Bug: Upstream/transitive patched dependencies are omitted during isolation
Description
When using pnpm.patchedDependencies, the isolate-package utility successfully copies and preserves patches for direct dependencies that are explicitly listed in the target package's dependencies or devDependencies. However, if a patch targets an upstream (transitive) dependency, the patch is completely lost during isolation.
This is highly noticeable in monorepos where deeper, transitive dependencies need to be patched globally but end up being omitted from the isolated sub-package because they aren't explicitly declared in the consumer package's direct dependencies.
Reproduction Steps
- Create a minimal monorepo with the following package structure:
Root package.json:
{
"name": "monorepo-root",
"private": true,
"pnpm": {
"patchedDependencies": {
"tslib@2.0.0": "patches/tslib@2.0.0.patch"
}
}
}Firebase Package packages/firebase-package/package.json:
{
"name": "firebase-package",
"version": "1.0.0",
"dependencies": {
"tslib": "^2.0.0"
}
}Consumer Package packages/consumer/package.json:
{
"name": "consumer",
"version": "1.0.0",
"dependencies": {
"firebase-package": "workspace:*"
}
}
- Run
isolate-package against the consumer workspace package.
- Inspect the resulting isolated directory and its internal
package.json.
Expected Result:
The patch for the upstream dependency (tslib@2.0.0) is copied over into the isolated directory, and the isolated package.json retains the patch mapping since tslib will resolve as a dependency for the consumer package via firebase-package.
Actual Result:
The patch for tslib is stripped from the isolated bundle's package.json, and the patch file itself is not copied over.
Root Cause
Currently, the filterPatchedDependencies function relies on a strict lookup against the target package's immediate dependencies using targetPackageManifest.dependencies?.[packageName]. Because tslib is a transitive dependency that only exists on firebase-package (and is not directly listed in consumer's dependencies), it fails this validation check entirely and is omitted from the output.
Bug: Upstream/transitive patched dependencies are omitted during isolation
Description
When using
pnpm.patchedDependencies, theisolate-packageutility successfully copies and preserves patches for direct dependencies that are explicitly listed in the target package'sdependenciesordevDependencies. However, if a patch targets an upstream (transitive) dependency, the patch is completely lost during isolation.This is highly noticeable in monorepos where deeper, transitive dependencies need to be patched globally but end up being omitted from the isolated sub-package because they aren't explicitly declared in the consumer package's direct
dependencies.Reproduction Steps
Root
package.json:{ "name": "monorepo-root", "private": true, "pnpm": { "patchedDependencies": { "tslib@2.0.0": "patches/tslib@2.0.0.patch" } } }Firebase Package
packages/firebase-package/package.json:{ "name": "firebase-package", "version": "1.0.0", "dependencies": { "tslib": "^2.0.0" } }Consumer Package
packages/consumer/package.json:{ "name": "consumer", "version": "1.0.0", "dependencies": { "firebase-package": "workspace:*" } }isolate-packageagainst theconsumerworkspace package.package.json.Expected Result:
The patch for the upstream dependency (
tslib@2.0.0) is copied over into the isolated directory, and the isolatedpackage.jsonretains the patch mapping sincetslibwill resolve as a dependency for the consumer package viafirebase-package.Actual Result:
The patch for
tslibis stripped from the isolated bundle'spackage.json, and the patch file itself is not copied over.Root Cause
Currently, the
filterPatchedDependenciesfunction relies on a strict lookup against the target package's immediate dependencies usingtargetPackageManifest.dependencies?.[packageName]. Becausetslibis a transitive dependency that only exists onfirebase-package(and is not directly listed inconsumer'sdependencies), it fails this validation check entirely and is omitted from the output.