fix: bundledDependencies field is not always respected (#7411) (#7412)

* fix: check for both bundleDependencies and bundledDependencies (#7411)

update to code that didn't correctly check both bundleDependencies and bundledDependencies

* fix: support boolean value for bundleDependencies (#7411)

fix so that a 'true' value in the bundleDependencies field is correctly interpreted
(as meaning all dependencies are bundled)

close  #7411

* fix: allow saving of boolean bundledDependencies values

updates prior fix to allow saving booleans to bundledDependencies field.

* fix: add test coverage for bundledDependencies fixes (#7411)

add local tarball test and bundledDependencies=true test
update existing tests to confirm that bundled dependencies aren't installed

* fix: update registry-mock

* docs: update changeset

* fix: update bundleDependencies tests

* Revert "fix: update registry-mock"

This reverts commit 0c4b7ede21.

* Revert "Revert "fix: update registry-mock""

This reverts commit 9828dfce91.

* test: update integrities in test lockfiles

* test: retry twice

* test: move bundle deps test to separate file

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>

.changeset/olive-files-admire.md

@@ -0,0 +1,8 @@
+---
+"@pnpm/resolve-dependencies": patch
+"@pnpm/lockfile-types": patch
+"@pnpm/types": patch
+"pnpm": patch
+---
+
+Added support for boolean values in 'bundleDependencies' package.json fields when installing a dependency. Fix to properly handle 'bundledDependencies' alias [#7411](https://github.com/pnpm/pnpm/issues/7411).

lockfile/lockfile-types/src/index.ts

@@ -116,7 +116,7 @@ export interface PackageSnapshot {
     }
   }
   transitivePeerDependencies?: string[]
-  bundledDependencies?: string[]
+  bundledDependencies?: string[] | boolean
   engines?: Record<string, string> & {
     node: string
   }

packages/types/src/package.ts

@@ -82,8 +82,8 @@ export interface BaseManifest {
   peerDependencies?: Dependencies
   peerDependenciesMeta?: PeerDependenciesMeta
   dependenciesMeta?: DependenciesMeta
-  bundleDependencies?: string[]
-  bundledDependencies?: string[]
+  bundleDependencies?: string[] | boolean
+  bundledDependencies?: string[] | boolean
   homepage?: string
   repository?: string | { url: string }
   scripts?: PackageScripts

