You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(npm) add lockfileVersion 1 support via fromDependenciesTree (#20)
Add npm lockfileVersion 1 lockfile support
fromPackageLock only iterated the v2/v3 `packages` map, so v1
lockfiles silently produced zero results. v1 lockfiles store
dependencies in a nested tree keyed by package name rather than
a flat path-keyed map.
Add fromDependenciesTree, an iterative depth-first generator that
walks the v1 dependencies tree and yields the same Dependency shape.
fromPackageLock falls back to it when `packages` is empty and
`dependencies` exists.
Also add 12 tests for fromDependenciesTree covering flat deps,
nested conflict resolution, scoped packages, and string vs object
input; update README with the link field; and add a CHANGELOG entry.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: doc/CHANGELOG.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
8
8
## [Unreleased]
9
9
10
+
### 🆕 Added
11
+
-**npm lockfileVersion 1 support**: `fromPackageLock` now parses v1 lockfiles by falling back to a new `fromDependenciesTree` generator when the `packages` map is absent. v1 lockfiles use a nested `dependencies` tree instead of the flat `packages` map — `fromDependenciesTree` walks the tree iteratively and yields the same `Dependency` shape. The README already claimed v1 support; the parser now delivers on it.
0 commit comments