The current implementation of the walk() method uses resolveDependencyVersion, which is useful when combined with walkRemoteDependency.
However, in scenarios where we provide a package-lock.json (or node_modules directory) location to be scanned by Arborist, we could simply iterate over edgesOut.
It should be quite similar to the implementation in walkLocalDependency
for (const [packageName, { to: toNode }] of node.edgesOut) {
if (toNode === null || (!includeDevDeps && toNode.dev)) {
continue;
}
const spec: NpmSpec = `${packageName}@${toNode.package.version}`;
if (this.relationsMap.has(spec)) {
this.relationsMap.get(spec)!.add(current.spec);
}
}
However not sure how we should re-implement hasOutdatedDependency flag.
Search the information in Arborist (if it exist)
Use packument instead of manifest in the try/catch (the one who check existence of the Spec in the remote registry)
The current implementation of the walk() method uses resolveDependencyVersion, which is useful when combined with walkRemoteDependency.
However, in scenarios where we provide a package-lock.json (or node_modules directory) location to be scanned by Arborist, we could simply iterate over edgesOut.
It should be quite similar to the implementation in walkLocalDependency
However not sure how we should re-implement hasOutdatedDependency flag.