You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add lockfile version resolution for exact version checking (#1898)
* Add lockfile version resolution for exact version checking
Similar to shakacode/shakapacker#170, this adds support for resolving
exact package versions from lockfiles (yarn.lock and package-lock.json)
when checking version compatibility between the gem and npm package.
Key improvements:
- Adds lockfile parsing to NodePackageVersion class
- Resolves exact versions from yarn.lock (v1 format)
- Resolves exact versions from package-lock.json (v1, v2, v3 formats)
- Falls back to package.json version if lockfiles are unavailable
- Prefers yarn.lock over package-lock.json when both exist
- Supports both react-on-rails and react-on-rails-pro packages
This enhancement improves version constraint checking by using the
exact resolved version from lockfiles instead of semver ranges in
package.json, making version mismatch detection more accurate.
Test coverage includes:
- Yarn.lock v1 parsing
- Package-lock.json v1 and v2 format parsing
- Pro package version resolution
- Lockfile preference order
- Fallback to package.json when no lockfile exists
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
* Improve lockfile parsing robustness and error handling
- Fix error handling in version_from_package_lock to safely check for
version key existence using safe navigation operator
- Improve lockfile path construction using File.dirname instead of
".." for more robust path resolution
- Add ClassLength RuboCop disable for NodePackageVersion class
These changes address code review feedback to make the implementation
more robust and handle edge cases better.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
* Fix lockfile path resolution and add comprehensive edge case tests
Path Resolution Fixes:
- Fix lockfile path construction to look in same directory as package.json
- Use base_dir from node_modules_location instead of File.dirname
- Prevent resolving to filesystem root when node_modules_location is empty
- Ensure lockfiles are found next to package.json as expected
Package-lock.json v1 Fix:
- Fix dependency_data type checking (can be Hash or String in v1)
- Use is_a?(Hash) check before calling key? method
New Test Coverage:
- Similar package names (react-on-rails vs react-on-rails-pro)
- Package-lock.json v1 format parsing
- Malformed yarn.lock handling (graceful fallback)
- Malformed package-lock.json handling (graceful fallback)
The regex pattern ^"?package-name@ already ensures exact matching because
@ is the delimiter, preventing "react-on-rails" from matching
"react-on-rails-pro". Added test to verify this behavior.
All 65 tests passing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
* Fix lockfile resolution for local paths to prevent CI failures
Problem:
- CI was failing because yarn.lock contains version "0.0.0" for local links
- The resolve_version method was checking lockfiles before detecting local paths
- This caused "0.0.0" to be returned instead of the local path from package.json
Solution:
- Check if package.json version is a local path/URL BEFORE resolving from lockfiles
- Add local_path_or_url_version? helper method
- Skip lockfile resolution for local paths since they have placeholder versions
This fixes the CI failures where spec/dummy uses "link:.yalc/react-on-rails"
and yarn.lock contains version "0.0.0" for this local link.
All 65 tests still passing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
---------
Co-authored-by: Claude <[email protected]>
0 commit comments