Match v6 lockfile behaviour in v9 around injected deps

.bazelignore

@@ -22,3 +22,4 @@ node_modules/
 npm/private/test/node_modules/
 npm/private/test/npm_package/node_modules/
 npm/private/test/npm_package_publish/node_modules
+.git

npm/private/npm_translate_lock_generate.bzl

@@ -166,7 +166,7 @@ sh_binary(
                     dep_path = helpers.link_package(root_package, dep_version[len("file:"):])
                 dep_key = "{}+{}".format(dep_package, dep_version)
                 if not dep_key in fp_links.keys():
-                    msg = "Expected to file: referenced package {} in first-party links".format(dep_key)
+                    msg = "Expected to find: referenced package {} in first-party links".format(dep_key)
                     fail(msg)
                 fp_links[dep_key]["link_packages"][link_package] = []
             elif dep_version.startswith("link:"):

npm/private/pnpm.bzl

@@ -28,11 +28,33 @@ def _new_import_info(dependencies, dev_dependencies, optional_dependencies):
         "optional_dependencies": optional_dependencies,
     }
 
-# Metadata about a package.
-#
-# Metadata may come from different locations depending on the lockfile, this struct should
-# have data normalized across lockfiles.
 def _new_package_info(id, name, dependencies, optional_dependencies, dev, has_bin, optional, requires_build, version, friendly_version, resolution):
+    """
+    Metadata about a package.
+
+    Metadata may come from different locations depending on the lockfile, this struct should
+    have data normalized across lockfiles.
+
+    Args:
+        id: The package id, if present.
+            TODO Remove. Used for to resolve path of local packages, however `resolution` is a better source of truth.
+        name: The package name.
+        dependencies: A map of package dependencies.
+        optional_dependencies: A map of optional package dependencies.
+        dev: True if the package is a dev dependency, None otherwise.
+        has_bin: True if the package has a bin field.
+        optional: True if the package is an optional dependency.
+            Determines if package should be omitted `no_optional = True` specified.
+        requires_build: True if the package requires a build.
+            NOTE: With pnpm v9, this cannot be known ahead of time.
+        version: The resolved package version.
+            e.g. `file:packages/a`, `1.2.3`, `1.2.3_at_scope_peer_2.0.2`.
+        friendly_version: The package version, normalized for users. Used to target patches, etc.
+            e.g. `file:packages/a`, `1.2.3`.
+        resolution: The package resolution.
+            e.g. { integrity: "..." }
+            e.g. { type: "directory", directory: "packages/a" }
+    """
     return {
         "id": id,
         "name": name,
@@ -218,20 +240,21 @@ def _convert_pnpm_v6_v9_version_peer_dep(version):
     # with rules_js.
     #
     # Examples:
-    #   1.2.3
-    #   1.2.3(@scope/peer@2.0.2)(@scope/peer@4.5.6)
-    #   4.5.6(patch_hash=o3deharooos255qt5xdujc3cuq)
+    #   1.2.3 -> 1.2.3
+    #   1.2.3(@scope/peer@2.0.2) -> 1.2.3_at_scope_peer_2.0.2
+    #   1.2.3(@scope/peer@2.0.2)(@scope/peer@4.5.6) -> 1.2.3_2001974805
+    #   4.5.6(patch_hash=o3deharooos255qt5xdujc3cuq) -> 4.5.6_o3deharooos255qt5xdujc3cuq
     if version[-1] == ")":
         # Drop the patch_hash= not present in v5 so (patch_hash=123) -> (123) like v5
         version = version.replace("(patch_hash=", "(")
 
-        # There is a peer dep if the string ends with ")"
+        # There is a peer dep (or patch) if the string ends with ")"
         peer_dep_index = version.find("(")
         peer_dep = version[peer_dep_index:]
         if len(peer_dep) > 32:
             # Prevent long paths. The pnpm lockfile v6 no longer hashes long sequences of
             # peer deps so we must hash here to prevent extremely long file paths that lead to
-            # "File name too long) build failures.
+            # "File name too long" build failures.
             peer_dep = utils.hash(peer_dep)
         else:
             peer_dep = peer_dep.replace("(@", "(_at_").replace(")(", "_").replace("@", "_").replace("/", "_")
@@ -485,8 +508,20 @@ def _convert_v9_packages(packages, snapshots):
         # package_data can have the resolved "version" for things like https:// deps
         friendly_version = package_data["version"] if "version" in package_data else static_key[version_index + 1:]
 
+        package_id = package_snapshot.get("id", None)
+
+        # match v6 lockfile behaviour with id
+        if package_id != None and "file:" in package_id:
+            # Remove package name from id
+            package_id = package_id[len(name) + 1:]
+
+        # ensure local packages always have an id, so that peer dependencies don't cause issues
+        if package_id == None and "file:" in package_key:
+            resolution = package_data.get("resolution")
+            package_id = "file:" + resolution["directory"]
+
         package_info = _new_package_info(
-            id = package_data.get("id", None),  # TODO: does v9 have "id"?
+            id = package_id,
             name = name,
             version = version,
             friendly_version = friendly_version,
@@ -499,6 +534,11 @@ def _convert_v9_packages(packages, snapshots):
             resolution = package_data.get("resolution"),
         )
 
+        # Match v6 lockfile behaviour with local dependency keys
+        if "file:" in package_key:
+            # Remove package name from key
+            package_key = package_key[len(name) + 1:]
+
         if package_key in result:
             msg = "ERROR: duplicate package: {}\n\t{}\n\t{}".format(package_key, result[package_key], package_info)
             fail(msg)
@@ -540,10 +580,8 @@ def _parse_lockfile(parsed, err):
 
     # Lockfile version may be a float such as 5.4 or a string such as '6.0'
     lockfile_version = str(parsed["lockfileVersion"])
-    lockfile_version = lockfile_version.lstrip("'")
-    lockfile_version = lockfile_version.rstrip("'")
-    lockfile_version = lockfile_version.lstrip("\"")
-    lockfile_version = lockfile_version.rstrip("\"")
+    lockfile_version = lockfile_version.strip("'")
+    lockfile_version = lockfile_version.strip("\"")
     lockfile_version = float(lockfile_version)
     _assert_lockfile_version(lockfile_version)
 
@@ -603,4 +641,5 @@ pnpm = struct(
 # Exported only to be tested
 pnpm_test = struct(
     strip_v5_peer_dep_or_patched_version = _strip_v5_peer_dep_or_patched_version,
+    convert_pnpm_v6_v9_version_peer_dep = _convert_pnpm_v6_v9_version_peer_dep,
 )