From abe8232a478155c8e670c0cae447e7ed4bbc7d8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Jona=C5=A1?= <meeroslav@users.noreply.github.com>
Date: Mon, 19 Dec 2022 15:47:58 +0100
Subject: [PATCH] fix(core): skip npm nested lockfile key mismatch (#13872)

(cherry picked from commit bbfc0fbbcb7f6f7c746f46bbc0c8a0272b5356da)
---
 packages/nx/src/lock-file/npm.ts | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/packages/nx/src/lock-file/npm.ts b/packages/nx/src/lock-file/npm.ts
index cf86c697922cf..291a335c9b640 100644
--- a/packages/nx/src/lock-file/npm.ts
+++ b/packages/nx/src/lock-file/npm.ts
@@ -114,13 +114,21 @@ function mapPackages(
         if (lockfileVersion === 2) {
           const path = packagePath.split(/\/?node_modules\//).slice(1);
 
-          path.forEach((proj) => {
-            if (!dependency) {
-              dependency = dependencies[proj];
+          let index = 1;
+          dependency = dependencies[path[0]];
+          while (index < path.length) {
+            // the root lockfile might not match the nested project's lockfile
+            // given path might not exist in the root lockfile
+            if (
+              dependency?.dependencies &&
+              dependency.dependencies[path[index]]
+            ) {
+              dependency = dependency.dependencies[path[index]];
+              index++;
             } else {
-              dependency = dependency.dependencies[proj];
+              break;
             }
-          });
+          }
           // if versions are same, no need to track it further
           if (dependency && value.version === dependency.version) {
             dependency = undefined;