From 4c0d6e2933e5525faf88d8dd262d5c9c6a3c2042 Mon Sep 17 00:00:00 2001 From: anthogez Date: Wed, 24 Jun 2020 17:19:15 +0300 Subject: [PATCH] feat: add support yarn v2 Co-authored-by: Eleanor Kavanagh-Brown Co-authored-by: Mega Bean (gel) Co-authored-by: Daniel --- package.json | 2 +- .../plugins/nodejs-plugin/npm-lock-parser.ts | 16 ++----- .../cli-monitor.acceptance.test.ts | 44 +++++++++++++++++++ .../acceptance/cli-test/cli-test.yarn.spec.ts | 25 +++++++++++ .../workspaces/yarn-v2/package.json | 7 +++ test/acceptance/workspaces/yarn-v2/yarn.lock | 19 ++++++++ 6 files changed, 100 insertions(+), 13 deletions(-) create mode 100644 test/acceptance/workspaces/yarn-v2/package.json create mode 100644 test/acceptance/workspaces/yarn-v2/yarn.lock diff --git a/package.json b/package.json index 244914da621..dec671a5697 100644 --- a/package.json +++ b/package.json @@ -81,7 +81,7 @@ "snyk-gradle-plugin": "3.5.1", "snyk-module": "3.1.0", "snyk-mvn-plugin": "2.17.1", - "snyk-nodejs-lockfile-parser": "1.25.0", + "snyk-nodejs-lockfile-parser": "1.26.1", "snyk-nuget-plugin": "1.18.1", "snyk-php-plugin": "1.9.0", "snyk-policy": "1.14.1", diff --git a/src/lib/plugins/nodejs-plugin/npm-lock-parser.ts b/src/lib/plugins/nodejs-plugin/npm-lock-parser.ts index 2fbcdee2117..0d2a9f13f33 100644 --- a/src/lib/plugins/nodejs-plugin/npm-lock-parser.ts +++ b/src/lib/plugins/nodejs-plugin/npm-lock-parser.ts @@ -40,29 +40,21 @@ export async function parse( ); } - const manifestFile = fs.readFileSync(manifestFileFullPath, 'utf-8'); - const lockFile = fs.readFileSync(lockFileFullPath, 'utf-8'); - analytics.add('local', true); analytics.add('generating-node-dependency-tree', { lockFile: true, targetFile, }); - - const lockFileType = targetFile.endsWith('yarn.lock') - ? lockFileParser.LockfileType.yarn - : lockFileParser.LockfileType.npm; - const resolveModuleSpinnerLabel = `Analyzing npm dependencies for ${lockFileFullPath}`; debug(resolveModuleSpinnerLabel); try { await spinner(resolveModuleSpinnerLabel); const strictOutOfSync = options.strictOutOfSync !== false; - return lockFileParser.buildDepTree( - manifestFile, - lockFile, + return lockFileParser.buildDepTreeFromFiles( + root, + manifestFileFullPath, + lockFileFullPath, options.dev, - lockFileType, strictOutOfSync, ); } finally { diff --git a/test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts b/test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts index f31388744ea..92d4356f511 100644 --- a/test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts +++ b/test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts @@ -373,6 +373,50 @@ test('`monitor yarn-package`', async (t) => { } }); +test('`monitor yarn v2 project`', async (t) => { + const nodeVersion = parseInt(process.version.slice(1).split('.')[0], 10); + + if (nodeVersion <= 10) { + return t.skip(); + } + + chdirWorkspaces(); + + await cli.monitor('yarn-v2'); + const req = server.popRequest(); + t.equal(req.method, 'PUT', 'makes PUT request'); + t.equal( + req.headers['x-snyk-cli-version'], + versionNumber, + 'sends version number', + ); + t.match(req.url, '/monitor/yarn/graph', 'puts at correct url'); + + const depGraphJSON = req.body.depGraphJSON; + t.ok(depGraphJSON); + const lodash = depGraphJSON.pkgs.find((pkg) => pkg.info.name === 'lodash'); + + t.ok(lodash, 'dependency'); + t.notOk(req.body.targetFile, 'doesnt send the targetFile'); + t.notOk(depGraphJSON.from, 'no "from" array on root'); + t.notOk(lodash.from, 'no "from" array on dep'); + if (process.platform === 'win32') { + t.true( + req.body.targetFileRelativePath.endsWith( + '\\test\\acceptance\\workspaces\\yarn-v2\\yarn.lock', + ), + 'matching file path win32', + ); + } else { + t.true( + req.body.targetFileRelativePath.endsWith( + '/test/acceptance/workspaces/yarn-v2/yarn.lock', + ), + 'matching file path', + ); + } +}); + test('`monitor yarn-package from within folder`', async (t) => { chdirWorkspaces('yarn-package'); await cli.monitor(); diff --git a/test/acceptance/cli-test/cli-test.yarn.spec.ts b/test/acceptance/cli-test/cli-test.yarn.spec.ts index e6f131edaa7..101613d0e31 100644 --- a/test/acceptance/cli-test/cli-test.yarn.spec.ts +++ b/test/acceptance/cli-test/cli-test.yarn.spec.ts @@ -316,5 +316,30 @@ export const YarnTests: AcceptanceTests = { 'depGraph looks fine', ); }, + '`test` on a yarn v2 package': (params, utils) => async (t) => { + const nodeVersion = parseInt(process.version.slice(1).split('.')[0], 10); + + if (nodeVersion <= 10) { + return t.skip(); + } + + utils.chdirWorkspaces('yarn-v2'); + await params.cli.test(); + const req = params.server.popRequest(); + t.equal(req.method, 'POST', 'makes POST request'); + t.equal( + req.headers['x-snyk-cli-version'], + params.versionNumber, + 'sends version number', + ); + t.match(req.url, '/test-dep-graph', 'posts to correct url'); + t.match(req.body.targetFile, undefined, 'target is undefined'); + const depGraph = req.body.depGraph; + t.same( + depGraph.pkgs.map((p) => p.id).sort(), + ['yarn-v2@1.0.0', 'lodash@4.17.0'].sort(), + 'depGraph looks fine', + ); + }, }, }; diff --git a/test/acceptance/workspaces/yarn-v2/package.json b/test/acceptance/workspaces/yarn-v2/package.json new file mode 100644 index 00000000000..6bc82f09401 --- /dev/null +++ b/test/acceptance/workspaces/yarn-v2/package.json @@ -0,0 +1,7 @@ +{ + "name": "yarn-v2", + "version": "1.0.0", + "dependencies": { + "lodash": "4.17.0" + } +} diff --git a/test/acceptance/workspaces/yarn-v2/yarn.lock b/test/acceptance/workspaces/yarn-v2/yarn.lock new file mode 100644 index 00000000000..c3bb33510e4 --- /dev/null +++ b/test/acceptance/workspaces/yarn-v2/yarn.lock @@ -0,0 +1,19 @@ +# Manual changes might be lost - proceed with caution! + +__metadata: + version: 4 + +"lodash@npm:4.17.0": + version: 4.17.0 + resolution: "lodash@npm:4.17.0" + checksum: 2/5788ffdb035914e6af0041e798016f8c87811a4910c2f45bb228f3a456fe6b095aba06e44b11a2a95ec3654cd6d2f26e541986e9dfb03a69c9b4eb776e9d0024 + languageName: node + linkType: hard + +"yarn-v2@workspace:.": + version: 0.0.0-use.local + resolution: "yarn-v2@workspace:." + dependencies: + lodash: 4.17.0 + languageName: unknown + linkType: soft