Contents

const fs = require("fs");
const path = require("path");
const npm = require("npm");
const installer = require("npm/lib/install");

const { muteStderr, runAsync } = require("./helpers.js");

async function updateDependencyFile(directory, lockfileName) {
  const readFile = fileName =>
    fs.readFileSync(path.join(directory, fileName)).toString();

  // `force: true` ignores checks for platform (os, cpu) and engines
  // in npm/lib/install/validate-args.js
  // Platform is checked and raised from (EBADPLATFORM):
  // https://github.com/npm/npm-install-checks
  //
  // `'prefer-offline': true` sets fetch() cache key to `force-cache`
  // https://github.com/npm/npm-registry-fetch
  await runAsync(npm, npm.load, [
    {
      loglevel: "silent",
      force: true,
      audit: false,
      "prefer-offline": true
    }
  ]);

  const dryRun = true;
  const initialInstaller = new installer.Installer(directory, dryRun, [], {
    packageLockOnly: true
  });

  // A bug in npm means the initial install will remove any git dependencies
  // from the lockfile. A subsequent install with no arguments fixes this.
  const cleanupInstaller = new installer.Installer(directory, dryRun, [], {
    packageLockOnly: true
  });

  // Skip printing the success message
  initialInstaller.printInstalled = cb => cb();
  cleanupInstaller.printInstalled = cb => cb();

  // There are some hard-to-prevent bits of output.
  // This is horrible, but works.
  const unmute = muteStderr();
  try {
    await runAsync(initialInstaller, initialInstaller.run, []);
    await runAsync(cleanupInstaller, cleanupInstaller.run, []);
  } finally {
    unmute();
  }

  const updatedLockfile = readFile(lockfileName);

  return { [lockfileName]: updatedLockfile };
}

module.exports = { updateDependencyFile };

Version data entries

138 entries across 138 versions & 1 rubygems

Version	Path
dependabot-npm_and_yarn-0.98.65	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.64	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.63	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.62	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.61	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.60	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.59	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.58	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.57	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.56	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.55	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.54	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.53	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.52	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.51	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.50	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.49	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.48	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.47	helpers/lib/npm/subdependency-updater.js
dependabot-npm_and_yarn-0.98.46	helpers/lib/npm/subdependency-updater.js