In particular, if the "main" field of the package.json file cannot be
resolved, then the `resolved` variable will be "missing", which is a
truthy value that silently rejects property assignments. Ugh!
Although we thought the upgrade from `npm` 3.10.9 to 4.1.2 was worthwhile
and safe, this breaking change proved problematic:
https://github.com/npm/npm/blob/latest/CHANGELOG.md#no-more-partial-shrinkwraps-breaking
Specifically, if a Meteor package calls `Npm.depends` in a way that
disagrees with the contents of `.npm/package/npm-shrinkwrap.json` file,
Meteor will create a partial shrinkwrap file in order to install the
correct top-level npm dependencies, but transitive dependencies of the
package will no longer be installed.
This was fixed in Meteor 1.4.2.7 by reverting the upgrade of npm, but
Meteor 1.4.3.1 will keep npm@4.1.2 and fix the consequences.
Inspired by analysis from @danstiner:
https://github.com/meteor/meteor/issues/8225#issuecomment-275044900Fixes#8225, as well as the tests I added in 672c4f338a.
I changed the name of the .meteor-portable file to .meteor-portable-1.json
in order to invalidate previous .meteor-portable files. This naming scheme
will be more sustainable, because we can keep incrementing the version
number whenever we change this logic.
Inspired by analysis from @danstiner:
https://github.com/meteor/meteor/issues/8225#issuecomment-275044900Fixes#8225, as well as the tests I added in 672c4f338a.
I changed the name of the .meteor-portable file to .meteor-portable-1.json
in order to invalidate previous .meteor-portable files. This naming scheme
will be more sustainable, because we can keep incrementing the version
number whenever we change this logic.
Implicit empty stub CSS modules added in addStylesheet in
compiler-plugin.js were being overwritten with actual CSS module code,
thanks to logic intended to support replacing package.json stubs with
their actual contents.
The meaning of "implicit" is somewhat overloaded: for package.json
modules, it means the module is a minimal stub (just the "name",
"version", and "main"/"browser" fields) that should be replaced if ever
explicitly imported. For empty stub CSS modules, it means the module
should yield to any actual modules added via addJavaScript.
Implicit empty stub CSS modules added in addStylesheet in
compiler-plugin.js were being overwritten with actual CSS module code,
thanks to logic intended to support replacing package.json stubs with
their actual contents.
The meaning of "implicit" is somewhat overloaded: for package.json
modules, it means the module is a minimal stub (just the "name",
"version", and "main"/"browser" fields) that should be replaced if ever
explicitly imported. For empty stub CSS modules, it means the module
should yield to any actual modules added via addJavaScript.
Also, the regular expression for removing existing source map comments now
matches only if the comment starts at the beginning of a line, following
previous behavior more closely.
To get this exactly right, we would need to tokenize the source to avoid
matching comments in string literals, for example, but that's hard because
this logic needs to work for multiple file types, not just JavaScript.
Currently this functionality is only used for exposing npmRequire and
Profile to the packages/modules-runtime.js bundle, but I'm planning to use
it for packages/dynamic-import.js soon.
Package version unpinning (#7084) removed all exact package@=version
constraints derived from the current release.
As we discovered with Meteor 1.4.2.4 (#8306), this meant releases no
longer had any power to enforce package upgrades, which is why the
follow-up Meteor 1.4.2.5 release (#8311) was necessary.
This commit has the same effect as putting package@version in your
.meteor/packages file for every local/core package that your app uses.
Previously, when building a JavaScript bundle for the client, if a
package.json file had a string-valued "browser" field, we would replace
the value of the "main" field of the bundled package.json module with the
value of the "browser" field. This trick was important because it allowed
an npm package to have a different entry point on the client than it had
on the server.
However, that approach became inconsistent if the package.json file was
also explicitly imported as a module, because the package.json stub used
for module resolution prevented the real contents of package.json from
getting bundled, and disagreed with the original package.json module about
the value of the "main" field.
To resolve that inconsistency, it seems better to avoid modifying the
"main" field of package.json modules, and instead rely on the runtime
module system to make sense of the "browser" field, regardless of whether
the package.json module is a stub used only for module resolution or
contains the full contents of the original package.json file.
The ability to understand "browser" fields of package.json modules was
introduced in install@0.8.3:
377d1a3b51
This is potentially a backwards-incompatible change for developers using
this version of `ImportScanner` and `Resolver` who have not yet upgraded
their `modules-runtime` package to at least version 0.7.8. The solution is
to upgrade `modules-runtime`, though it would be nice to enforce that
better somehow.