pkg-manager/core/test/install/bundledDependencies.ts

@@ -0,0 +1,101 @@
+import { prepareEmpty } from '@pnpm/prepare'
+import { fixtures } from '@pnpm/test-fixtures'
+import { addDependenciesToPackage } from '@pnpm/core'
+import { testDefaults } from '../utils'
+
+const f = fixtures(__dirname)
+
+test('bundledDependencies (pkg-with-bundled-dependencies@1.0.0)', async () => {
+  const project = prepareEmpty()
+
+  await addDependenciesToPackage({}, ['@pnpm.e2e/pkg-with-bundled-dependencies@1.0.0'], await testDefaults({ fastUnpack: false }))
+
+  await project.isExecutable('@pnpm.e2e/pkg-with-bundled-dependencies/node_modules/.bin/hello-world-js-bin')
+
+  const lockfile = await project.readLockfile()
+  expect(
+    lockfile.packages['/@pnpm.e2e/pkg-with-bundled-dependencies@1.0.0'].bundledDependencies
+  ).toStrictEqual(
+    ['@pnpm.e2e/hello-world-js-bin']
+  )
+
+  expect(
+    lockfile.packages['/@pnpm.e2e/hello-world-js-bin@1.0.0']
+  ).toBeUndefined()
+})
+
+// covers https://github.com/pnpm/pnpm/issues/7411
+test('local tarball with bundledDependencies', async () => {
+  const project = prepareEmpty()
+
+  f.copy('pkg-with-bundled-dependencies/pkg-with-bundled-dependencies-1.0.0.tgz', 'pkg.tgz')
+  await addDependenciesToPackage({}, ['file:pkg.tgz'], await testDefaults({ fastUnpack: false }))
+
+  const lockfile = await project.readLockfile()
+  expect(
+    lockfile.packages['file:pkg.tgz'].bundledDependencies
+  ).toStrictEqual(
+    ['@pnpm.e2e/hello-world-js-bin']
+  )
+  expect(
+    lockfile.packages['/@pnpm.e2e/hello-world-js-bin@1.0.0']
+  ).toBeUndefined()
+})
+
+test('local tarball with bundledDependencies true', async () => {
+  const project = prepareEmpty()
+
+  f.copy('pkg-with-bundle-dependencies-true/pkg-with-bundle-dependencies-true-1.0.0.tgz', 'pkg.tgz')
+  await addDependenciesToPackage({}, ['file:pkg.tgz'], await testDefaults({ fastUnpack: false }))
+
+  const lockfile = await project.readLockfile()
+  expect(
+    lockfile.packages['file:pkg.tgz'].bundledDependencies
+  ).toStrictEqual(
+    true
+  )
+  expect(
+    lockfile.packages['/@pnpm.e2e/hello-world-js-bin@1.0.0']
+  ).toBeUndefined()
+})
+
+test('bundleDependencies (pkg-with-bundle-dependencies@1.0.0)', async () => {
+  const project = prepareEmpty()
+
+  await addDependenciesToPackage({}, ['@pnpm.e2e/pkg-with-bundle-dependencies@1.0.0'], await testDefaults({ fastUnpack: false }))
+
+  await project.isExecutable('@pnpm.e2e/pkg-with-bundle-dependencies/node_modules/.bin/hello-world-js-bin')
+
+  const lockfile = await project.readLockfile()
+  expect(
+    lockfile.packages['/@pnpm.e2e/pkg-with-bundle-dependencies@1.0.0'].bundledDependencies
+  ).toStrictEqual(
+    ['@pnpm.e2e/hello-world-js-bin']
+  )
+  expect(
+    lockfile.packages['/@pnpm.e2e/hello-world-js-bin@1.0.0']
+  ).toBeUndefined()
+})
+
+test('installing a package with bundleDependencies set to false (pkg-with-bundle-dependencies-false)', async () => {
+  const project = prepareEmpty()
+
+  await addDependenciesToPackage({}, ['@pnpm.e2e/pkg-with-bundle-dependencies-false'], await testDefaults({ fastUnpack: false }))
+
+  const lockfile = await project.readLockfile()
+  expect(
+    typeof lockfile.packages['/@pnpm.e2e/pkg-with-bundle-dependencies-false@1.0.0'].bundledDependencies
+  ).toEqual('undefined')
+})
+
+test('installing a package with bundleDependencies set to true (pkg-with-bundle-dependencies-true)', async () => {
+  const project = prepareEmpty()
+
+  await addDependenciesToPackage({}, ['@pnpm.e2e/pkg-with-bundle-dependencies-true@1.0.0'], await testDefaults({ fastUnpack: false }))
+
+  const lockfile = await project.readLockfile()
+
+  expect(
+    lockfile.packages['/@pnpm.e2e/hello-world-js-bin@1.0.0']
+  ).toBeUndefined()
+})

pkg-manager/core/test/install/misc.ts

@@ -510,47 +510,6 @@ test('big with dependencies and circular deps (babel-preset-2015)', async () =>
   expect(typeof m).toEqual('object')
 })
 
