feat: cache semver calls during dependency resolution

Author: TrevorBurnham

workspaces/arborist/lib/arborist/build-ideal-tree.js

@@ -13,7 +13,7 @@ const { lstat, readlink } = require('node:fs/promises')
 const { depth } = require('treeverse')
 const { log, time } = require('proc-log')
 const { redact } = require('@npmcli/redact')
-const semver = require('semver')
+const semver = require('../cached-semver.js')
 
 const {
   OK,

workspaces/arborist/lib/arborist/reify.js

@@ -2,9 +2,8 @@
 const onExit = require('../signal-handling.js')
 const pacote = require('pacote')
 const AuditReport = require('../audit-report.js')
-const { subset, intersects } = require('semver')
+const semver = require('../cached-semver.js')
 const npa = require('npm-package-arg')
-const semver = require('semver')
 const debug = require('../debug.js')
 const { walkUp } = require('walk-up-path')
 const { log, time } = require('proc-log')
@@ -1390,7 +1389,7 @@ module.exports = cls => class Reifier extends cls {
           if (
             !isRange ||
             spec === '*' ||
-            subset(prefixRange, spec, { loose: true })
+            semver.subset(prefixRange, spec, { loose: true })
           ) {
             range = prefixRange
           }
@@ -1445,11 +1444,11 @@ module.exports = cls => class Reifier extends cls {
           if (hasSubKey(pkg, 'devDependencies', name)) {
             pkg.devDependencies[name] = newSpec
             // don't update peer or optional if we don't have to
-            if (hasSubKey(pkg, 'peerDependencies', name) && (isLocalDep || !intersects(newSpec, pkg.peerDependencies[name]))) {
+            if (hasSubKey(pkg, 'peerDependencies', name) && (isLocalDep || !semver.intersects(newSpec, pkg.peerDependencies[name]))) {
               pkg.peerDependencies[name] = newSpec
             }
 
-            if (hasSubKey(pkg, 'optionalDependencies', name) && (isLocalDep || !intersects(newSpec, pkg.optionalDependencies[name]))) {
+            if (hasSubKey(pkg, 'optionalDependencies', name) && (isLocalDep || !semver.intersects(newSpec, pkg.optionalDependencies[name]))) {
               pkg.optionalDependencies[name] = newSpec
             }
           } else {

workspaces/arborist/lib/cached-semver.js

@@ -0,0 +1,211 @@
+const semver = require('semver')
+
+const MAX_CACHE_SIZE = 1000
+
+// Simple LRU cache implementation using Map's insertion order
+class LRUCache {
+  constructor (maxSize) {
+    this.maxSize = maxSize
+    this.cache = new Map()
+  }
+
+  get (key) {
+    if (this.cache.has(key)) {
+      // Move to end (most recently used)
+      const value = this.cache.get(key)
+      this.cache.delete(key)
+      this.cache.set(key, value)
+      return value
+    }
+    return undefined
+  }
+
+  set (key, value) {
+    if (this.cache.has(key)) {
+      // Update existing - move to end
+      /* istanbul ignore next - cache update path not reachable with current implementation */
+      this.cache.delete(key)
+    } else if (this.cache.size >= this.maxSize) {
+      // Evict least recently used (first entry)
+      const firstKey = this.cache.keys().next().value
+      this.cache.delete(firstKey)
+    }
+    this.cache.set(key, value)
+  }
+
+  /* istanbul ignore next - method never called by current implementation */
+  has (key) {
+    return this.cache.has(key)
+  }
+
+  /* istanbul ignore next - method never called by current implementation */
+  get size () {
+    return this.cache.size
+  }
+}
+
+const versionCache = new LRUCache(MAX_CACHE_SIZE)
+const rangeCache = new LRUCache(MAX_CACHE_SIZE)
+const versionCacheClean = new LRUCache(MAX_CACHE_SIZE)
+
+function createCacheKey (input, options = {}) {
+  const keys = Object.keys(options)
+  return keys.length === 0
+    ? input
+    : `${input}|${JSON.stringify(options, keys.sort())}`
+}
+
+function parseVersion (version) {
+  if (typeof version !== 'string') {
+    return null
+  }
+
+  const cached = versionCache.get(version)
+  if (cached !== undefined) {
+    return cached
+  }
+
+  const parsed = semver.parse(version)
+  versionCache.set(version, parsed)
+
+  return parsed
+}
+
+function parseRange (range, options = {}) {
+  /* istanbul ignore next - non-string inputs filtered at higher levels */
+  if (typeof range !== 'string') {
+    return null
+  }
+
+  const cacheKey = createCacheKey(range, options)
+
+  const cached = rangeCache.get(cacheKey)
+  if (cached !== undefined) {
+    return cached
+  }
+
+  let parsed
+  try {
+    parsed = new semver.Range(range, options)
+  } catch (err) {
+    parsed = null
+  }
+
+  rangeCache.set(cacheKey, parsed)
+
+  return parsed
+}
+
+function satisfies (version, range, options = {}) {
+  // For any non-string inputs, delegate to original semver to maintain exact behavior
+  if (typeof version !== 'string' || typeof range !== 'string') {
+    return semver.satisfies(version, range, options)
+  }
+
+  if (range === version) {
+    return true
+  }
+
+  const parsedVersion = parseVersion(version)
+  if (!parsedVersion) {
+    return false
+  }
+
+  const parsedRange = parseRange(range, options)
+  if (!parsedRange) {
+    return false
+  }
+
+  try {
+    return parsedRange.test(parsedVersion)
+  } catch (err) {
+    /* istanbul ignore next - defensive programming, semver rarely throws */
+    return false
+  }
+}
+
+function intersects (range1, range2, options = {}) {
+  // For any non-string inputs, delegate to original semver to maintain exact behavior
+  if (typeof range1 !== 'string' || typeof range2 !== 'string') {
+    return semver.intersects(range1, range2, options)
+  }
+
+  if (range1 === range2) {
+    return true
+  }
+  if (range1 === '*' || range2 === '*') {
+    return true
+  }
+
+  const parsedRange1 = parseRange(range1, options)
+  const parsedRange2 = parseRange(range2, options)
+
+  if (!parsedRange1 || !parsedRange2) {
+    return false
+  }
+
+  try {
+    return parsedRange1.intersects(parsedRange2)
+  } catch (err) {
+    /* istanbul ignore next - defensive programming, semver rarely throws */
+    return false
+  }
+}
+
+function valid (version) {
+  if (typeof version !== 'string') {
+    return null
+  }
+
+  const parsed = parseVersion(version)
+  return parsed ? parsed.version : null
+}
+
+function validRange (range, options = {}) {
+  if (typeof range !== 'string') {
+    return null
+  }
+
+  const parsed = parseRange(range, options)
+  if (!parsed) {
+    return null
+  }
+
+  // Handle special case: semver.validRange("*") returns "*", not ""
+  if (range === '*' || range === '') {
+    return '*'
+  }
+
+  return parsed.range
+}
+
+function clean (version, options = {}) {
+  if (typeof version !== 'string') {
+    return null
+  }
+
+  const cacheKey = createCacheKey(version, options)
+
+  const cached = versionCacheClean.get(cacheKey)
+  if (cached !== undefined) {
+    return cached
+  }
+
+  const result = semver.clean(version, options)
+  versionCacheClean.set(cacheKey, result)
+
+  return result
+}
+
+module.exports = {
+  // Start with all semver functions
+  ...semver,
+
+  // Override with cached implementations
+  satisfies,
+  intersects,
+  valid,
+  validRange,
+  clean,
+  parse: parseVersion,
+}

