diff --git a/.eslintrc.cjs b/.eslintrc.cjs index e080432b..039039e1 100644 --- a/.eslintrc.cjs +++ b/.eslintrc.cjs @@ -5,7 +5,7 @@ module.exports = { ], overrides: [ { - files: ['src/test/ts/runner.ts'], + files: ['src/test/ts/runner.ts', 'src/main/ts/stages.ts'], rules: { 'sonarjs/no-duplicate-string': 'off' } diff --git a/src/main/ts/lockfile/v2.ts b/src/main/ts/lockfile/v2.ts index 31f01059..8d3c078f 100644 --- a/src/main/ts/lockfile/v2.ts +++ b/src/main/ts/lockfile/v2.ts @@ -92,14 +92,19 @@ export const audit = ( temp: string, bins: Record, ): TAuditReport => { - const cmd = flags.reporter === 'npm' ? bins.npm : bins.yarn const mapping = { - 'audit-level': 'level', + 'audit-level': 'severity', + 'level': 'severity', + groups: { + key: 'environment', + values: { + dependencies: 'production' + }, + }, only: { - key: 'groups', + key: 'environment', values: { - prod: 'dependencies', - dev: 'devDependencies', + prod: 'production' }, }, } @@ -107,11 +112,10 @@ export const audit = ( mapFlags(flags, mapping), 'groups', 'verbose', - 'level', ) const report = invoke( - cmd, - ['audit', '--json', ..._flags], + bins.yarn, + ['npm', 'audit', '--all', '--json', '--recursive', ..._flags], temp, !!flags.silent, false, diff --git a/src/main/ts/runner.ts b/src/main/ts/runner.ts index 22cba8d9..032990b2 100644 --- a/src/main/ts/runner.ts +++ b/src/main/ts/runner.ts @@ -23,26 +23,26 @@ export const getContext = (flags: TFlags = {}): TContext => { const cwd = flags.cwd || process.cwd() const manifest = readJson(join(cwd, 'package.json')) const temp = getTemp(cwd, flags.temp) - const npmPath = getNpm(flags['npm-path']) + const bins: Record = { + yarn: getYarn(), + npm: getNpm(flags['npm-path']), + } const versions: Record = { node: invoke('node', ['--version'], temp, true, false), - npm: invoke(npmPath, ['--version'], temp, true, false), - yarn: invoke('yarn', ['--version'], temp, true, false), + npm: invoke(bins.npm, ['--version'], temp, true, false), + yarn: invoke(bins.yarn, ['--version'], temp, true, false), yaf: readJson( join(pkgDir(__dirname) + '', 'package.json'), // eslint-disable-line ).version, yafLatest: invoke( - npmPath, + bins.npm, ['view', 'yarn-audit-fix', 'version'], temp, true, false, ) as string, } - const bins: Record = { - yarn: getYarn(), - npm: getNpm(flags['npm-path']), - } + const ctx = { cwd, temp, diff --git a/src/main/ts/stages.ts b/src/main/ts/stages.ts index 2c783d58..894d5d81 100644 --- a/src/main/ts/stages.ts +++ b/src/main/ts/stages.ts @@ -1,6 +1,5 @@ import fs from 'fs-extra' import { dirname, join, relative } from 'node:path' -import { fileURLToPath } from 'node:url' import semver from 'semver' import synp from 'synp' @@ -14,12 +13,8 @@ import { getWorkspaces, getYarn, invoke, - pkgDir, - readJson, } from './util' -const __dirname = dirname(fileURLToPath(import.meta.url)) - /** * Print runtime context digest. */ @@ -27,38 +22,25 @@ export const printRuntimeDigest: TCallback = ({ temp, cwd, flags, + bins, + versions, manifest, }) => { if (flags.silent) { return } - const isMonorepo = !!manifest.workspaces - const npmPath = getNpm(flags['npm-path']) - const npmVersion = invoke(npmPath, ['--version'], temp, true, false) - const nodeVersion = invoke('node', ['--version'], temp, true, false) - // const yarnVersion = invoke('yarn', ['--version'], temp, true, false) - const latestYafVersion = invoke( - npmPath, - ['view', 'yarn-audit-fix', 'version'], - temp, - true, - false, - ) as string - const yafVersion = readJson( - join(pkgDir(__dirname) + '', 'package.json'), // eslint-disable-line - ).version - + invoke('node', ['--version'], temp, true, false) // NOTE npm > 7.0.0 provides monorepo support - if (isMonorepo && (semver.parse(npmVersion as string)?.major as number) < 7) { + if (isMonorepo && (semver.parse(versions.npm as string)?.major as number) < 7) { console.warn( "This project looks like monorepo, so it's recommended to use `npm v7` at least to process workspaces", ) } - if (semver.gt(latestYafVersion, yafVersion)) { + if (semver.gt(versions.yafLatest, versions.yaf)) { console.warn( - `yarn-audit-fix version ${yafVersion} is out of date. Install the latest ${latestYafVersion} for better results`, + `yarn-audit-fix version ${versions.yaf} is out of date. Install the latest ${versions.yafLatest} for better results`, ) } @@ -66,11 +48,8 @@ export const printRuntimeDigest: TCallback = ({ JSON.stringify( { isMonorepo, - npmPath, - npmVersion, - nodeVersion, - // yarnVersion, - yafVersion, + bins, + versions, temp, cwd, flags, @@ -184,21 +163,31 @@ export const syncLockfile: TCallback = ({ temp, flags }) => { * @param {TContext} cxt * @return {void} */ -export const yarnInstall: TCallback = ({ cwd, flags }) => { +export const yarnInstall: TCallback = ({ cwd, flags , versions}) => { if (flags.dryRun) { return } - invoke( - getYarn(), - [ - 'install', - '--update-checksums', - ...formatFlags(flags, 'verbose', 'silent', 'registry', 'ignore-engines'), - ], - cwd, - flags.silent, - ) + semver.gte(versions.yarn, '2.0.0') + ? invoke( + getYarn(), + [ + 'install', + '--mode="update-lockfile"' + ], + cwd, + flags.silent, + ) + : invoke( + getYarn(), + [ + 'install', + '--update-checksums', + ...formatFlags(flags, 'verbose', 'silent', 'registry', 'ignore-engines'), + ], + cwd, + flags.silent, + ) } /** * Clean up temporaries.