fix: determine correct LockfileType for yarn v2

package.json

@@ -82,7 +82,7 @@
     "snyk-gradle-plugin": "3.5.1",
     "snyk-module": "3.1.0",
     "snyk-mvn-plugin": "2.19.1",
-    "snyk-nodejs-lockfile-parser": "1.26.3",
+    "snyk-nodejs-lockfile-parser": "1.27.0",
     "snyk-nuget-plugin": "1.18.1",
     "snyk-php-plugin": "1.9.0",
     "snyk-policy": "1.14.1",

test/acceptance/cli-test/cli-test.yarn-workspaces.spec.ts

@@ -1,6 +1,7 @@
 import * as sinon from 'sinon';
 
 import { AcceptanceTests } from './cli-test.acceptance.test';
+const nodeVersion = parseInt(process.version.slice(1).split('.')[0], 10);
 
 export const YarnWorkspacesTests: AcceptanceTests = {
   language: 'Yarn',
@@ -217,10 +218,61 @@ export const YarnWorkspacesTests: AcceptanceTests = {
       });
       t.equal(policyCount, 2, '2 policies found in a workspace');
     },
+    'test --yarn-workspaces --detection-depth=5 --strict-out-of-sync=false (yarn v2)': (
+      params,
+      utils,
+    ) => async (t) => {
+      // Yarn workspaces for Yarn 2 is only supported on Node 10+
+      if (nodeVersion < 10) {
+        return t.skip();
+      }
+      utils.chdirWorkspaces();
+      const result = await params.cli.test('yarn-workspaces-v2', {
+        yarnWorkspaces: true,
+        detectionDepth: 5,
+        strictOutOfSync: false,
+      });
+      const loadPlugin = sinon.spy(params.plugins, 'loadPlugin');
+      // the parser is used directly
+      t.ok(loadPlugin.withArgs('yarn').notCalled, 'skips load plugin');
+      t.teardown(() => {
+        loadPlugin.restore();
+      });
+      t.match(
+        result.getDisplayResults(),
+        '✓ Tested 1 dependencies for known vulnerabilities, no vulnerable paths found.',
+        'correctly showing dep number',
+      );
+      t.match(result.getDisplayResults(), 'Package manager:   yarn\n');
+      t.match(
+        result.getDisplayResults(),
+        'Project name:      package.json',
+        'yarn project in output',
+      );
+      t.match(
+        result.getDisplayResults(),
+        'Project name:      tomatoes',
+        'yarn project in output',
+      );
+      t.match(
+        result.getDisplayResults(),
+        'Project name:      apples',
+        'yarn project in output',
+      );
+      t.match(
+        result.getDisplayResults(),
+        'Tested 3 projects, no vulnerable paths were found.',
+        'no vulnerable paths found as both policies detected and applied.',
+      );
+    },
     'test --yarn-workspaces --detection-depth=5 multiple workspaces found': (
       params,
       utils,
     ) => async (t) => {
+      // Yarn workspaces for Yarn 2 is only supported on Node 10+
+      if (nodeVersion < 10) {
+        return t.skip();
+      }
       utils.chdirWorkspaces();
       const result = await params.cli.test({
         yarnWorkspaces: true,
@@ -256,8 +308,8 @@ export const YarnWorkspacesTests: AcceptanceTests = {
       );
       t.match(
         result.getDisplayResults(),
-        'Tested 6 projects, no vulnerable paths were found.',
-        'Tested 6 projects',
+        'Tested 9 projects, no vulnerable paths were found.',
+        'Tested 9 projects',
       );
       let policyCount = 0;
       const applesWorkspace =
@@ -273,7 +325,7 @@ export const YarnWorkspacesTests: AcceptanceTests = {
           ? '\\yarn-workspaces\\package.json'
           : 'yarn-workspaces/package.json';
 
-      params.server.popRequests(3).forEach((req) => {
+      params.server.popRequests(6).forEach((req) => {
         t.equal(req.method, 'POST', 'makes POST request');
         t.equal(
           req.headers['x-snyk-cli-version'],
@@ -309,7 +361,7 @@ export const YarnWorkspacesTests: AcceptanceTests = {
           'depGraph has package manager',
         );
       });
-      t.equal(policyCount, 2, '2 policies found in a workspace');
+      t.equal(policyCount, 3, '3 policies found in a workspace');
     },
   },
 };

test/acceptance/workspaces/yarn-workspaces-v2/.snyk

@@ -0,0 +1,9 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:node-uuid:20111130':
+    - '*':
+        reason: None Given
+        expires: 2020-07-17T21:40:21.917Z
+patch: {}

test/acceptance/workspaces/yarn-workspaces-v2/package.json

@@ -0,0 +1,19 @@
+{
+  "private": true,
+  "workspaces": [
+    "packages/*"
+  ],
+  "resolutions": {
+    "node-fetch": "^2.3.0"
+  },
+  "engines": {
+    "node": "^8.11.1 || ^10.11.0",
+    "yarn": "1.10.1"
+  },
+  "devDependencies": {
+    "wsrun": "^3.6.2"
+  },
+  "dependencies": {
+    "node-fetch": "^2.3.0"
+  }
+}

test/acceptance/workspaces/yarn-workspaces-v2/packages/apples/.snyk

@@ -0,0 +1,13 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:node-uuid:20160328':
+    - '*':
+        reason: None Given
+        expires: 2020-07-17T17:21:53.744Z
+  'npm:node-uuid:20111130':
+    - '*':
+        reason: None Given
+        expires: 2020-07-17T21:40:21.917Z
+patch: {}

test/acceptance/workspaces/yarn-workspaces-v2/packages/apples/package.json

@@ -0,0 +1,12 @@
+{
+  "name": "apples",
+  "version": "1.0.0",
+  "license": "UNLICENSED",
+  "main": "./src/index.js",
+  "scripts": {
+    "precommit": "lint-staged"
+  },
+  "dependencies": {
+    "node-uuid": "1.3.0"
+  }
+}

test/acceptance/workspaces/yarn-workspaces-v2/packages/tomatoes/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "tomatoes",
+  "version": "1.0.0",
+  "license": "UNLICENSED",
+  "main": "./src/index.js",
+  "dependencies": {
+    "node-fetch": "2.2.0",
+    "object-assign": "4.1.1"
+  }
+}