fix(outdated): should work when the tarballs are hosted on a different domain (#5501)

close #5492
2026-02-02 03:02:49 -05:00 · 2022-10-16 17:46:14 +03:00
parent 3c117996e5
commit 6ad990a6a4
8 changed files with 56 additions and 5 deletions
--- a/.changeset/quick-mayflies-rush.md
+++ b/.changeset/quick-mayflies-rush.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/outdated": patch
+"pnpm": patch
+---
+
+`pnpm outdated` should work when the package tarballs are hosted on a domain that differs from the registry's domain [#5492](https://github.com/pnpm/pnpm/issues/5492).
--- a/.changeset/shiny-icons-hunt.md
+++ b/.changeset/shiny-icons-hunt.md
@@ -0,0 +1,5 @@
+---
+"@pnpm/outdated": major
+---
+
+`registries` is a required option for the outdated function.
--- a/packages/outdated/package.json
+++ b/packages/outdated/package.json
@@ -44,6 +44,7 @@
    "@pnpm/manifest-utils": "workspace:*",
    "@pnpm/matcher": "workspace:*",
    "@pnpm/modules-yaml": "workspace:*",
+    "@pnpm/npm-resolver": "workspace:*",
    "@pnpm/pick-registry-for-package": "workspace:*",
    "@pnpm/types": "workspace:*",
    "dependency-path": "workspace:*",
--- a/packages/outdated/src/outdated.ts
+++ b/packages/outdated/src/outdated.ts
@@ -6,12 +6,15 @@ import {
 } from '@pnpm/lockfile-file'
 import { nameVerFromPkgSnapshot } from '@pnpm/lockfile-utils'
 import { getAllDependenciesFromManifest } from '@pnpm/manifest-utils'
+import { parsePref } from '@pnpm/npm-resolver'
+import { pickRegistryForPackage } from '@pnpm/pick-registry-for-package'
 import {
  DependenciesField,
  DEPENDENCIES_FIELDS,
  IncludedDependencies,
  PackageManifest,
  ProjectManifest,
+  Registries,
 } from '@pnpm/types'
 import * as dp from 'dependency-path'
 import semver from 'semver'
@@ -40,6 +43,7 @@ export async function outdated (
    manifest: ProjectManifest
    match?: (dependencyName: string) => boolean
    prefix: string
+    registries: Registries
    wantedLockfile: Lockfile | null
  }
 ): Promise<OutdatedPackage[]> {
@@ -68,6 +72,7 @@ export async function outdated (

      await Promise.all(
        pkgs.map(async (alias) => {
+          if (!allDeps[alias]) return
          const ref = opts.wantedLockfile!.importers[importerId][depType]![alias]

          if (
@@ -93,10 +98,14 @@ export async function outdated (
          const current = (currentRelative && dp.parse(currentRelative).version) ?? currentRef
          const wanted = dp.parse(relativeDepPath).version ?? ref
          const { name: packageName } = nameVerFromPkgSnapshot(relativeDepPath, pkgSnapshot)
+          const name = dp.parse(relativeDepPath).name ?? packageName

-          // It might be not the best solution to check for pkgSnapshot.name
-          // TODO: add some other field to distinct packages not from the registry
-          if (pkgSnapshot.resolution && (pkgSnapshot.resolution['type'] || pkgSnapshot.name)) {
+          // If the npm resolve parser cannot parse the spec of the dependency,
+          // it means that the package is not from a npm-compatible registry.
+          // In that case, we can't check whether the package is up-to-date
+          if (
+            parsePref(allDeps[alias], alias, 'latest', pickRegistryForPackage(opts.registries, name)) == null
+          ) {
            if (current !== wanted) {
              outdated.push({
                alias,
@@ -110,7 +119,6 @@ export async function outdated (
            return
          }

-          const name = dp.parse(relativeDepPath).name ?? packageName
          const latestManifest = await opts.getLatestManifest(
            name,
            opts.compatible ? (allDeps[name] ?? 'latest') : 'latest'
--- a/packages/outdated/src/outdatedDepsOfProjects.ts
+++ b/packages/outdated/src/outdatedDepsOfProjects.ts
@@ -51,6 +51,7 @@ export async function outdatedDepsOfProjects (
      manifest,
      match,
      prefix: dir,
+      registries: opts.registries,
      wantedLockfile,
    })
  }))
--- a/packages/outdated/test/outdated.spec.ts
+++ b/packages/outdated/test/outdated.spec.ts
@@ -39,6 +39,7 @@ test('outdated()', async () => {
            'linked-2': 'file:../linked-2',
          },
          specifiers: {
+            'from-github': 'github:blabla/from-github#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
            'is-negative': '^2.1.0',
            'is-positive': '^1.0.0',
          },
@@ -74,7 +75,10 @@ test('outdated()', async () => {
    manifest: {
      name: 'wanted-shrinkwrap',
      version: '1.0.0',
-
+      dependencies: {
+        'from-github': 'github:blabla/from-github#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
+        'from-github-2': 'github:blabla/from-github-2#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
+      },
      devDependencies: {
        'is-negative': '^2.1.0',
        'is-positive': '^3.1.0',
@@ -97,6 +101,8 @@ test('outdated()', async () => {
            'linked-2': 'file:../linked-2',
          },
          specifiers: {
+            'from-github': 'github:blabla/from-github#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
+            'from-github-2': 'github:blabla/from-github-2#d5f8d5500f7faf593d32e134c1b0043ff69151b4',
            'is-negative': '^2.1.0',
            'is-positive': '^3.1.0',
          },
@@ -132,6 +138,9 @@ test('outdated()', async () => {
        },
      },
    },
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
  })
  expect(outdatedPkgs).toStrictEqual([
    {
@@ -211,6 +220,9 @@ test('outdated() should return deprecated package even if its current version is
    },
    prefix: 'project',
    wantedLockfile: lockfile,
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
  })
  expect(outdatedPkgs).toStrictEqual([
    {
@@ -328,6 +340,9 @@ test('using a matcher', async () => {
        },
      },
    },
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
  })
  expect(outdatedPkgs).toStrictEqual([
    {
@@ -397,6 +412,9 @@ test('outdated() aliased dependency', async () => {
        },
      },
    },
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
  })
  expect(outdatedPkgs).toStrictEqual([
    {
@@ -486,6 +504,9 @@ test('a dependency is not outdated if it is newer than the latest version', asyn
    },
    prefix: 'project',
    wantedLockfile: lockfile,
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
  })
  expect(outdatedPkgs).toStrictEqual([])
 })
@@ -503,6 +524,9 @@ test('outdated() should [] when there is no dependency', async () => {
    },
    prefix: 'project',
    wantedLockfile: null,
+    registries: {
+      default: 'https://registry.npmjs.org/',
+    },
  })
  expect(outdatedPkgs).toStrictEqual([])
 })
--- a/packages/outdated/tsconfig.json
+++ b/packages/outdated/tsconfig.json
@@ -36,6 +36,9 @@
    {
      "path": "../modules-yaml"
    },
+    {
+      "path": "../npm-resolver"
+    },
    {
      "path": "../pick-registry-for-package"
    },
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -2625,6 +2625,9 @@ importers:
      '@pnpm/modules-yaml':
        specifier: workspace:*
        version: link:../modules-yaml
+      '@pnpm/npm-resolver':
+        specifier: workspace:*
+        version: link:../npm-resolver
      '@pnpm/pick-registry-for-package':
        specifier: workspace:*
        version: link:../pick-registry-for-package