fix: update npm-packlist#10658
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the repo to use a newer npm-packlist major version and adapts pnpm’s internal packlist wrapper and publishing flow to the updated API.
Changes:
- Bump
npm-packlistfrom5.1.3to10.0.3via the workspace catalog (and lockfile). - Update publishing pack logic to pass a manifest directly into
packlist. - Rework
@pnpm/fs.packlistto call the newnpm-packlistAPI (tree input) and adjust local typings.
Reviewed changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| releasing/plugin-commands-publishing/src/pack.ts | Switches packlist() call site to pass a manifest using the new wrapper API. |
| pnpm-workspace.yaml | Updates the catalog-pinned npm-packlist version to 10.0.3. |
| pnpm-lock.yaml | Updates lockfile entries for the new npm-packlist version and new transitive deps. |
| fs/packlist/src/index.ts | Implements the new npm-packlist v10 calling convention and manifest normalization. |
| typings/typed.d.ts | Updates the custom module typing for npm-packlist to match the new call signature. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| function stripDotSlash (p: string): string { | ||
| return p.startsWith('./') ? p.slice(2) : p |
There was a problem hiding this comment.
stripDotSlash() only strips the POSIX-style prefix './', but the rest of this module already treats both ./ and .\\ as valid dot-slash prefixes (see the regex used when normalizing returned file paths). If main/browser/bin entries ever use Windows-style .\\, they won't be normalized and npm-packlist may miss those files. Consider stripping both separators (e.g. p.replace(/^\.[/\\]/, '') or an equivalent check for both prefixes).
| return p.startsWith('./') ? p.slice(2) : p | |
| return p.replace(/^\.[/\\]/, '') |
| npm-packlist: | ||
| specifier: 'catalog:' | ||
| version: 5.1.3 | ||
| version: 10.0.3 |
There was a problem hiding this comment.
pnpm-lock.yaml still contains a snapshot for @pnpm/fs.packlist@1000.0.0 that depends on npm-packlist: 5.1.3 (see snapshots section around pnpm-lock.yaml:18290+), which contradicts this importer entry resolving npm-packlist to 10.0.3. This looks like a partially-updated lockfile; re-generate the lockfile so the @pnpm/fs.packlist snapshot and the npm-packlist@5.1.3 entries are updated/removed consistently.
| version: 10.0.3 | |
| version: 5.1.3 |
- Fixes [#11519](#11519): `pnpm pack` in pnpm 11 silently dropped every package listed in `bundleDependencies` / `bundledDependencies`, producing tarballs that no longer contained the bundled `node_modules/<dep>` files that v10 produced. - Root cause: the npm-packlist v10 upgrade ([#10658](#10658)) changed its API to require the caller to pre-populate the dependency tree's `edgesOut` Map. The wrapper in `fs/packlist` passed an empty Map, so npm-packlist's `gatherBundles()` looked up each declared name, found nothing, and skipped them all. - Fix: `fs/packlist` now reads each bundled dep's `package.json` (walking up parent `node_modules` to support hoisted layouts), recursively populates `edgesOut` for transitive deps of bundled packages, and normalizes `bundleDependencies: true` to an explicit array (npm-packlist iterates the field directly).
- Fixes [#11519](#11519): `pnpm pack` in pnpm 11 silently dropped every package listed in `bundleDependencies` / `bundledDependencies`, producing tarballs that no longer contained the bundled `node_modules/<dep>` files that v10 produced. - Root cause: the npm-packlist v10 upgrade ([#10658](#10658)) changed its API to require the caller to pre-populate the dependency tree's `edgesOut` Map. The wrapper in `fs/packlist` passed an empty Map, so npm-packlist's `gatherBundles()` looked up each declared name, found nothing, and skipped them all. - Fix: `fs/packlist` now reads each bundled dep's `package.json` (walking up parent `node_modules` to support hoisted layouts), recursively populates `edgesOut` for transitive deps of bundled packages, and normalizes `bundleDependencies: true` to an explicit array (npm-packlist iterates the field directly).
No description provided.