check.js: Ignore dedup warnings for bundled dependencies (#3337)

Any package with bundledDependencies will be added to a hash of bundled deps, which are used to check against when printing dedup warnings. This is because bundled dependencies could result in duplications which we would otherwise detect as false positives. Fixes #3299
yarnpkg · May 19, 2017 · dac451d · dac451d
1 parent da920f2
commit dac451d
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 4 deletions.
diff --git a/__tests__/commands/check.js b/__tests__/commands/check.js
@@ -313,3 +313,12 @@ test.concurrent('--integrity --check-files should not die on broken symlinks', a
     },
   );
 });
+
+test.concurrent('should ignore bundled dependencies',
+async (): Promise<void> => {
+  await runInstall({}, path.join('..', 'check', 'bundled-dep-check'),
+  async (config, reporter, install, getStdout): Promise<void> => {
+    await checkCmd.run(config, reporter, {}, []);
+    expect(getStdout().indexOf('warning')).toEqual(-1);
+  });
+});
diff --git a/__tests__/fixtures/check/bundled-dep-check/nyc-10.3.2.tgz b/__tests__/fixtures/check/bundled-dep-check/nyc-10.3.2.tgz
diff --git a/__tests__/fixtures/check/bundled-dep-check/package.json b/__tests__/fixtures/check/bundled-dep-check/package.json
@@ -0,0 +1,9 @@
+{
+  "name": "bundled-dep-check",
+  "description": "A package with bundled dependencies",
+  "version": "2.0.1",
+  "dependencies": {
+    "nyc": "file:./nyc-10.3.2.tgz"
+  },
+  "license": "MIT"
+}
diff --git a/__tests__/fixtures/check/bundled-dep-check/yarn.lock b/__tests__/fixtures/check/bundled-dep-check/yarn.lock
@@ -0,0 +1,13 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+archy@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/archy/-/archy-1.0.0.tgz#f9c8c13757cc1dd7bc379ac77b2c62a5c2868c40"
+
+"nyc@file:./nyc-10.3.2.tgz":
+  version "10.3.2"
+  resolved "./nyc-10.3.2.tgz#35563cb271637e2dc922a1145d8981e948a9f5c3"
+  dependencies:
+    archy "^1.0.0"
diff --git a/src/cli/commands/check.js b/src/cli/commands/check.js
@@ -218,6 +218,7 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg
     }
   }
 
+  const bundledDeps = {};
   // check if any of the node_modules are out of sync
   const res = await install.linker.getFlatHoistedTree(patterns);
   for (const [loc, {originalKey, pkg, ignore}] of res) {
@@ -268,6 +269,7 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg
     }
 
     const deps = Object.assign({}, packageJson.dependencies, packageJson.peerDependencies);
+    bundledDeps[packageJson.name] = packageJson.bundledDependencies || [];
 
     for (const name in deps) {
       const range = deps[name];
@@ -321,10 +323,14 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg
         }
 
         const packageJson = await config.readJson(loc);
-        if (
-          packageJson.version === depPkg.version ||
-          (semver.satisfies(packageJson.version, range, config.looseSemver) &&
-            semver.gt(packageJson.version, depPkg.version, config.looseSemver))
+        const packagePath = originalKey.split('#');
+        const rootDep = packagePath[0];
+        const packageName = packagePath[1] || packageJson.name;
+
+        const bundledDep = bundledDeps[rootDep] && bundledDeps[rootDep].includes(packageName);
+        if (!bundledDep && (packageJson.version === depPkg.version ||
+        (semver.satisfies(packageJson.version, range, config.looseSemver) &&
+          semver.gt(packageJson.version, depPkg.version, config.looseSemver)))
         ) {
           reporter.warn(
             reporter.lang(