Skip to content

fix(lockfile): accept scalar os/cpu/libc in npm package-lock.json#405

Merged
jdx merged 1 commit intomainfrom
fix/npm-scalar-platform-fields
Apr 30, 2026
Merged

fix(lockfile): accept scalar os/cpu/libc in npm package-lock.json#405
jdx merged 1 commit intomainfrom
fix/npm-scalar-platform-fields

Conversation

@jdx
Copy link
Copy Markdown
Contributor

@jdx jdx commented Apr 30, 2026
edited by cursor Bot
Loading

Summary

  • Extends #337 to the npm package-lock.json parser. The pnpm parser learned to accept scalar libc / os / cpu (e.g. "libc": "glibc") but the npm parser still required arrays, so verbatim-roundtripped lockfiles containing sass-embedded-linux-* and friends fail to parse.
  • Switches RawNpmPackage::{os,cpu,libc} to aube_util::string_or_seq, the same helper bun and pnpm already use.
  • Adds a regression test with the exact shape reported in discussion #336.

Test plan

  • cargo test -p aube-lockfile --lib npm::
  • cargo clippy -p aube-lockfile --all-targets -- -D warnings
  • cargo fmt --check

🤖 Generated with Claude Code

Note

Low Risk
Low risk: small, localized change to npm lockfile deserialization to accept an additional JSON shape, with a focused regression test covering the new behavior.

Overview
Fixes npm package-lock.json parsing to accept platform fields os, cpu, and libc when npm emits them as scalar strings instead of arrays, by deserializing them via aube_util::string_or_seq.

Adds a regression test that parses a minimal v3 lockfile containing scalar os/cpu/libc (e.g. sass-embedded-linux-arm) and asserts the values are captured correctly.

Reviewed by Cursor Bugbot for commit d164b37. Bugbot is set up for automated code reviews on this repo. Configure here.

@jdx @claude
fix(lockfile): accept scalar os/cpu/libc in npm package-lock.json
d164b37 
npm sometimes emits these platform fields as scalar strings rather than
arrays (e.g. sass-embedded-linux-arm@1.99.0 ships "libc": "glibc"), and
verbatim-roundtripped lockfiles preserve the shape. The pnpm + bun
parsers already accepted both shapes via aube_util::string_or_seq;
extend the npm parser the same way and add a regression test using the
exact shape reported in discussion #336.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented Apr 30, 2026

Greptile Summary

This PR fixes npm package-lock.json parsing for packages (e.g. sass-embedded-linux-*) that emit os, cpu, and libc as scalar strings instead of arrays. It applies aube_util::string_or_seq to the three fields in RawNpmPackage, bringing the npm parser in line with the pnpm and bun parsers that already handled this shape via PR #337.

Confidence Score: 5/5

Safe to merge — minimal, targeted fix with direct regression test coverage.

Single-file change applies an existing, well-tested helper to three fields, exactly mirroring the pnpm and bun parsers. The regression test directly reproduces the reported failure shape. No logic changes elsewhere.

No files require special attention.

Important Files Changed

Filename Overview
crates/aube-lockfile/src/npm.rs Switches RawNpmPackage::{os,cpu,libc} to use aube_util::string_or_seq, matching pnpm/bun parsers, and adds a targeted regression test for scalar platform fields.

Reviews (1): Last reviewed commit: "fix(lockfile): accept scalar os/cpu/libc..." | Re-trigger Greptile

@jdx jdx merged commit c2aa653 into main Apr 30, 2026
19 checks passed
@jdx jdx deleted the fix/npm-scalar-platform-fields branch April 30, 2026 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdx