fix(arborist): workspaces respect overrides on subsequent installs#8160
Merged
owlstronaut merged 1 commit intolatestfrom Mar 19, 2025
Merged
fix(arborist): workspaces respect overrides on subsequent installs#8160owlstronaut merged 1 commit intolatestfrom
owlstronaut merged 1 commit intolatestfrom
Conversation
01afa39 to
60ca847
Compare
owlstronaut
commented
Mar 12, 2025
Comment on lines
+294
to
+297
| .then(tree => { | ||
| this.#applyRootOverridesToWorkspaces(tree) | ||
| return tree | ||
| }) |
Contributor
Author
There was a problem hiding this comment.
this is the only new functionality in this block, I just hate chained ternary operators, so did a minimal refactor.
60ca847 to
88a8067
Compare
fritzy
reviewed
Mar 18, 2025
fritzy
approved these changes
Mar 19, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes: #7660 #5443
Currently overrides are applied correctly to workspaces when a user does their initial
npm install. However, when a user runsnpm installagain, the overrides are not being respected, and versions that the user has specifically overridden because of vulnerabilities or other reasons, are being installed in the node_modules of those workspaces. This ensures that when a package-lock.json is loaded, the overrides are calculated and applied to the workspaces.