feat: add support for yarn 2 lock files #56 #57
Conversation
|
|
regevbr
force-pushed
the
#56
branch
2 times, most recently
from
271fec5
to
0e9c897
Compare
regevbr
changed the title
regevbr
changed the title
|
Hi @regevbr 👋 Thank you was this awesome contribution, we have many team members on holiday today so we would like to discuss this internally with them when they are back tomorrow and get back to you. |
|
@lili2311 how are you? Can you please let me know when you are expected to fix the yarn2 issue? this is the only reason I can't migrate my projects to use yarn2... |
|
@arcanis I know you are a very busy man, but I was wondering if you can take a quick look into my PR here to see if I have done it right and if maybe there is a better way to achieve it? |
lib/parsers/yarn-lock-parse-base.ts
Outdated
| strict = true ): Promise<PkgTree> { | ||
| if (lockfile.type !== this.type) { | ||
| throw new InvalidUserInputError('Unsupported lockfile provided. ' + | ||
| 'Please provide `package-lock.json`.'); |
There was a problem hiding this comment.
| 'Please provide `package-lock.json`.'); | |
| 'Please provide a `yarn.lock` file.'); |
There was a problem hiding this comment.
I will leave that decision to the maintainers
|
@arcanis thanks for the review! much appreciated :-) I will fix all your comments |
lib/index.ts
Outdated
| @@ -79,7 +90,11 @@ async function buildDepTreeFromFiles( | |||
| if (_.endsWith(lockFilePath, 'package-lock.json')) { | |||
| lockFileType = LockfileType.npm; | |||
| } else if (_.endsWith(lockFilePath, 'yarn.lock')) { | |||
| lockFileType = LockfileType.yarn; | |||
| if (fs.existsSync(path.resolve(root, lockFilePath.replace('yarn.lock', '.yarnrc.yml')))) { | |||
There was a problem hiding this comment.
is there anywhere else these can live? they are always in the same directory?
There was a problem hiding this comment.
No, they are in the same directory
| if (fs.existsSync(path.resolve(root, lockFilePath.replace('yarn.lock', '.yarnrc.yml')))) { | ||
| lockFileType = LockfileType.yarn2; | ||
| } else { | ||
| lockFileType = LockfileType.yarn; |
There was a problem hiding this comment.
Note: we need a way to send some meta back to track yarn v2 tests vs others
There was a problem hiding this comment.
The lock file is sent back in the return value of buildDepTree. You mean you need to handle the different type in the code that uses that library?
lib/index.ts
Outdated
| } else { | ||
| throw new UnsupportedRuntimeError('Parsing `yarn.lock` is not ' + | ||
| 'supported on Node.js version less than 10. Please upgrade your ' + | ||
| 'Node.js environment or use `package-lock.json`'); |
There was a problem hiding this comment.
in this situation an older v1 yarn.lock would also work? Doesn't make sense to ask to switch to npm
There was a problem hiding this comment.
It will not, as the lock file in v1 is not standard yaml file... And in any case yarn2 only works with node 10 and above so I don't think we will have a problem here
|
@regevbr that is really nice contribution. I will pull it to test locally first and then let's try to merge it. If I will need any of your help, are you up to pairing in close future? |
|
@dkontorovskyy sure thing! anything you need. Thanks! |
|
I rebased as there were some changes made to master. |
|
Hey @regevbr. I run local tests on your PR and it looks great 🎉 . I would like to make a graceful roll out for yarn v2, so it would be great if we can pair and separate this PR in 2 smaller bits and take it 1 by 1 into this plugin. I would like to schedule a pairing session with you whenever you free. What do you think about that? |
|
@dkontorovskyy thanks! |
|
@regevbr luckily we are in the same timezone 😃 |
|
@regevbr just keeping update public 😃 . We are looking to plan this feature properly this sprint and start active development next sprint. This is an amazing contribution, so we would try to bring it into the core of Snyk as soon as possible, we just need to make sure this can be done harmlessly to the overall system 🙏 |
|
@regevbr first refactor PR went in 💪 |
|
@dkontorovskyy that's good news! |
|
@arcanis using I see that there was an addition to package.json of Loos like node.js doesn't like WebAssembly types. Are you aware of any workarounds for that except silencing TSC compiler with |
|
@dkontorovskyy this is solved by adding "dom" as a lib to tsconfig: "lib": [
"es2017",
"dom"
],I tried getting the library to compile without skipping the lib check, and it requires a lot of changes as there are multiple errors originating from different modules. node_modules/@yarnpkg/core/lib/structUtils.d.ts:91:66 - error TS2307: Cannot find module '../../yarnpkg-fslib/sources'.
91 export declare function slugifyLocator(locator: Locator): import("../../yarnpkg-fslib/sources").Filename;I will open a ticket to fix it in yarn. You can check out all the changes I made in the next commit to this branch and let me know if that is that important for you to not skip the lib check. |
|
@dkontorovskyy I have worked with @arcanis and the issue is now fixed! |
|
@dkontorovskyy I fixed the issue in clipanion and now the build works perfectly! |
|
@regevbr that is so cool!! What was the issue and fix? |
|
@dkontorovskyy in clipanion? see arcanis/clipanion#25 for more details, in high level, the tool used for minifying the d.ts file has bugs in it causing a faulty d.ts file. If you are asking about the issue in @yarnpkg/core than it is very complicated you can check out my |
|
@regevbr I merged your PR in our separate feature branch to run some final round of investigation we are doing with the team today. Will keep you posted 🤗 |
|
Thanks @dkontorovskyy! |
|
@dkontorovskyy! how's it going? I see that the feature was finally merged! does that mean I can enable snyk in my yarn2 packages now (ci and PR guard)? |
1 similar comment
|
@dkontorovskyy! how's it going? I see that the feature was finally merged! does that mean I can enable snyk in my yarn2 packages now (ci and PR guard)? |
|
Hi @regevbr, sorry for spacing out! It should work in CLI now. Just try scanning your project locally or in CI. Not in PR guard yet. My team will be looking soon into this. |
|
That's great news! Please let me know when the guard is working as well as we use it as well :-) |
|
Still getting parse errors in a Github PR here: kachkaev/njt#29
What are the current plans to resolve this? I had to replace Snyk integration with running cc @arcanis |
|
👋 from August 2021 😅
|
|
UPD: 👋 from November 2021 😅 https://github.com/snyk/snyk/issues/1518#issuecomment-974822508
|
What this does
Fixes #56
Allows parsing of yarn 2 lock files, which are different from yarn 1
Notes for the reviewer
@yarnpkg/parsersto parse the lock fileskipLibCheck, which was only introduced (or at least worked) in typescript 3.4