chore(js): add expo example app and move to pnpm #247
Conversation
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
3 times, most recently
from
c23380e
to
7728f98
Compare
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
2 times, most recently
from
1ce7395
to
1636421
Compare
|
@swcurran snyk seems to fail, but I cannot access the project page on their website. Could you help with this? I just need to know which dependencies are the issue. |
|
@berendsliedrecht — is this helpfuil? Not sure it is what you want. It what I can see, and the only related link is the settings gear, but that doesn’t seem to be helpful.
|
Hmm it wants it to be built with yarn. Do we have some setting to set the package manager? Pnpm-lock.yaml is equal to yarn.lock |
|
I don’t know about any of this stuff, so stumbling around. When I hit the “gear” from the image above, and then in the top right “Open in GitHub” — it takes me to this page: https://github.com/hyperledger/aries-askar/blob/main/wrappers/javascript/package.json where there are a number of references to yarn. Is that file correct? |
|
Requested us to be added @berendsliedrecht: hyperledger/governance#259 |
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
from
11a972a
to
c522cb2
Compare
| @@ -0,0 +1,71 @@ | |||
| root: true | |||
There was a problem hiding this comment.
might be nice to also move this to biome so we can drop prettier + eslint
There was a problem hiding this comment.
Yes, wanted to do that at a later stage.
wrappers/javascript/package.json
Outdated
| "repository": { | ||
| "type": "git", | ||
| "url": "https://github.com/hyperledger/aries-askar", | ||
| "url": "https://github.com/hyperledger/aries-askar-rs", |
There was a problem hiding this comment.
| "url": "https://github.com/hyperledger/aries-askar-rs", | |
| "url": "https://github.com/hyperledger/aries-askar", |
| ? number | ||
| : Type[Property] extends Record<string, unknown> | unknown[] | ||
| ? string | ||
| : Type[Property] extends Buffer | Uint8Array | Key | ArcHandle | Jwk | ||
| ? Buffer | ||
| : Type[Property] extends Callback | ||
| ? Callback | ||
| : Type[Property] extends CallbackWithResponse | ||
| ? CallbackWithResponse | ||
| : Type[Property] extends boolean | undefined | ||
| ? number | ||
| : Type[Property] extends unknown[] | undefined | ||
| ? string | ||
| : Type[Property] extends Record<string, unknown> | undefined | ||
| ? string | ||
| : Type[Property] extends Date | undefined | ||
| ? number | ||
| : Type[Property] extends string | undefined | ||
| ? string | ||
| : Type[Property] extends number | undefined | ||
| ? number | ||
| : Type[Property] extends Uint8Array | undefined | ||
| ? Buffer | ||
| : unknown |
|
Going a bit through the Snyk issue again, it seems that they do not have support for PNPM (snyk/nodejs-lockfile-parser#111). Can we disable it for the JS projects and just have dependabot deal with vunelerabilities? |
|
@WadeBarnes — can you help here? You have a way better handle on this than I. Thanks! |
|
@WadeBarnes — I mean about the Snyk comment — #247 (comment) |
|
It seems Snyk is adding support for pnpm; snyk/nodejs-lockfile-parser#111 (comment) Some additional questions to establish some background (mostly for me since the setup is not obvious):
|
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
4 times, most recently
from
a8cf96c
to
b4851df
Compare
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
2 times, most recently
from
f3bd36e
to
dbd5a9b
Compare
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
2 times, most recently
from
cd6d0c9
to
849cd67
Compare
| @@ -0,0 +1,6 @@ | |||
| <resources> | |||
There was a problem hiding this comment.
Can we make the example app an Expo app and not push the prebulid outputs?
There was a problem hiding this comment.
Ah ofcourse! I think the gitignore was picked up later while rebasing. Shouldn't have pushed it!
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
2 times, most recently
from
b262c6a
to
add1389
Compare
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
from
add1389
to
731b98d
Compare
|
@andrewwhitehead could you review the rust side? Quite minimal changes, mainly a new trait |
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
2 times, most recently
from
b0fce3d
to
a120fec
Compare
|
DCO seems to be messed up. Maybe you need to squash and force push? |
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
berendsliedrecht
force-pushed
the
pnpm-and-example-app
branch
from
a120fec
to
608507f
Compare
Sadly I am not a Snyk expert so I cannot answer these questions. I think it is integrated indirectly just by being under the Hyperledger organization (not a 100% sure, but I cannot seem to find any Snyk setup in this repo). IMO we can just disable and let dependabot deal with the specific issues for JS. This is blocking quite some work now, also for Credo. |
|
@ryjones, Do you have any thoughts, comments, or recommendations on the Snyk topic?
|
|
wrappers/javascript/package.json Missing required yarn.lock. I've removed the integration |
|
@berendsliedrecht Made a similar PR in indy vdr repo, but also updated to Biome and vitest there (lest config/setup). Maybe we can do the same here as well. |
Rust side changes
cargo-ndkmanaged app.HasKeyBackendtrait which defaults toKeyBackend::Software. This is done so we can correctly create P256 Software vs Hardware keys.