[install] pick `latest` tagged version by default (#2016)

* [install] pick `latest` tagged version by default

fixes #1993

* update `package.json` the same way as `npm

4 files changed, 123 insertions, 23 deletions

diff --git a/src/install/dependency.zig b/src/install/dependency.zig
index 315c22894..2cc3d4177 100644
--- a/src/install/dependency.zig
+++ b/src/install/dependency.zig
@@ -318,8 +318,8 @@ pub const Version = struct {
         }
 
         pub fn infer(dependency: string) Tag {
-            // empty string means >= 0.0.0
-            if (dependency.len == 0) return .npm;
+            // empty string means `latest`
+            if (dependency.len == 0) return .dist_tag;
             switch (dependency[0]) {
                 // =1
                 // >1.2
@@ -670,10 +670,6 @@ pub fn parseWithTag(
                     }
 
                     tag_to_use = sliced.sub(dependency[i + 1 ..]).value();
-                    if (tag_to_use.isEmpty()) {
-                        tag_to_use = String.from("latest");
-                    }
-
                     break :brk dependency["npm:".len..i];
                 }).value()
             else
@@ -682,15 +678,12 @@ pub fn parseWithTag(
             // name should never be empty
             if (Environment.allow_assert) std.debug.assert(!actual.isEmpty());
 
-            // tag should never be empty
-            if (Environment.allow_assert) std.debug.assert(!tag_to_use.isEmpty());
-
             return .{
                 .literal = sliced.value(),
                 .value = .{
                     .dist_tag = .{
                         .name = actual,
-                        .tag = tag_to_use,
+                        .tag = if (tag_to_use.isEmpty()) String.from("latest") else tag_to_use,
                     },
                 },
                 .tag = .dist_tag,
diff --git a/src/install/install.zig b/src/install/install.zig
index d23c1d757..a411d2098 100644
--- a/src/install/install.zig
+++ b/src/install/install.zig
@@ -4414,7 +4414,7 @@ pub const PackageManager = struct {
             for (updates) |*update| {
                 if (update.e_string) |e_string| {
                     e_string.data = switch (update.resolution.tag) {
-                        .npm => if (update.version.tag == .npm and update.version.value.npm.version.input.len == 0)
+                        .npm => if (update.version.tag == .dist_tag and update.version.literal.isEmpty())
                             std.fmt.allocPrint(allocator, "^{}", .{
                                 update.resolution.value.npm.version.fmt(update.version_buf),
                             }) catch unreachable
@@ -6530,12 +6530,8 @@ pub const PackageManager = struct {
             )
         else
             Lockfile.LoadFromDiskResult{ .not_found = {} };
-
         var root = Lockfile.Package{};
-        var maybe_root: Lockfile.Package = undefined;
-
         var needs_new_lockfile = load_lockfile_result != .ok or (load_lockfile_result.ok.buffers.dependencies.items.len == 0 and manager.package_json_updates.len > 0);
-
         // this defaults to false
         // but we force allowing updates to the lockfile when you do bun add
         var had_any_diffs = false;
@@ -6596,7 +6592,7 @@ pub const PackageManager = struct {
 
                     var lockfile: Lockfile = undefined;
                     try lockfile.initEmpty(ctx.allocator);
-                    maybe_root = Lockfile.Package{};
+                    var maybe_root = Lockfile.Package{};
 
                     try Lockfile.Package.parseMain(
                         &lockfile,
@@ -6706,7 +6702,7 @@ pub const PackageManager = struct {
         }
 
         if (needs_new_lockfile) {
-            root = Lockfile.Package{};
+            root = .{};
             try manager.lockfile.initEmpty(ctx.allocator);
 
