
Open
fix(arborist): skip engine validation for omitted dependencies#9145Max1mus5 wants to merge 2 commits intonpm:latestfrom
Max1mus5 wants to merge 2 commits intonpm:latestfrom
Conversation
Problem: Running `npm install --omit=dev --engine-strict` crashes with EBADENGINE when a devDependency declares incompatible engine requirements. The engine/platform check in `#checkEngineAndPlatform` only skipped optional deps, not deps excluded via the --omit flag. Additionally, the logic determining whether a node should be omitted was duplicated across three modules (build-ideal-tree, reify, audit-report). Solution: Centralize the omit-matching logic into a stateless `Node.shouldOmit(omitSet)` predicate and call it from all three consumers. The method accepts both Set and Array inputs, caches nothing on the node, and documents the devOptional semantics: a node in the overlap of the dev and optional trees is only omitted when both 'dev' and 'optional' are in the set. - build-ideal-tree: gate engine/platform checks on shouldOmit - reify: replace #omitDev/#omitPeer/#omitOptional with single #omitSet - audit-report: replace inline logic in shouldAudit with shouldOmit - package.json: pin all dependency versions to exact ranges - tests: unit tests for shouldOmit (boundary, coercion, statelessness) and integration tests for the engine-strict + omit-dev scenario Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
npm install --omit=dev --engine-strictcrashes withEBADENGINEwhen a devDependency declares incompatible engine requirements. The engine/platform check only skippedoptionaldeps, not deps excluded via--omit.Node.shouldOmit(omitSet)predicate on the base Node class and call it frombuild-ideal-tree,reify, andaudit-report. The method accepts bothSetandArrayinputs, caches nothing on the node, and correctly handlesdevOptionalnodes (omitted only when bothdevandoptionalare in the set).#omitDev/#omitPeer/#omitOptionalprivate fields fromreify.jsin favor of a single#omitSet. Pin all@npmcli/arboristdependency versions to exact ranges.Test plan
test/node.js— 8 subtests forshouldOmit: boundary (null/undefined/empty), per-type (dev/optional/peer),devOptional(6 combinations proving the both-required rule), array coercion, and statelessness across sequential callstest/arborist/build-ideal-tree.js— 2 new integration tests: omitted dev dep skips engine check; non-omitted dev dep still throwsEBADENGINEtest/audit-report.js— full 20-test suite passes (refactor regression)test/arborist/reify.js— omit-related tests pass (refactor regression)🤖 Generated with Claude Code