Disallow self referencing deps

.yarn/versions/1157e53a.yml

@@ -0,0 +1,32 @@
+releases:
+  "@yarnpkg/builder": patch
+  "@yarnpkg/cli": patch
+  "@yarnpkg/core": patch
+  "@yarnpkg/doctor": patch
+  "@yarnpkg/extensions": patch
+  "@yarnpkg/nm": patch
+  "@yarnpkg/plugin-compat": patch
+  "@yarnpkg/plugin-constraints": patch
+  "@yarnpkg/plugin-dlx": patch
+  "@yarnpkg/plugin-essentials": patch
+  "@yarnpkg/plugin-exec": patch
+  "@yarnpkg/plugin-file": patch
+  "@yarnpkg/plugin-git": patch
+  "@yarnpkg/plugin-github": patch
+  "@yarnpkg/plugin-http": patch
+  "@yarnpkg/plugin-init": patch
+  "@yarnpkg/plugin-interactive-tools": patch
+  "@yarnpkg/plugin-link": patch
+  "@yarnpkg/plugin-nm": patch
+  "@yarnpkg/plugin-npm": patch
+  "@yarnpkg/plugin-npm-cli": patch
+  "@yarnpkg/plugin-pack": patch
+  "@yarnpkg/plugin-patch": patch
+  "@yarnpkg/plugin-pnp": patch
+  "@yarnpkg/plugin-pnpm": patch
+  "@yarnpkg/plugin-stage": patch
+  "@yarnpkg/plugin-typescript": patch
+  "@yarnpkg/plugin-version": patch
+  "@yarnpkg/plugin-workspace-tools": patch
+  "@yarnpkg/pnpify": patch
+  "@yarnpkg/sdks": patch

packages/acceptance-tests/pkg-tests-specs/sources/commands/add.test.ts

@@ -549,9 +549,8 @@ describe(`Commands`, () => {
         await run(`add`, `no-deps`);
 
         await expect(xfs.readJsonPromise(ppath.join(path, Filename.manifest))).resolves.toMatchObject({
-          dependencies: {
-            [`no-deps`]: `^2.0.0`,
-          },
+          // Note that Manifest.exportTo disallows depending on self
+          dependencies: {},
         });
       }),
     );

packages/yarnpkg-core/sources/Manifest.ts

@@ -871,6 +871,9 @@ export class Manifest {
       data.dependencies = Object.assign({}, ...structUtils.sortDescriptors(regularDependencies).map(dependency => {
         return {[structUtils.stringifyIdent(dependency)]: dependency.range};
       }));
+      if (data.name && data.dependencies[data.name]) {
+        delete data.dependencies[data.name];
+      }
     } else {
       delete data.dependencies;
     }
@@ -887,6 +890,9 @@ export class Manifest {
       data.devDependencies = Object.assign({}, ...structUtils.sortDescriptors(this.devDependencies.values()).map(dependency => {
         return {[structUtils.stringifyIdent(dependency)]: dependency.range};
       }));
+      if (data.name && data.devDependencies[data.name]) {
+        delete data.devDependencies[data.name];
+      }
     } else {
       delete data.devDependencies;
     }
@@ -895,6 +901,9 @@ export class Manifest {
       data.peerDependencies = Object.assign({}, ...structUtils.sortDescriptors(this.peerDependencies.values()).map(dependency => {
         return {[structUtils.stringifyIdent(dependency)]: dependency.range};
       }));
+      if (data.name && data.peerDependencies[data.name]) {
+        delete data.peerDependencies[data.name];
+      }
     } else {
       delete data.peerDependencies;
     }

packages/yarnpkg-core/tests/Manifest.test.ts

@@ -54,5 +54,16 @@ describe(`Manifest`, () => {
       const manifest = Manifest.fromText(`{ "name": "name", "bin": { "bin1": " ", "bin2": "./bin2.js" } }`);
       expect(manifest.exportTo({}).bin).toEqual({bin2: `./bin2.js`});
     });
+
+    it(`should remove dependency if referencing itself`, () => {
+      const deps = `{ "bar": "^1.0.0", "foo": "^1.2.0" }`;
+      const manifest = Manifest.fromText(`
+        { "name": "foo", "dependencies": ${deps}, "devDependencies": ${deps}, "peerDependencies": ${deps} }
+      `);
+      const exportedManifest = manifest.exportTo({});
+      expect(exportedManifest.dependencies).toEqual({bar: `^1.0.0`});
+      expect(exportedManifest.devDependencies).toEqual({bar: `^1.0.0`});
+      expect(exportedManifest.peerDependencies).toEqual({bar: `^1.0.0`});
+    });
   });
 });