feat(cli): build user peer-deps #6742

ricokahler · 2024-05-23T05:01:55Z

Description

This PR introduces the buildVendorDependencies function which builds ESM browser-compatible versions of specified vendor packages. It includes a robust mechanism for handling semver versions, carefully considering major, minor, and patch version changes. The rationale is to ensure stability and flexibility by adding support for new subpath exports as needed. Read the TSDoc comment for more info.

What to review

Review the buildVendorDependencies function implementation.
Verify the handling of semver versions and the rationale for the approach.
Check the integration and usage of the fileSystem prop.
Ensure the function correctly resolves package.json files and constructs the necessary entry points.
Review the unit tests to ensure they cover the function's behavior, including handling different versions and file system interactions.

Testing

Unit tests verify the expected options are passed to vite.build along with some new fixtures example project to test that the resolution works as expected.

Notes for release

Not applicable to the release at this time. This should be merged into #6514 first.

vercel · 2024-05-23T05:01:58Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
performance-studio	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 28, 2024 5:48pm
test-next-studio	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 28, 2024 5:48pm
test-studio	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 28, 2024 5:48pm

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
studio-workshop	⬜️ Ignored (Inspect)	Visit Preview		May 28, 2024 5:48pm

socket-security · 2024-05-23T05:08:58Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	Transitive: eval, filesystem	`+11`	4.49 MB	odspnpm
npm/[email protected]	filesystem Transitive: environment	`+10`	145 kB	isaacs
npm/[email protected]	Transitive: filesystem, unsafe	`+3`	19.8 kB	sindresorhus
npm/[email protected]	Transitive: unsafe	`+1`	8.39 kB	sindresorhus
npm/[email protected]	filesystem Transitive: environment	`+3`	25.6 kB	sindresorhus
npm/[email protected]	Transitive: environment, filesystem	`+1`	576 kB	vitaly
npm/[email protected]	None	`0`	235 kB	jordanbtucker
npm/[email protected]	None	`0`	5.34 kB	sindresorhus
npm/[email protected]	None	`0`	1.41 MB	bnjmnt4n
npm/[email protected]	None	`0`	54.5 kB	ljharb
npm/[email protected]	None	`0`	24.4 kB	ai
npm/[email protected]	None	`0`	97.2 kB	ljharb
npm/[email protected]	None	`+1`	13.3 kB	sindresorhus
npm/[email protected]	unsafe	`0`	13.5 kB	danez
npm/[email protected]	Transitive: filesystem	`+6`	48.7 kB	sindresorhus
npm/[email protected]	environment, filesystem, unsafe	`0`	8.39 MB	prettier-bot
npm/[email protected]	None	`+1`	15.6 kB	sindresorhus
npm/[email protected]	None	`0`	8.64 kB	sindresorhus
npm/[email protected]	environment	`0`	24 kB	react-bot
npm/[email protected]	Transitive: filesystem	`+7`	106 kB	sindresorhus
npm/[email protected]	None	`+9`	3.02 MB	wooorm
npm/[email protected]	filesystem, unsafe	`0`	5.82 kB	sindresorhus
npm/[email protected]	None	`0`	5.61 kB	sindresorhus
npm/[email protected]	filesystem	`0`	17.3 kB	isaacs
npm/[email protected]	None	`+1`	4.59 MB	blesh
npm/[email protected]	None	`+2`	125 kB	npm-cli-ops
npm/[email protected]	filesystem	`+6`	59.2 kB	mafintosh
npm/[email protected]	None	`0`	32.4 MB	typescript-bot
npm/[email protected]	None	`+1`	23.7 kB	chrisdickinson
npm/[email protected]	environment Transitive: filesystem	`+1`	20.9 kB	isaacs
npm/[email protected]	None	`0`	5.69 kB	sindresorhus

View full report↗︎

socket-security · 2024-05-23T05:09:01Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/[email protected]	Install script: postinstall Source: `node install.js`	orphan: npm/[email protected]
Install scripts	npm/[email protected]	Install script: postinstall Source: `node install.js`	orphan: npm/[email protected]
Install scripts	npm/[email protected]	Install script: install Source: `node install/check`	orphan: npm/[email protected]

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]

github-actions · 2024-05-23T05:10:25Z

No changes to documentation

github-actions · 2024-05-23T05:17:54Z

Component Testing Report Updated May 28, 2024 5:55 PM (UTC)

File	Status	Duration	Passed	Skipped	Failed
comments/CommentInput.spec.tsx	✅ Passed (Inspect)	35s	15	0	0
formBuilder/ArrayInput.spec.tsx	✅ Passed (Inspect)	6s	3	0	0
formBuilder/inputs/PortableText/Annotations.spec.tsx	✅ Passed (Inspect)	25s	6	0	0
formBuilder/inputs/PortableText/copyPaste/CopyPaste.spec.tsx	✅ Passed (Inspect)	31s	11	7	0
formBuilder/inputs/PortableText/Decorators.spec.tsx	✅ Passed (Inspect)	14s	6	0	0
formBuilder/inputs/PortableText/DisableFocusAndUnset.spec.tsx	✅ Passed (Inspect)	8s	3	0	0
formBuilder/inputs/PortableText/FocusTracking.spec.tsx	✅ Passed (Inspect)	36s	15	0	0
formBuilder/inputs/PortableText/Input.spec.tsx	❌ Failed (Inspect)	1m 18s	20	0	1
formBuilder/inputs/PortableText/ObjectBlock.spec.tsx	✅ Passed (Inspect)	1m 1s	18	0	0
formBuilder/inputs/PortableText/PresenceCursors.spec.tsx	✅ Passed (Inspect)	7s	3	9	0
formBuilder/inputs/PortableText/RangeDecoration.spec.tsx	✅ Passed (Inspect)	21s	9	0	0
formBuilder/inputs/PortableText/Styles.spec.tsx	✅ Passed (Inspect)	14s	6	0	0
formBuilder/inputs/PortableText/Toolbar.spec.tsx	✅ Passed (Inspect)	30s	12	0	0

binoy14

Overall it looks good to me, have one question

packages/sanity/src/_internal/cli/server/__tests__/buildVendorDependencies.test.ts