             if (manager.options.enable.frozen_lockfile) {
diff --git a/test/bun.js/install/bun-add.test.ts b/test/bun.js/install/bun-add.test.ts
index 57c76640b..922d8c0b6 100644
--- a/test/bun.js/install/bun-add.test.ts
+++ b/test/bun.js/install/bun-add.test.ts
@@ -542,8 +542,13 @@ it("should let you add the same package twice", async () => {
   expect(err1).toContain("Saved lockfile");
   expect(stdout1).toBeDefined();
   const out1 = await new Response(stdout1).text();
-  expect(out1).toContain("installed baz@0.0.3");
-  expect(out1).toContain("1 packages installed");
+  expect(out1.replace(/\s*\[[0-9\.]+m?s\]\s*$/, "").split(/\r?\n/)).toEqual([
+    "",
+    " installed baz@0.0.3",
+    "",
+    "",
+    " 1 packages installed",
+  ]);
   expect(await exited1).toBe(0);
   expect(urls).toEqual([`${root_url}/baz`, `${root_url}/baz-0.0.3.tgz`]);
   expect(requested).toBe(2);
@@ -582,8 +587,7 @@ it("should let you add the same package twice", async () => {
   expect(err2).toContain("Saved lockfile");
   expect(stdout2).toBeDefined();
   const out2 = await new Response(stdout2).text();
-  expect(out2).toContain("installed baz@0.0.3");
-  expect(out2).not.toContain("1 packages installed");
+  expect(out2.replace(/\[[0-9\.]+m?s\]/, "[]").split(/\r?\n/)).toEqual(["", " installed baz@0.0.3", "", "[] done", ""]);
   expect(await exited2).toBe(0);
   expect(urls).toEqual([`${root_url}/baz`]);
   expect(requested).toBe(3);
@@ -604,3 +608,109 @@ it("should let you add the same package twice", async () => {
   });
   await access(join(package_dir, "bun.lockb"));
 });
+
+it("should install version tagged with `latest` by default", async () => {
+  const urls: string[] = [];
+  setHandler(
+    dummyRegistry(urls, {
+      "0.0.3": {},
+      "0.0.5": {},
+      latest: "0.0.3",
+    }),
+  );
+  await writeFile(
+    join(package_dir, "package.json"),
+    JSON.stringify({
+      name: "foo",
+      version: "0.0.1",
+    }),
+  );
+  // add `latest` version
+  const {
+    stdout: stdout1,
+    stderr: stderr1,
+    exited: exited1,
+  } = spawn({
+    cmd: [bunExe(), "add", "baz", "--config", import.meta.dir + "/basic.toml"],
+    cwd: package_dir,
+    stdout: null,
+    stdin: "pipe",
+    stderr: "pipe",
+    env,
+  });
+  expect(stderr1).toBeDefined();
+  const err1 = await new Response(stderr1).text();
+  expect(err1).toContain("Saved lockfile");
+  expect(stdout1).toBeDefined();
+  const out1 = await new Response(stdout1).text();
+  expect(out1.replace(/\s*\[[0-9\.]+m?s\]\s*$/, "").split(/\r?\n/)).toEqual([
+    "",
+    " installed baz@0.0.3",
+    "",
+    "",
+    " 1 packages installed",
+  ]);
+  expect(await exited1).toBe(0);
+  expect(urls).toEqual([`${root_url}/baz`, `${root_url}/baz-0.0.3.tgz`]);
+  expect(requested).toBe(2);
+  expect(await readdirSorted(join(package_dir, "node_modules"))).toEqual([".cache", "baz"]);
+  expect(await file(join(package_dir, "node_modules", "baz", "package.json")).json()).toEqual({
+    name: "baz",
+    version: "0.0.3",
+    bin: {
+      "baz-run": "index.js",
+    },
+  });
+  expect(await file(join(package_dir, "package.json")).json()).toEqual({
+    name: "foo",
+    version: "0.0.1",
+    dependencies: {
+      baz: "^0.0.3",
+    },
+  });
+  await access(join(package_dir, "bun.lockb"));
+  // re-install with updated `package.json`
+  await rm(join(package_dir, "node_modules"), { force: true, recursive: true });
+  urls.length = 0;
+  const {
+    stdout: stdout2,
+    stderr: stderr2,
+    exited: exited2,
+  } = spawn({
+    cmd: [bunExe(), "install", "--config", import.meta.dir + "/basic.toml"],
+    cwd: package_dir,
+    stdout: null,
+    stdin: "pipe",
+    stderr: "pipe",
+    env,
+  });
+  expect(stderr2).toBeDefined();
+  const err2 = await new Response(stderr2).text();
+  expect(err2).toContain("Saved lockfile");
+  expect(stdout2).toBeDefined();
+  const out2 = await new Response(stdout2).text();
+  expect(out2.replace(/\s*\[[0-9\.]+m?s\]\s*$/, "").split(/\r?\n/)).toEqual([
+    " + baz@0.0.3",
+    "",
+    " 1 packages installed",
+  ]);
+  expect(await exited2).toBe(0);
+  expect(urls).toEqual([`${root_url}/baz`, `${root_url}/baz-0.0.3.tgz`]);
+  expect(requested).toBe(4);
+  expect(await readdirSorted(join(package_dir, "node_modules"))).toEqual([".cache", "baz"]);
+  expect(await file(join(package_dir, "node_modules", "baz", "package.json")).json()).toEqual({
+    name: "baz",
+    version: "0.0.3",
+    bin: {
+      "baz-run": "index.js",
+    },
+  });
+  expect(await file(join(package_dir, "package.json")).json()).toEqual({
+    name: "foo",
+    version: "0.0.1",
+    dependencies: {
+      baz: "^0.0.3",
+    },
+  });
+  await access(join(package_dir, "bun.lockb"));
+});
diff --git a/test/bun.js/install/dummy.registry.ts b/test/bun.js/install/dummy.registry.ts
index 179231ed1..fd6e652a8 100644
--- a/test/bun.js/install/dummy.registry.ts
+++ b/test/bun.js/install/dummy.registry.ts
@@ -7,7 +7,7 @@ import { basename, join } from "path";
 let handler, server;
 export let package_dir, requested, root_url;
 
-export function dummyRegistry(urls, info: object = { "0.0.2": {} }) {
+export function dummyRegistry(urls, info: any = { "0.0.2": {} }) {
   return async request => {
     urls.push(request.url);
     expect(request.method).toBe("GET");
@@ -23,6 +23,7 @@ export function dummyRegistry(urls, info: object = { "0.0.2": {} }) {
     const versions = {};
     let version;
     for (version in info) {
+      if (!/^[0-9]/.test(version)) continue;
       versions[version] = {
         name,
         version,
@@ -37,7 +38,7 @@ export function dummyRegistry(urls, info: object = { "0.0.2": {} }) {
         name,
         versions,
         "dist-tags": {
-          latest: version,
+          latest: info.latest ?? version,
         },
       }),
     );