From fc76f3d9fcf19e65a9373ab3d9068c4326d2f782 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Tue, 3 Nov 2020 13:22:45 -0800
Subject: [PATCH] @npmcli/arborist@1.0.8

---
 .../arborist/lib/arborist/build-ideal-tree.js | 34 ++++++++++++++++---
 node_modules/@npmcli/arborist/lib/node.js     |  9 ++++-
 node_modules/@npmcli/arborist/package.json    |  2 +-
 package-lock.json                             | 14 ++++----
 package.json                                  |  2 +-
 5 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
index 23497827a7749..54a6ff33751a1 100644
--- a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
+++ b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
@@ -759,6 +759,11 @@ This is a one-time fix-up, please be patient...
       // be forced to agree on a version of z.
       const dep = vrDep && vrDep.satisfies(edge) ? vrDep
         : await this[_nodeFromEdge](edge, edge.peer ? virtualRoot : null)
+      /* istanbul ignore next */
+      debug(() => {
+        if (!dep)
+          throw new Error('no dep??')
+      })
       tasks.push({edge, dep})
     }
 
@@ -1055,13 +1060,18 @@ This is a one-time fix-up, please be patient...
     // top nodes should still get peer deps from their fsParent if possible,
     // and only install locally if there's no other option, eg for a link
     // outside of the project root, or for a conflicted dep.
-    const start = edge.peer && !node.isRoot
-      ? node.resolveParent || node
+    const start = edge.peer && !node.isRoot ? node.resolveParent || node
       : node
 
     let target
     let canPlace = null
     for (let check = start; check; check = check.resolveParent) {
+      // if the current location has a peerDep on it, then we can't place here
+      // this is pretty rare to hit, since we always prefer deduping peers.
+      const checkEdge = check.edgesOut.get(edge.name)
+      if (!check.isTop && checkEdge && checkEdge.peer)
+        continue
+
       const cp = this[_canPlaceDep](dep, check, edge, peerEntryEdge, peerPath)
 
       // anything other than a conflict is fine to proceed with
@@ -1210,9 +1220,15 @@ This is a one-time fix-up, please be patient...
     // otherwise they'd be gone and the peer set would change throughout
     // this loop.
     for (const peerEdge of newDep.edgesOut.values()) {
-      if (!peerEdge.peer || peerEdge.valid)
-        continue
       const peer = virtualRoot.children.get(peerEdge.name)
+
+      // Note: if the virtualRoot *doesn't* have the peer, then that means
+      // it's an optional peer dep.  If it's not being properly met (ie,
+      // peerEdge.valid is false), that this is likely heading for an
+      // ERESOLVE error, unless it can walk further up the tree.
+      if (!peerEdge.peer || peerEdge.valid || !peer)
+        continue
+
       const peerPlaced = this[_placeDep](
         peer, newDep, peerEdge, peerEntryEdge || edge, peerPath)
       placed.push(...peerPlaced)
@@ -1264,6 +1280,11 @@ This is a one-time fix-up, please be patient...
   // When we check peers, we pass along the peerEntryEdge to track the
   // original edge that caused us to load the family of peer dependencies.
   [_canPlaceDep] (dep, target, edge, peerEntryEdge = null, peerPath = []) {
+    /* istanbul ignore next */
+    debug(() => {
+      if (!dep)
+        throw new Error('no dep??')
+    })
     const entryEdge = peerEntryEdge || edge
     const source = this[_peerSetSource].get(dep)
     const isSource = target === source
@@ -1308,7 +1329,10 @@ This is a one-time fix-up, please be patient...
         return KEEP
 