* feat: create import map w/ installed sanity version * fix: use correct URL

* feat(cli): build user peer-deps * chore: remove shared-modules build * test(cli): verify build config and `exports` subpaths * text(cli): add depcheck config for fixture projects * docs: update comments and test name * feat: create import map w/ installed sanity version (#6784) * feat: create import map w/ installed sanity version * fix: use correct URL

* feat: add CLI options to enable auto-updating studios * refactor(cli): prefix with `unstable_` * test: Update packages/sanity/src/_internal/cli/server/renderDocument.ts Co-authored-by: Espen Hovlandsdal <[email protected]> * chore(core): update import map urls * feat(cli): build user peer-deps (#6742) * feat(cli): build user peer-deps * chore: remove shared-modules build * test(cli): verify build config and `exports` subpaths * text(cli): add depcheck config for fixture projects * docs: update comments and test name * feat: create import map w/ installed sanity version (#6784) * feat: create import map w/ installed sanity version * fix: use correct URL * chore(cli): rename auto updates flag --------- Co-authored-by: Espen Hovlandsdal <[email protected]> Co-authored-by: Binoy Patel <[email protected]>

ricokahler requested a review from a team as a code owner May 23, 2024 05:01

ricokahler requested review from jtpetty and removed request for a team May 23, 2024 05:01

vercel bot deployed to Preview – test-next-studio May 23, 2024 05:03 View deployment

ricokahler added 2 commits May 23, 2024 00:06

feat(cli): build user peer-deps

ddd5a7e

chore: remove shared-modules build

84bc9c3

ricokahler force-pushed the sdx-1349 branch from 1663e75 to 84bc9c3 Compare May 23, 2024 05:08

vercel bot deployed to Preview – performance-studio May 23, 2024 05:10 View deployment

vercel bot deployed to Preview – test-studio May 23, 2024 05:11 View deployment

vercel bot deployed to Preview – test-next-studio May 23, 2024 05:15 View deployment

jtpetty requested review from binoy14 and removed request for jtpetty May 23, 2024 13:10

test(cli): verify build config and exports subpaths

9181a32

vercel bot deployed to Preview – performance-studio May 23, 2024 15:53 View deployment

text(cli): add depcheck config for fixture projects

f9443b4

vercel bot deployed to Preview – performance-studio May 23, 2024 15:56 View deployment

vercel bot deployed to Preview – test-studio May 23, 2024 15:57 View deployment

vercel bot deployed to Preview – test-next-studio May 23, 2024 15:59 View deployment

docs: update comments and test name

0fa4efd

vercel bot deployed to Preview – performance-studio May 23, 2024 16:04 View deployment

vercel bot deployed to Preview – test-studio May 23, 2024 16:05 View deployment

vercel bot deployed to Preview – test-next-studio May 23, 2024 16:07 View deployment

binoy14 reviewed May 24, 2024

View reviewed changes

packages/sanity/src/_internal/cli/server/__tests__/buildVendorDependencies.test.ts Show resolved Hide resolved

feat: create import map w/ installed sanity version (#6784)

bf136d0

* feat: create import map w/ installed sanity version * fix: use correct URL

vercel bot deployed to Preview – performance-studio May 28, 2024 17:47 View deployment

vercel bot deployed to Preview – test-studio May 28, 2024 17:48 View deployment

vercel bot deployed to Preview – test-next-studio May 28, 2024 17:48 View deployment

binoy14 approved these changes May 28, 2024

View reviewed changes

ricokahler merged commit 527fffb into sdx-1242 May 28, 2024
40 of 41 checks passed

ricokahler deleted the sdx-1349 branch May 28, 2024 18:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(cli): build user peer-deps #6742

feat(cli): build user peer-deps #6742

ricokahler commented May 23, 2024 •

edited

Loading

vercel bot commented May 23, 2024 •

edited

Loading

socket-security bot commented May 23, 2024 •

edited

Loading

socket-security bot commented May 23, 2024 •

edited

Loading

github-actions bot commented May 23, 2024

github-actions bot commented May 23, 2024 •

edited

Loading

binoy14 left a comment

feat(cli): build user peer-deps #6742

feat(cli): build user peer-deps #6742

Conversation

ricokahler commented May 23, 2024 • edited Loading

Description

What to review

Testing

Notes for release

vercel bot commented May 23, 2024 • edited Loading

socket-security bot commented May 23, 2024 • edited Loading

socket-security bot commented May 23, 2024 • edited Loading

Next steps

github-actions bot commented May 23, 2024

github-actions bot commented May 23, 2024 • edited Loading

binoy14 left a comment

Choose a reason for hiding this comment

ricokahler commented May 23, 2024 •

edited

Loading

vercel bot commented May 23, 2024 •

edited

Loading

socket-security bot commented May 23, 2024 •

edited

Loading

socket-security bot commented May 23, 2024 •

edited

Loading

github-actions bot commented May 23, 2024 •

edited

Loading