--TEST-- Unlocking a package also unlocks its dependencies when transitive deps are true. But version constraints from other locked packages still need to be taking into account for loading all necessary versions of these transitive deps. --REQUEST-- { "require": { "root/req1": "*", "root/req2": "*" }, "locked": [ {"name": "root/req1", "version": "1.0.0", "require": {"dep/pkg1": "1.*"}}, {"name": "root/req2", "version": "1.0.0", "require": {"dep/pkg2": "1.*"}}, {"name": "dep/pkg1", "version": "1.0.0", "author": "old"}, {"name": "dep/pkg2", "version": "1.0.0"} ], "allowList": [ "dep/pkg2" ], "allowTransitiveDeps": true } --FIXED-- [ ] --PACKAGE-REPOS-- [ [ {"name": "root/req1", "version": "1.0.0", "require": {"dep/pkg1": "1.*"}}, {"name": "root/req2", "version": "1.0.0", "require": {"dep/pkg2": "1.*"}}, {"name": "dep/pkg1", "version": "1.0.0", "author": "new"}, {"name": "dep/pkg1", "version": "1.0.1"}, {"name": "dep/pkg1", "version": "2.0.0"}, {"name": "dep/pkg1", "version": "3.0.0"}, {"name": "dep/pkg2", "version": "1.0.0"}, {"name": "dep/pkg2", "version": "1.2.0", "require": {"dep/pkg1": "2.*"}} ] ] --EXPECT-- [ "root/req1-1.0.0.0 (locked)", "root/req2-1.0.0.0 (locked)", "dep/pkg2-1.0.0.0", "dep/pkg2-1.2.0.0", "dep/pkg1-1.0.0.0", "dep/pkg1-1.0.1.0", "dep/pkg1-2.0.0.0" ]