You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// When the extension file changed since the lockfile was written, locked manifests may no longer reflect its output.
304
-
// Arbitrary code has no selector to predict which packages it affects, so re-resolve any node that carried old provenance or that the new file now transforms.
306
+
// This also covers removal: a now-absent file hashes to null, which differs from the locked hash and reverts the previously transformed nodes.
307
+
// Arbitrary code has no selector to predict which packages it affects, so re-resolve any node that carried old provenance or that the current file now transforms.
// a node with old provenance carries an already-transformed manifest, so refetch; otherwise its locked manifest is the raw baseline the new file can be tried against
// A node with old provenance carries an already-transformed manifest, so always refetch it.
314
+
// Otherwise probe the locked manifest (without caching, so the authoritative full-manifest fetch is not pre-seeded).
315
+
// The locked manifest carries every resolution-relevant field (name, version, dependencies, peer metadata); a transform that newly targets a node by a field not persisted in the lockfile is the documented edge that may need a manual re-lock.
Copy file name to clipboardExpand all lines: workspaces/arborist/lib/npm-extension.js
+43-16Lines changed: 43 additions & 16 deletions
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@
3
3
// This module discovers and hashes the root extension file, loads its `transformManifest` export, and applies it to a deeply isolated manifest copy, returning an extended manifest plus minimal provenance.
4
4
// It never mutates the input manifest or any shared cache object.
// Apply transformManifest to a candidate manifest, returning { pkg, applied } or null when nothing changed.
116
116
// Results are cached once per resolved package identity; consumers get a deeply isolated copy so they cannot mutate the cached effective manifest.
117
-
apply(pkg){
117
+
// Pass { memoize: false } to run without caching, e.g. a staleness probe over partial lockfile manifests that must not seed the cache used by full-manifest fetches.
0 commit comments