Outdated package detection does not work when pinning specific files

[tagliala]

Hello,

I'm not sure this is an issue, but I'm extracting this unexpected behavior from a comment I wrote in a different issue

I got bitten again by flowbite, which requires its .turbo. variant to work with Turbo

pin "flowbite/dist/flowbite.turbo.min.js", to: "flowbite--dist--flowbite.turbo.min.js.js" # @3.1.1

$ bin/importmap outdated
No outdated packages found

At the moment I'm writing, there is a 3.1.2 version: https://www.npmjs.com/package/flowbite/v/3.1.2

The original issue:

As an update, a drawback with this approach is that outdated packages are not being detected

Example:

$ bin/importmap pin @highlightjs/[email protected]/es/core.min.js --from=jsdelivr
Pinning "@highlightjs/cdn-assets/es/core.min.js" to vendor/javascript/@highlightjs/cdn-assets/es/core.min.js.js via download from https://cdn.jsdelivr.net/npm/@highlightjs/[email protected]/es/core.min.js

$ bin/importmap outdated
No outdated packages found

---

$ bin/importmap pin [email protected] --from=jsdelivr
Pinning "highlight.js" to vendor/javascript/highlight.js.js via download from https://cdn.jsdelivr.net/npm/[email protected]/es/index.js

$ bin/importmap outdated
| Package      | Current | Latest  |
|--------------|---------|---------|
| highlight.js | 11.10.0 | 11.11.1 |
  1 outdated package found

The "problem" is here:

importmap-rails/lib/importmap/npm.rb

Lines 51 to 52 in d91d5e1

	importmap.scan(/^pin .*(?<=npm:|npm\/|skypack\.dev\/|unpkg\.com\/)(.*)(?=@\d+\.\d+\.\d+)@(\d+\.\d+\.\d+(?:[^\/\s["']]*)).*$/) |
	importmap.scan(/^pin ["']([^["']]*)["'].* #.*@(\d+\.\d+\.\d+(?:[^\s]*)).*$/)

Originally posted by @tagliala in #270

In an experimental project I'm working on, I'm using this workaround to only compare the package name:

https://github.com/tagliala/iconmap-rails/blame/0532ec7f9d6e3f381cdb26eca5416c7a08133890/lib/iconmap/npm.rb#L62-L67