/
locked-versions.ts
129 lines (125 loc) · 4.52 KB
/
locked-versions.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import semver from 'semver';
import { logger } from '../../../../logger';
import type { PackageFile } from '../../types';
import type { NpmManagerData } from '../types';
import { getNpmLock } from './npm';
import { getConstraints, getPnpmLock } from './pnpm';
import type { LockFile } from './types';
import { getYarnLock } from './yarn';
export async function getLockedVersions(
packageFiles: PackageFile<NpmManagerData>[]
): Promise<void> {
const lockFileCache: Record<string, LockFile> = {};
logger.debug('Finding locked versions');
for (const packageFile of packageFiles) {
const { managerData = {} } = packageFile;
const { yarnLock, npmLock, pnpmShrinkwrap } = managerData;
const lockFiles: string[] = [];
if (yarnLock) {
logger.trace('Found yarnLock');
lockFiles.push(yarnLock);
if (!lockFileCache[yarnLock]) {
logger.trace(`Retrieving/parsing ${yarnLock}`);
lockFileCache[yarnLock] = await getYarnLock(yarnLock);
}
const { lockfileVersion, isYarn1 } = lockFileCache[yarnLock];
let yarn: string | undefined;
if (!isYarn1 && !packageFile.extractedConstraints?.yarn) {
if (lockfileVersion && lockfileVersion >= 8) {
// https://github.com/yarnpkg/berry/commit/9bcd27ae34aee77a567dd104947407532fa179b3
yarn = '^3.0.0';
} else if (lockfileVersion && lockfileVersion >= 6) {
// https://github.com/yarnpkg/berry/commit/f753790380cbda5b55d028ea84b199445129f9ba
yarn = '^2.2.0';
} else {
yarn = '^2.0.0';
}
}
if (yarn) {
packageFile.extractedConstraints ??= {};
packageFile.extractedConstraints.yarn = yarn;
}
for (const dep of packageFile.deps) {
dep.lockedVersion =
lockFileCache[yarnLock].lockedVersions[
// TODO: types (#7154)
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
`${dep.depName}@${dep.currentValue}`
];
if (
(dep.depType === 'engines' || dep.depType === 'packageManager') &&
dep.depName === 'yarn' &&
!isYarn1
) {
dep.packageName = '@yarnpkg/cli';
}
}
} else if (npmLock) {
logger.debug(`Found ${npmLock} for ${packageFile.packageFile}`);
lockFiles.push(npmLock);
if (!lockFileCache[npmLock]) {
logger.trace('Retrieving/parsing ' + npmLock);
lockFileCache[npmLock] = await getNpmLock(npmLock);
}
const { lockfileVersion } = lockFileCache[npmLock];
let npm: string | undefined;
if (lockfileVersion === 1) {
if (packageFile.extractedConstraints?.npm) {
// Add a <7 constraint if it's not already a fixed version
if (
semver.satisfies('6.14.18', packageFile.extractedConstraints.npm)
) {
npm = packageFile.extractedConstraints.npm + ' <7';
}
} else {
npm = '<7';
}
} else if (lockfileVersion === 2) {
if (packageFile.extractedConstraints?.npm) {
// Add a <9 constraint if the latest 8.x is compatible
if (
semver.satisfies('8.19.3', packageFile.extractedConstraints.npm)
) {
npm = packageFile.extractedConstraints.npm + ' <9';
}
} else {
npm = '<9';
}
}
if (npm) {
packageFile.extractedConstraints ??= {};
packageFile.extractedConstraints.npm = npm;
}
for (const dep of packageFile.deps) {
// TODO: types (#7154)
dep.lockedVersion = semver.valid(
lockFileCache[npmLock].lockedVersions[dep.depName!]
)!;
}
} else if (pnpmShrinkwrap) {
logger.debug('Found pnpm lock-file');
lockFiles.push(pnpmShrinkwrap);
if (!lockFileCache[pnpmShrinkwrap]) {
logger.trace(`Retrieving/parsing ${pnpmShrinkwrap}`);
lockFileCache[pnpmShrinkwrap] = await getPnpmLock(pnpmShrinkwrap);
}
const { lockfileVersion } = lockFileCache[pnpmShrinkwrap];
if (lockfileVersion) {
packageFile.extractedConstraints ??= {};
packageFile.extractedConstraints.pnpm = getConstraints(
lockfileVersion,
packageFile.extractedConstraints.pnpm
);
}
for (const dep of packageFile.deps) {
// TODO: types (#7154)
dep.lockedVersion = semver.valid(
lockFileCache[pnpmShrinkwrap].lockedVersions[dep.depName!]
)!;
}
}
if (lockFiles.length) {
packageFile.lockFiles = lockFiles;
}
}
}