ericcornelissen / depreman

Manage npm deprecations
https://www.npmjs.com/package/depreman
GNU Affero General Public License v3.0
0 stars 0 forks source link

Confusing output when dependency aliasing is used #11

Closed ericcornelissen closed 1 month ago

ericcornelissen commented 1 month ago

When a direct dependency has a deprecation it is not clearly outputted by depreman. Consider the example below where eslint@8.0.1 is a direct dependency whose deprecation is ignored - it does not say why the dependency is there nor why it is ignored.

/eslint-plugin-top # npx depreman --complete
inflight@1.0.6
    (allowed "this dependency is only used for compatibility testing") eslint-v8@8.0.1 > file-entry-cache@6.0.1 > flat-cache@3.2.0 > rimraf@3.0.2 > glob@7.2.3 > inflight@1.0.6
    (allowed "tracked in https://github.com/mochajs/mocha/issues/5148") mocha@10.7.0 > glob@8.1.0 > inflight@1.0.6
    (allowed "tracked in https://github.com/bluwy/publint/issues/11") publint@0.2.12 > npm-packlist@5.1.3 > glob@8.1.0 > inflight@1.0.6
@humanwhocodes/config-array@0.12.3
    (allowed "this dependency is only used for compatibility testing") eslint-v9@9.0.0 > @humanwhocodes/config-array@0.12.3
rimraf@3.0.2
    (allowed "this dependency is only used for compatibility testing") eslint-v8@8.0.1 > file-entry-cache@6.0.1 > flat-cache@3.2.0 > rimraf@3.0.2
@humanwhocodes/config-array@0.6.0
    (allowed "this dependency is only used for compatibility testing") eslint-v8@8.0.1 > @humanwhocodes/config-array@0.6.0
glob@7.2.3
    (allowed "this dependency is only used for compatibility testing") eslint-v8@8.0.1 > file-entry-cache@6.0.1 > flat-cache@3.2.0 > rimraf@3.0.2 > glob@7.2.3
glob@8.1.0
    (allowed "tracked in https://github.com/mochajs/mocha/issues/5148") mocha@10.7.0 > glob@8.1.0
    (allowed "tracked in https://github.com/bluwy/publint/issues/11") publint@0.2.12 > npm-packlist@5.1.3 > glob@8.1.0
@humanwhocodes/object-schema@2.0.3
    (allowed "this dependency is only used for compatibility testing") eslint-v9@9.0.0 > @humanwhocodes/config-array@0.12.3 > @humanwhocodes/object-schema@2.0.3
@humanwhocodes/object-schema@1.2.1
    (allowed "this dependency is only used for compatibility testing") eslint-v8@8.0.1 > @humanwhocodes/config-array@0.6.0 > @humanwhocodes/object-schema@1.2.1
eslint@8.0.1
/eslint-plugin-top #

I'm using depreman@0.2.0

ericcornelissen commented 1 month ago

While the output can be a improved fore direct dependencies that are deprecated (ignored or not), example (at ca84b6e8dfc5f81037f2f3d1e1de11a59c2ed0d7):

$ npx depreman --complete
inflight@1.0.6 ("This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful."):
        inflight@1.0.6

or:

$ npx depreman --complete
inflight@1.0.6
        (allowed "example reason") inflight@1.0.6

This has been improved upon in e4ab16629e7702ae8b77c7a409f06d05e825fcae.

The above issue does not actually match this output. Rather eslint@8.0.1 just hangs there at the end of the output. I think because the project in which I observed this is using dependency aliasing, in particular: "eslint-v8": "npm:eslint@8.0.1",.