feat: use yarn2 if exists as audit provider

.eslintrc.cjs

@@ -5,7 +5,7 @@ module.exports = {
     ],
     overrides: [
         {
-            files: ['src/test/ts/runner.ts'],
+            files: ['src/test/ts/runner.ts', 'src/main/ts/stages.ts'],
             rules: {
                 'sonarjs/no-duplicate-string': 'off'
             }

src/main/ts/lockfile/v2.ts

@@ -92,26 +92,30 @@ export const audit = (
   temp: string,
   bins: Record<string, string>,
 ): TAuditReport => {
-  const cmd = flags.reporter === 'npm' ? bins.npm : bins.yarn
   const mapping = {
-    'audit-level': 'level',
+    'audit-level': 'severity',
+    'level': 'severity',
+    groups: {
+      key: 'environment',
+      values: {
+        dependencies: 'production'
+      },
+    },
     only: {
-      key: 'groups',
+      key: 'environment',
       values: {
-        prod: 'dependencies',
-        dev: 'devDependencies',
+        prod: 'production'
       },
     },
   }
   const _flags = formatFlags(
     mapFlags(flags, mapping),
     'groups',
     'verbose',
-    'level',
   )
   const report = invoke(
-    cmd,
-    ['audit', '--json', ..._flags],
+    bins.yarn,
+    ['npm', 'audit', '--all', '--json', '--recursive', ..._flags],
     temp,
     !!flags.silent,
     false,

src/main/ts/runner.ts

@@ -23,26 +23,26 @@ export const getContext = (flags: TFlags = {}): TContext => {
   const cwd = flags.cwd || process.cwd()
   const manifest = readJson(join(cwd, 'package.json'))
   const temp = getTemp(cwd, flags.temp)
-  const npmPath = getNpm(flags['npm-path'])
+  const bins: Record<string, string> = {
+    yarn: getYarn(),
+    npm: getNpm(flags['npm-path']),
+  }
   const versions: Record<string, string> = {
     node: invoke('node', ['--version'], temp, true, false),
-    npm: invoke(npmPath, ['--version'], temp, true, false),
-    yarn: invoke('yarn', ['--version'], temp, true, false),
+    npm: invoke(bins.npm, ['--version'], temp, true, false),
+    yarn: invoke(bins.yarn, ['--version'], temp, true, false),
     yaf: readJson(
       join(pkgDir(__dirname) + '', 'package.json'), // eslint-disable-line
     ).version,
     yafLatest: invoke(
-      npmPath,
+      bins.npm,
       ['view', 'yarn-audit-fix', 'version'],
       temp,
       true,
       false,
     ) as string,
   }
-  const bins: Record<string, string> = {
-    yarn: getYarn(),
-    npm: getNpm(flags['npm-path']),
-  }
+
   const ctx = {
     cwd,
     temp,

src/main/ts/stages.ts

@@ -1,6 +1,5 @@
 import fs from 'fs-extra'
 import { dirname, join, relative } from 'node:path'
-import { fileURLToPath } from 'node:url'
 import semver from 'semver'
 import synp from 'synp'
 
@@ -14,63 +13,43 @@ import {
   getWorkspaces,
   getYarn,
   invoke,
-  pkgDir,
-  readJson,
 } from './util'
 
-const __dirname = dirname(fileURLToPath(import.meta.url))
-
 /**
  * Print runtime context digest.
  */
 export const printRuntimeDigest: TCallback = ({
   temp,
   cwd,
   flags,
+  bins,
+  versions,
   manifest,
 }) => {
   if (flags.silent) {
     return
   }
-
   const isMonorepo = !!manifest.workspaces
-  const npmPath = getNpm(flags['npm-path'])
-  const npmVersion = invoke(npmPath, ['--version'], temp, true, false)
-  const nodeVersion = invoke('node', ['--version'], temp, true, false)
-  // const yarnVersion = invoke('yarn', ['--version'], temp, true, false)
-  const latestYafVersion = invoke(
-    npmPath,
-    ['view', 'yarn-audit-fix', 'version'],
-    temp,
-    true,
-    false,
-  ) as string
-  const yafVersion = readJson(
-    join(pkgDir(__dirname) + '', 'package.json'), // eslint-disable-line
-  ).version
-
+  invoke('node', ['--version'], temp, true, false)
   // NOTE npm > 7.0.0 provides monorepo support
-  if (isMonorepo && (semver.parse(npmVersion as string)?.major as number) < 7) {
+  if (isMonorepo && (semver.parse(versions.npm as string)?.major as number) < 7) {
     console.warn(
       "This project looks like monorepo, so it's recommended to use `npm v7` at least to process workspaces",
     )
   }
 
-  if (semver.gt(latestYafVersion, yafVersion)) {
+  if (semver.gt(versions.yafLatest, versions.yaf)) {
     console.warn(
-      `yarn-audit-fix version ${yafVersion} is out of date. Install the latest ${latestYafVersion} for better results`,
+      `yarn-audit-fix version ${versions.yaf} is out of date. Install the latest ${versions.yafLatest} for better results`,
     )
   }
 
   console.log(
     JSON.stringify(
       {
         isMonorepo,
-        npmPath,
-        npmVersion,
-        nodeVersion,
-        // yarnVersion,
-        yafVersion,
+        bins,
+        versions,
         temp,
         cwd,
         flags,
@@ -184,21 +163,31 @@ export const syncLockfile: TCallback = ({ temp, flags }) => {
  * @param {TContext} cxt
  * @return {void}
  */
-export const yarnInstall: TCallback = ({ cwd, flags }) => {
+export const yarnInstall: TCallback = ({ cwd, flags , versions}) => {
   if (flags.dryRun) {
     return
   }
 
-  invoke(
-    getYarn(),
-    [
-      'install',
-      '--update-checksums',
-      ...formatFlags(flags, 'verbose', 'silent', 'registry', 'ignore-engines'),
-    ],
-    cwd,
-    flags.silent,
-  )
+  semver.gte(versions.yarn, '2.0.0')
+    ? invoke(
+      getYarn(),
+      [
+        'install',
+        '--mode="update-lockfile"'
+      ],
+      cwd,
+      flags.silent,
+    )
+    : invoke(
+      getYarn(),
+      [
+        'install',
+        '--update-checksums',
+        ...formatFlags(flags, 'verbose', 'silent', 'registry', 'ignore-engines'),
+      ],
+      cwd,
+      flags.silent,
+    )
 }
 /**
  * Clean up temporaries.