feat(why): allow specifying a version or range #6992
Conversation
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
|
@arcanis are you available to review this? You refactored |
| `Explain why version 3.3.1 of lodash is in your project`, | ||
| `$0 why lodash@3.3.1`, | ||
| ], [ | ||
| `or why version 3.X of lodash is in your project`, |
There was a problem hiding this comment.
| `or why version 3.X of lodash is in your project`, | |
| `Explain why version 3.x of lodash is in your project`, |
| function isSameIdent(pkg: Ident, targetPkg: Ident) { | ||
| return pkg.identHash === targetPkg.identHash; | ||
| } |
There was a problem hiding this comment.
This function already exists as structUtils.areIdentsEqual. But honestly, I think just inlining this is much more readable
There was a problem hiding this comment.
Thanks for spotting. I replaced them all with structUtils.areIdentsEqual. It reads more like a natural language which, for me at least, increases readability.
| if (!isSameIdent(nextPkg, targetPkg)) | ||
| continue; | ||
|
|
||
| if (!structUtils.isPackageInRange(nextPkg, targetPkg.range)) |
There was a problem hiding this comment.
This only works for semver ranges, right? What happens if the given descriptor's range is non-semver? Either way, I think that should fail-fast above, when parsing the descriptor.
There was a problem hiding this comment.
That's a case I didn't consider. I added a new test case for this
| seen.add(pkg.locatorHash); | ||
|
|
||
| if (pkg.identHash === identHash) { | ||
| if (isSameIdent(pkg, targetPkg)) { |
There was a problem hiding this comment.
I think you can just can in-range-ness here and eliminate the checks below? Or is there an edge case I am not considering?
There was a problem hiding this comment.
You are right. Changed it to your suggestion
…w-version-range-for-yarn-why
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
Signed-off-by: Remy Parzinski <remypar5@users.noreply.github.com>
| // We don't want to print the full path if it doesn't transitively depend on targetPkg.range | ||
| if (structUtils.areIdentsEqual(pkg, targetPkg) && !structUtils.isPackageInRange(pkg, targetPkg.range)) | ||
| return; | ||
|
|
There was a problem hiding this comment.
I think this can also be removed? dependents already only contains packages that transitively depend on the specified name and range. Again, not sure if I'm missing an edge case
2 participants
What's the problem this PR addresses?
Allowing users to specify a version or range for
yarn whyto find out why a specific version appears in the dependency tree. This is particularly useful if you want to address CVEs.Closes #6859
How did you fix it?
Checklist