diff mbox series

classes-recipe: npm: Complain immediately if npm-shrinkwrap.json is too old

Message ID 20250408134118.1978358-1-mac@mcrowe.com
State Accepted, archived
Commit 4d3cbd11bc9cc0bf5a8571ecd3ce6e5e5c6ef6eb
Headers show
Series classes-recipe: npm: Complain immediately if npm-shrinkwrap.json is too old | expand

Commit Message

Mike Crowe April 8, 2025, 1:41 p.m. UTC 
From: Mike Crowe <mac@mcrowe.com>

Rather than emitting:

 Exception: KeyError: 'packages'

and a stack trace, let's fail immediately if lockfileVersion implies
that the npm-shrinkwrap.json file isn't compatible.

The documentation[1] doesn't make it clear which lockfileVersions are
guaranteed to contain "packages". I have lockfileVersion 1 files
without. Running npm 7.5.2 generates npm-shrinkwrap.json files with
lockfileVersion 2 and "packages", so I've set the minimum to be 2.

[1] https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json

Signed-off-by: Mike Crowe <mac@mcrowe.com>
---
 meta/classes-recipe/npm.bbclass | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta/classes-recipe/npm.bbclass b/meta/classes-recipe/npm.bbclass
index a73ff29be8..344e8b4bec 100644
--- a/meta/classes-recipe/npm.bbclass
+++ b/meta/classes-recipe/npm.bbclass
@@ -154,6 +154,9 @@  python npm_do_configure() {
         has_shrinkwrap_file = False
 
     if has_shrinkwrap_file:
+       if int(orig_shrinkwrap.get("lockfileVersion", 0)) < 2:
+           bb.fatal("%s: lockfileVersion version 2 or later is required" % orig_shrinkwrap_file)
+
        cached_shrinkwrap = copy.deepcopy(orig_shrinkwrap)
        for package in orig_shrinkwrap["packages"]:
             if package != "":