workspaces/arborist/lib/can-place-dep.js

@@ -36,7 +36,7 @@
 // the replaced node for resolution elsewhere.
 
 const localeCompare = require('@isaacs/string-locale-compare')('en')
-const semver = require('semver')
+const semver = require('./cached-semver.js')
 const debug = require('./debug.js')
 const peerEntrySets = require('./peer-entry-sets.js')
 const deepestNestingTarget = require('./deepest-nesting-target.js')

workspaces/arborist/lib/dep-valid.js

@@ -4,7 +4,7 @@
 // client-specific package.json meta _fields, but most of
 // the time will be pulled out of a lockfile
 
-const semver = require('semver')
+const semver = require('./cached-semver.js')
 const npa = require('npm-package-arg')
 const { relative } = require('node:path')
 const fromPath = require('./from-path.js')

workspaces/arborist/lib/node.js

@@ -28,7 +28,7 @@
 // where we need to quickly find all instances of a given package name within a
 // tree.
 
-const semver = require('semver')
+const semver = require('./cached-semver.js')
 const nameFromFolder = require('@npmcli/name-from-folder')
 const Edge = require('./edge.js')
 const Inventory = require('./inventory.js')

workspaces/arborist/lib/override-set.js

@@ -1,5 +1,5 @@
 const npa = require('npm-package-arg')
-const semver = require('semver')
+const semver = require('./cached-semver.js')
 const { log } = require('proc-log')
 
 class OverrideSet {

workspaces/arborist/lib/query-selector-all.js

@@ -7,7 +7,7 @@ const { log } = require('proc-log')
 const { minimatch } = require('minimatch')
 const npa = require('npm-package-arg')
 const pacote = require('pacote')
-const semver = require('semver')
+const semver = require('./cached-semver.js')
 const npmFetch = require('npm-registry-fetch')
 
 // handle results for parsed query asts, results are stored in a map that has a
@@ -366,7 +366,7 @@ class Results {
           // two ranges -> semver.intersects
           actualFunc = 'intersects'
         } else {
-          // anything else -> semver.satisfies
+          // anything else -> satisfies
           actualFunc = 'satisfies'
         }
       }

workspaces/arborist/lib/version-from-tgz.js

@@ -1,4 +1,4 @@
-const semver = require('semver')
+const semver = require('./cached-semver.js')
 const { basename } = require('node:path')
 const { URL } = require('node:url')
 module.exports = (name, tgz) => {

workspaces/arborist/lib/vuln.js

@@ -11,7 +11,7 @@
 //   @npmcli/metavuln-calculator
 // - via: dependency vulns which cause this one
 
-const { satisfies, simplifyRange } = require('semver')
+const semver = require('./cached-semver.js')
 const semverOpt = { loose: true, includePrerelease: true }
 
 const localeCompare = require('@isaacs/string-locale-compare')('en')
@@ -101,7 +101,7 @@ class Vuln {
     }
 
     for (const v of this.versions) {
-      if (satisfies(v, spec) && !satisfies(v, this.range, semverOpt)) {
+      if (semver.satisfies(v, spec) && !semver.satisfies(v, this.range, semverOpt)) {
         return false
       }
     }
@@ -185,7 +185,7 @@ class Vuln {
 
     const versions = [...this.advisories][0].versions
     const range = this.range
-    this.#simpleRange = simplifyRange(versions, range, semverOpt)
+    this.#simpleRange = semver.simplifyRange(versions, range, semverOpt)
     this.#range = this.#simpleRange
     return this.#simpleRange
   }