feat: add support yarn v2

Co-authored-by: Eleanor Kavanagh-Brown <eleanor.kavanagh-brown@snyk.io> Co-authored-by: Mega Bean (gel) <megabean24@gmail.com> Co-authored-by: Daniel <dan.kontorovskyy@gmail.com>
snyk · Jul 8, 2020 · 4c0d6e2 · 4c0d6e2
1 parent fef488b
commit 4c0d6e2
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 13 deletions.
diff --git a/package.json b/package.json
@@ -81,7 +81,7 @@
     "snyk-gradle-plugin": "3.5.1",
     "snyk-module": "3.1.0",
     "snyk-mvn-plugin": "2.17.1",
-    "snyk-nodejs-lockfile-parser": "1.25.0",
+    "snyk-nodejs-lockfile-parser": "1.26.1",
     "snyk-nuget-plugin": "1.18.1",
     "snyk-php-plugin": "1.9.0",
     "snyk-policy": "1.14.1",

diff --git a/src/lib/plugins/nodejs-plugin/npm-lock-parser.ts b/src/lib/plugins/nodejs-plugin/npm-lock-parser.ts
@@ -40,29 +40,21 @@ export async function parse(
     );
   }
 
-  const manifestFile = fs.readFileSync(manifestFileFullPath, 'utf-8');
-  const lockFile = fs.readFileSync(lockFileFullPath, 'utf-8');
-
   analytics.add('local', true);
   analytics.add('generating-node-dependency-tree', {
     lockFile: true,
     targetFile,
   });
-
-  const lockFileType = targetFile.endsWith('yarn.lock')
-    ? lockFileParser.LockfileType.yarn
-    : lockFileParser.LockfileType.npm;
-
   const resolveModuleSpinnerLabel = `Analyzing npm dependencies for ${lockFileFullPath}`;
   debug(resolveModuleSpinnerLabel);
   try {
     await spinner(resolveModuleSpinnerLabel);
     const strictOutOfSync = options.strictOutOfSync !== false;
-    return lockFileParser.buildDepTree(
-      manifestFile,
-      lockFile,
+    return lockFileParser.buildDepTreeFromFiles(
+      root,
+      manifestFileFullPath,
+      lockFileFullPath,
       options.dev,
-      lockFileType,
       strictOutOfSync,
     );
   } finally {

diff --git a/test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts b/test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts
@@ -373,6 +373,50 @@ test('`monitor yarn-package`', async (t) => {
   }
 });
 
+test('`monitor yarn v2 project`', async (t) => {
+  const nodeVersion = parseInt(process.version.slice(1).split('.')[0], 10);
+
+  if (nodeVersion <= 10) {
+    return t.skip();
+  }
+
+  chdirWorkspaces();
+
+  await cli.monitor('yarn-v2');
+  const req = server.popRequest();
+  t.equal(req.method, 'PUT', 'makes PUT request');
+  t.equal(
+    req.headers['x-snyk-cli-version'],
+    versionNumber,
+    'sends version number',
+  );
+  t.match(req.url, '/monitor/yarn/graph', 'puts at correct url');
+
+  const depGraphJSON = req.body.depGraphJSON;
+  t.ok(depGraphJSON);
+  const lodash = depGraphJSON.pkgs.find((pkg) => pkg.info.name === 'lodash');
+
+  t.ok(lodash, 'dependency');
+  t.notOk(req.body.targetFile, 'doesnt send the targetFile');
+  t.notOk(depGraphJSON.from, 'no "from" array on root');
+  t.notOk(lodash.from, 'no "from" array on dep');
+  if (process.platform === 'win32') {
+    t.true(
+      req.body.targetFileRelativePath.endsWith(
+        '\\test\\acceptance\\workspaces\\yarn-v2\\yarn.lock',
+      ),
+      'matching file path win32',
+    );
+  } else {
+    t.true(
+      req.body.targetFileRelativePath.endsWith(
+        '/test/acceptance/workspaces/yarn-v2/yarn.lock',
+      ),
+      'matching file path',
+    );
+  }
+});
+
 test('`monitor yarn-package from within folder`', async (t) => {
   chdirWorkspaces('yarn-package');
   await cli.monitor();

diff --git a/test/acceptance/cli-test/cli-test.yarn.spec.ts b/test/acceptance/cli-test/cli-test.yarn.spec.ts
@@ -316,5 +316,30 @@ export const YarnTests: AcceptanceTests = {
         'depGraph looks fine',
       );
     },
+    '`test` on a yarn v2 package': (params, utils) => async (t) => {
+      const nodeVersion = parseInt(process.version.slice(1).split('.')[0], 10);
+
+      if (nodeVersion <= 10) {
+        return t.skip();
+      }
+
+      utils.chdirWorkspaces('yarn-v2');
+      await params.cli.test();
+      const req = params.server.popRequest();
+      t.equal(req.method, 'POST', 'makes POST request');
+      t.equal(
+        req.headers['x-snyk-cli-version'],
+        params.versionNumber,
+        'sends version number',
+      );
+      t.match(req.url, '/test-dep-graph', 'posts to correct url');
+      t.match(req.body.targetFile, undefined, 'target is undefined');
+      const depGraph = req.body.depGraph;
+      t.same(
+        depGraph.pkgs.map((p) => p.id).sort(),
+        ['yarn-v2@1.0.0', 'lodash@4.17.0'].sort(),
+        'depGraph looks fine',
+      );
+    },
   },
 };
diff --git a/test/acceptance/workspaces/yarn-v2/package.json b/test/acceptance/workspaces/yarn-v2/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "yarn-v2",
+  "version": "1.0.0",
+  "dependencies": {
+    "lodash": "4.17.0"
+  }
+}
diff --git a/test/acceptance/workspaces/yarn-v2/yarn.lock b/test/acceptance/workspaces/yarn-v2/yarn.lock
@@ -0,0 +1,19 @@
+# Manual changes might be lost - proceed with caution!
+
+__metadata:
+  version: 4
+
+"lodash@npm:4.17.0":
+  version: 4.17.0
+  resolution: "lodash@npm:4.17.0"
+  checksum: 2/5788ffdb035914e6af0041e798016f8c87811a4910c2f45bb228f3a456fe6b095aba06e44b11a2a95ec3654cd6d2f26e541986e9dfb03a69c9b4eb776e9d0024
+  languageName: node
+  linkType: hard
+
+"yarn-v2@workspace:.":
+  version: 0.0.0-use.local
+  resolution: "yarn-v2@workspace:."
+  dependencies:
+    lodash: 4.17.0
+  languageName: unknown
+  linkType: soft