-test('bundledDependencies (pkg-with-bundled-dependencies@1.0.0)', async () => {
-  const project = prepareEmpty()
-
-  await addDependenciesToPackage({}, ['@pnpm.e2e/pkg-with-bundled-dependencies@1.0.0'], await testDefaults({ fastUnpack: false }))
-
-  await project.isExecutable('@pnpm.e2e/pkg-with-bundled-dependencies/node_modules/.bin/hello-world-js-bin')
-
-  const lockfile = await project.readLockfile()
-  expect(
-    lockfile.packages['/@pnpm.e2e/pkg-with-bundled-dependencies@1.0.0'].bundledDependencies
-  ).toStrictEqual(
-    ['@pnpm.e2e/hello-world-js-bin']
-  )
-})
-
-test('bundleDependencies (pkg-with-bundle-dependencies@1.0.0)', async () => {
-  const project = prepareEmpty()
-
-  await addDependenciesToPackage({}, ['@pnpm.e2e/pkg-with-bundle-dependencies@1.0.0'], await testDefaults({ fastUnpack: false }))
-
-  await project.isExecutable('@pnpm.e2e/pkg-with-bundle-dependencies/node_modules/.bin/hello-world-js-bin')
-
-  const lockfile = await project.readLockfile()
-  expect(
-    lockfile.packages['/@pnpm.e2e/pkg-with-bundle-dependencies@1.0.0'].bundledDependencies
-  ).toStrictEqual(
-    ['@pnpm.e2e/hello-world-js-bin']
-  )
-})
-
-test('installing a package with bundleDependencies set to false (pkg-with-bundle-dependencies-false)', async () => {
-  const project = prepareEmpty()
-
-  await addDependenciesToPackage({}, ['@pnpm.e2e/pkg-with-bundle-dependencies-false'], await testDefaults({ fastUnpack: false }))
-
-  const lockfile = await project.readLockfile()
-  expect(
-    typeof lockfile.packages['/@pnpm.e2e/pkg-with-bundle-dependencies-false@1.0.0'].bundledDependencies
-  ).toEqual('undefined')
-})
-
 test('compiled modules (ursa@0.9.1)', async () => {
   // TODO: fix this for Node.js v7
   if (!isCI || IS_WINDOWS || semver.satisfies(process.version, '>=7.0.0')) {

pkg-manager/resolve-dependencies/src/getNonDevWantedDependencies.ts

@@ -9,8 +9,11 @@ export interface WantedDependency {
   injected?: boolean
 }
 
-export function getNonDevWantedDependencies (pkg: Pick<DependencyManifest, 'bundleDependencies' | 'optionalDependencies' | 'dependencies' | 'dependenciesMeta'>) {
-  const bd = pkg.bundleDependencies ?? pkg.bundleDependencies
+export function getNonDevWantedDependencies (pkg: Pick<DependencyManifest, 'bundleDependencies' | 'bundledDependencies' | 'optionalDependencies' | 'dependencies' | 'dependenciesMeta'>) {
+  let bd = pkg.bundledDependencies ?? pkg.bundleDependencies
+  if (bd === true) {
+    bd = pkg.dependencies != null ? Object.keys(pkg.dependencies) : []
+  }
   const bundledDeps = new Set(Array.isArray(bd) ? bd : [])
   const filterDeps = getNotBundledDeps.bind(null, bundledDeps)
   return getWantedDependenciesFromGivenSet(

pkg-manager/resolve-dependencies/src/resolveDependencies.ts

@@ -220,8 +220,8 @@ export interface ResolvedPackage {
   requiresBuild: boolean | SafePromiseDefer<boolean>
   additionalInfo: {
     deprecated?: string
-    bundleDependencies?: string[]
-    bundledDependencies?: string[]
+    bundleDependencies?: string[] | boolean
+    bundledDependencies?: string[] | boolean
     engines?: {
       node?: string
       npm?: string

pkg-manager/resolve-dependencies/src/updateLockfile.ts

@@ -152,7 +152,8 @@ function toLockfileDependency (
   if (pkg.additionalInfo.libc != null) {
     result['libc'] = pkg.additionalInfo.libc
   }
-  if (Array.isArray(pkg.additionalInfo.bundledDependencies) || Array.isArray(pkg.additionalInfo.bundleDependencies)) {
+  if (Array.isArray(pkg.additionalInfo.bundledDependencies) || Array.isArray(pkg.additionalInfo.bundleDependencies) ||
+    typeof pkg.additionalInfo.bundledDependencies === 'boolean' || typeof pkg.additionalInfo.bundleDependencies === 'boolean') {
     result['bundledDependencies'] = pkg.additionalInfo.bundledDependencies ?? pkg.additionalInfo.bundleDependencies
   }
   if (pkg.additionalInfo.deprecated) {