Disallow self referencing deps

yarnpkg · Oct 23, 2024 · a67978f · a67978f
1 parent 031b5da
commit a67978f
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 0 deletions.
diff --git a/.yarn/versions/1157e53a.yml b/.yarn/versions/1157e53a.yml
@@ -0,0 +1,32 @@
+releases:
+  "@yarnpkg/builder": patch
+  "@yarnpkg/cli": patch
+  "@yarnpkg/core": patch
+  "@yarnpkg/doctor": patch
+  "@yarnpkg/extensions": patch
+  "@yarnpkg/nm": patch
+  "@yarnpkg/plugin-compat": patch
+  "@yarnpkg/plugin-constraints": patch
+  "@yarnpkg/plugin-dlx": patch
+  "@yarnpkg/plugin-essentials": patch
+  "@yarnpkg/plugin-exec": patch
+  "@yarnpkg/plugin-file": patch
+  "@yarnpkg/plugin-git": patch
+  "@yarnpkg/plugin-github": patch
+  "@yarnpkg/plugin-http": patch
+  "@yarnpkg/plugin-init": patch
+  "@yarnpkg/plugin-interactive-tools": patch
+  "@yarnpkg/plugin-link": patch
+  "@yarnpkg/plugin-nm": patch
+  "@yarnpkg/plugin-npm": patch
+  "@yarnpkg/plugin-npm-cli": patch
+  "@yarnpkg/plugin-pack": patch
+  "@yarnpkg/plugin-patch": patch
+  "@yarnpkg/plugin-pnp": patch
+  "@yarnpkg/plugin-pnpm": patch
+  "@yarnpkg/plugin-stage": patch
+  "@yarnpkg/plugin-typescript": patch
+  "@yarnpkg/plugin-version": patch
+  "@yarnpkg/plugin-workspace-tools": patch
+  "@yarnpkg/pnpify": patch
+  "@yarnpkg/sdks": patch
diff --git a/packages/yarnpkg-core/sources/Manifest.ts b/packages/yarnpkg-core/sources/Manifest.ts
@@ -871,6 +871,9 @@ export class Manifest {
       data.dependencies = Object.assign({}, ...structUtils.sortDescriptors(regularDependencies).map(dependency => {
         return {[structUtils.stringifyIdent(dependency)]: dependency.range};
       }));
+      if (data.name && data.dependencies[data.name]) {
+        delete data.dependencies[data.name];
+      }
     } else {
       delete data.dependencies;
     }
@@ -887,6 +890,9 @@ export class Manifest {
       data.devDependencies = Object.assign({}, ...structUtils.sortDescriptors(this.devDependencies.values()).map(dependency => {
         return {[structUtils.stringifyIdent(dependency)]: dependency.range};
       }));
+      if (data.name && data.devDependencies[data.name]) {
+        delete data.devDependencies[data.name];
+      }
     } else {
       delete data.devDependencies;
     }
@@ -895,6 +901,9 @@ export class Manifest {
       data.peerDependencies = Object.assign({}, ...structUtils.sortDescriptors(this.peerDependencies.values()).map(dependency => {
         return {[structUtils.stringifyIdent(dependency)]: dependency.range};
       }));
+      if (data.name && data.peerDependencies[data.name]) {
+        delete data.peerDependencies[data.name];
+      }
     } else {
       delete data.peerDependencies;
     }

diff --git a/packages/yarnpkg-core/tests/Manifest.test.ts b/packages/yarnpkg-core/tests/Manifest.test.ts
@@ -54,5 +54,16 @@ describe(`Manifest`, () => {
       const manifest = Manifest.fromText(`{ "name": "name", "bin": { "bin1": " ", "bin2": "./bin2.js" } }`);
       expect(manifest.exportTo({}).bin).toEqual({bin2: `./bin2.js`});
     });
+
+    it(`should remove dependency if referencing itself`, () => {
+      const deps = `{ "bar": "^1.0.0", "foo": "^1.2.0" }`;
+      const manifest = Manifest.fromText(`
+        { "name": "foo", "dependencies": ${deps}, "devDependencies": ${deps}, "peerDependencies": ${deps} }
+      `);
+      const exportedManifest = manifest.exportTo({});
+      expect(exportedManifest.dependencies).toEqual({bar: `^1.0.0`});
+      expect(exportedManifest.devDependencies).toEqual({bar: `^1.0.0`});
+      expect(exportedManifest.peerDependencies).toEqual({bar: `^1.0.0`});
+    });
   });
 });