       // if we prefer deduping, then try replacing newer with older
-      if (this[_preferDedupe] && !tryReplace && dep.canReplace(current)) {
+      // we always prefer to dedupe peers, because they are trying
+      // a bit harder to be singletons.
+      const preferDedupe = this[_preferDedupe] || edge.peer
+      if (preferDedupe && !tryReplace && dep.canReplace(current)) {
         const res = this[_canPlacePeers](dep, target, edge, REPLACE, peerEntryEdge, peerPath)
         /* istanbul ignore else - It's extremely rare that a replaceable
          * node would be a conflict, if the current one wasn't a conflict,
diff --git a/node_modules/@npmcli/arborist/lib/node.js b/node_modules/@npmcli/arborist/lib/node.js
index cc3a7ec5ef709..a783ce9c97572 100644
--- a/node_modules/@npmcli/arborist/lib/node.js
+++ b/node_modules/@npmcli/arborist/lib/node.js
@@ -175,7 +175,7 @@ class Node {
 
     // have to set the internal package ref before assigning the parent,
     // because this.package is read when adding to inventory
-    this[_package] = pkg
+    this[_package] = pkg && typeof pkg === 'object' ? pkg : {}
 
     // only relevant for the root and top nodes
     this.meta = meta
@@ -307,6 +307,13 @@ class Node {
       edge.detach()
 
     this[_explanation] = null
+    /* istanbul ignore next - should be impossible */
+    if (!pkg || typeof pkg !== 'object') {
+      debug(() => {
+        throw new Error('setting Node.package to non-object')
+      })
+      pkg = {}
+    }
     this[_package] = pkg
     this[_loadWorkspaces]()
     this[_loadDeps]()
diff --git a/node_modules/@npmcli/arborist/package.json b/node_modules/@npmcli/arborist/package.json
index 73c6ce58d2839..fe72f409c4a45 100644
--- a/node_modules/@npmcli/arborist/package.json
+++ b/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@npmcli/installed-package-contents": "^1.0.5",
diff --git a/package-lock.json b/package-lock.json
index fa97a161b4e28..456f21ef4a3b9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -78,7 +78,7 @@
       ],
       "license": "Artistic-2.0",
       "dependencies": {
-        "@npmcli/arborist": "^1.0.6",
+        "@npmcli/arborist": "^1.0.8",
         "@npmcli/ci-detect": "^1.2.0",
         "@npmcli/config": "^1.2.1",
         "@npmcli/run-script": "^1.7.4",
@@ -386,9 +386,9 @@
       }
     },
     "node_modules/@npmcli/arborist": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.6.tgz",
-      "integrity": "sha512-Hj5QxT1/BIU5HMb3sSOCV81trhc6sqT1FaCdXPM+YjZPLpQsO3UFKWAGuDknDcNyx1mVT0IA1nlmrjhGGXDDtQ==",
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.8.tgz",
+      "integrity": "sha512-LAopKkhAnBr6/cbIpH9VeNS4yLWMFf6AFKC7x3XHvNFDMy8cmvEjWtjcpV8ACjPPm4UbjIzQ/n4qrxaA0ZyBDA==",
       "inBundle": true,
       "dependencies": {
         "@npmcli/installed-package-contents": "^1.0.5",
@@ -9065,9 +9065,9 @@
       }
     },
     "@npmcli/arborist": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.6.tgz",
-      "integrity": "sha512-Hj5QxT1/BIU5HMb3sSOCV81trhc6sqT1FaCdXPM+YjZPLpQsO3UFKWAGuDknDcNyx1mVT0IA1nlmrjhGGXDDtQ==",
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-1.0.8.tgz",
+      "integrity": "sha512-LAopKkhAnBr6/cbIpH9VeNS4yLWMFf6AFKC7x3XHvNFDMy8cmvEjWtjcpV8ACjPPm4UbjIzQ/n4qrxaA0ZyBDA==",
       "requires": {
         "@npmcli/installed-package-contents": "^1.0.5",
         "@npmcli/map-workspaces": "^1.0.1",
diff --git a/package.json b/package.json
index 5e0d71cd73cb5..cf1278af12694 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,7 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@npmcli/arborist": "^1.0.6",
+    "@npmcli/arborist": "^1.0.8",
     "@npmcli/ci-detect": "^1.2.0",
     "@npmcli/config": "^1.2.1",
     "@npmcli/run-script": "^1.7.4",