bower: checkCustomPackageNames doesn't seem to work (possibly for commit hashes or branch names)

[tupton]

Dependencies with custom package names seem to be ignored. At first I thought this was just for packages that specify something other than a tag for their version, but the output below shows the package being ignored the first time, too.

After an initial bower install:

> var fs = require('fs'),
...   checkDependencies = require('check-dependencies');
undefined
> fs.readFile('bower.json', 'utf-8', function(_, data) {
...   console.log(data);
... });
undefined
> {
  "name": "check-dependecies-test",
  "version": "0.0.0",
  "devDependencies": {
    "util": "dojo/util#1.10.4"
  }
}


(^C again to quit)
> checkDependencies({
...     packageManager: 'bower',
...     verbose: true,
...     checkCustomPackageNames: true
... }, console.log.bind(console));
{ log: [], error: [], depsWereOk: true, status: 0 }
{ _bitField: 268435456,
  _fulfillmentHandler0: undefined,
  _rejectionHandler0: undefined,
  _progressHandler0: undefined,
  _promise0: undefined,
  _receiver0: undefined,
  _settledValue: { log: [], error: [], depsWereOk: true, status: 0 } }
> fs.readFile('bower.json', 'utf-8', function(_, data) {
...   console.log(data);
... });
undefined
> {
  "name": "check-dependecies-test",
  "version": "0.0.0",
  "devDependencies": {
    "util": "dojo/util#7085ef15f71a4dbd7b8662044d7155f185dc60c9"
  }
}


(^C again to quit)
> checkDependencies({
...     packageManager: 'bower',
...     verbose: true,
...     checkCustomPackageNames: true
... }, console.log.bind(console));
{ log: [], error: [], depsWereOk: true, status: 0 }
{ _bitField: 268435456,
  _fulfillmentHandler0: undefined,
  _rejectionHandler0: undefined,
  _progressHandler0: undefined,
  _promise0: undefined,
  _receiver0: undefined,
  _settledValue: { log: [], error: [], depsWereOk: true, status: 0 } }

That's:

• show the contents of bower.json, where dojo/util#1.10.4 is specified as the only dev dependency
• run check-dependencies, with checkCustomPackageNames set to true, for sanity; note that there's no output about the specified and installed versions here
• change bower.json (not shown in node transcript); then show the contents of bower.json again, where dojo/util#7085ef15f71a4dbd7b8662044d7155f185dc60c9 is specified; that hash is the current – as of this writing – head of master, and is a different hash than the 1.10.4 tag
• run check-dependencies again with the same options

There's no output and the report says everything is ok even though the installed version is different than the version specified in bower.json.

The second check-dependencies run doesn't seem to work even if we use something like master or even another tag name like 1.10.3 for the version, so it looks like checkCustomPackageNames might be broken for more than just commit hashes.

[mgol]

That's true, this hasn't been implemented yet. I mostly did this module for npm where this feature doesn't exist and added bower support later.

PRs welcome!

[tupton]

Thanks; I'll take a look at this and see if I can get something together. Knowing that it's an actual issue and not something I'm doing wrong is a big help though.