-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[lockfile-explorer] Fix some issues when parsing certain lockfile syntaxes #4697
Changes from 4 commits
2afaf0a
6ecdc92
51b86d3
c3aa861
ac3e628
3497947
2d73af3
6ec7d1c
8de41b8
e0144b3
35fb928
6856ee2
f647852
5afbebc
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,7 +11,9 @@ import { AlreadyReportedError } from '@rushstack/node-core-library'; | |
import { FileSystem, type IPackageJson, JsonFile, PackageJsonLookup } from '@rushstack/node-core-library'; | ||
import type { IAppContext } from '@rushstack/lockfile-explorer-web/lib/AppContext'; | ||
import { Colorize } from '@rushstack/terminal'; | ||
import type { Lockfile } from '@pnpm/lockfile-types'; | ||
|
||
import { convertLockfileV6DepPathToV5DepPath } from './utils'; | ||
import { init } from './init'; | ||
import type { IAppState } from './state'; | ||
import { type ICommandLine, parseCommandLine } from './commandLine'; | ||
|
@@ -103,7 +105,17 @@ function startApp(debugMode: boolean): void { | |
|
||
app.get('/api/lockfile', async (req: express.Request, res: express.Response) => { | ||
const pnpmLockfileText: string = await FileSystem.readFileAsync(appState.pnpmLockfileLocation); | ||
const doc = yaml.load(pnpmLockfileText); | ||
const doc = yaml.load(pnpmLockfileText) as Lockfile; | ||
const { packages, lockfileVersion } = doc; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I believe lockfile-explorer tool only support v5/v6 for now. For other versions, I have implemented checks and throw an error. |
||
if (packages && lockfileVersion.toString().startsWith('6.')) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this fix really about supporting multiple versions of the PNPM lockfile format? That might be a better description for the change log. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
const updatedPackages: Lockfile['packages'] = {}; | ||
for (const dependencyPath in packages) { | ||
if (Object.prototype.hasOwnProperty.call(packages, dependencyPath)) { | ||
updatedPackages[convertLockfileV6DepPathToV5DepPath(dependencyPath)] = packages[dependencyPath]; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would it be better to convert V5->V6 instead of vice-versa? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Additionally, I think resolving dependencies in the browser is not very appropriate, as it limits our use of pnpm-related open-source libraries. |
||
} | ||
} | ||
L-Qun marked this conversation as resolved.
Show resolved
Hide resolved
|
||
doc.packages = updatedPackages; | ||
} | ||
res.send({ | ||
doc, | ||
subspaceName | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. | ||
// See LICENSE in the project root for license information. | ||
|
||
import * as dp from '@pnpm/dependency-path'; | ||
|
||
/** | ||
* This operation exactly mirrors the behavior of PNPM's own implementation: | ||
* https://github.com/pnpm/pnpm/blob/73ebfc94e06d783449579cda0c30a40694d210e4/lockfile/lockfile-file/src/experiments/inlineSpecifiersLockfileConverters.ts#L162 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you not just grab this function from a published package? |
||
*/ | ||
export function convertLockfileV6DepPathToV5DepPath(newDepPath: string): string { | ||
if (!newDepPath.includes('@', 2) || newDepPath.startsWith('file:')) return newDepPath; | ||
const index = newDepPath.indexOf('@', newDepPath.indexOf('/@') + 2); | ||
if (newDepPath.includes('(') && index > dp.indexOfPeersSuffix(newDepPath)) return newDepPath; | ||
return `${newDepPath.substring(0, index)}/${newDepPath.substring(index + 1)}`; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{ | ||
"changes": [ | ||
{ | ||
"packageName": "@rushstack/lockfile-explorer", | ||
"comment": "Fix some bugs for the lockfile-explorer tool", | ||
L-Qun marked this conversation as resolved.
Show resolved
Hide resolved
|
||
"type": "patch" | ||
} | ||
], | ||
"packageName": "@rushstack/lockfile-explorer" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the
else
case not an error?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the code, use
dependencyKey
andentryId
to perform matching:Thus, the issue "Could not resolve dependency entryId" primarily from two aspects:
The previous simple
![image](https://private-user-images.githubusercontent.com/68707557/330305425-c949550b-4c13-4fe9-8bcc-a466fae4a0b2.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTkyODY3ODQsIm5iZiI6MTcxOTI4NjQ4NCwicGF0aCI6Ii82ODcwNzU1Ny8zMzAzMDU0MjUtYzk0OTU1MGItNGMxMy00ZmU5LThiY2MtYTQ2NmZhZTRhMGIyLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI1VDAzMzQ0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPThlNzNjZjk5YmZhYmU1YTZhZGY4ZTU0NWQ1YWI2NmVlODdiMzE3Y2NjNGMxYmE1ZDYwOTIxNWNhOWYxYWIzNjQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.Zk7ZMB215qX1KmufWNpSq2C2W7hoevoJ7hc4TJKR2cU)
replace
would cause the "@" at incorrect positions to be replaced:For example, "/@byted/xxx@1.0.0(@xxx/application-http@1.1.0)" will be converted to "//byted/xxx@1.0.0(@xxx/application-http@1.1.0)'"
After being parsed by
![image](https://private-user-images.githubusercontent.com/68707557/330316619-b0f459fa-a364-442f-80f8-fc8fe5bff3ef.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTkyODY3ODQsIm5iZiI6MTcxOTI4NjQ4NCwicGF0aCI6Ii82ODcwNzU1Ny8zMzAzMTY2MTktYjBmNDU5ZmEtYTM2NC00NDJmLTgwZjgtZmM4ZmU1YmZmM2VmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI1VDAzMzQ0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTMwYWEwMzIyNmRhOGUyNGFkOWZmYjRkZTczN2FlMTk3ZmM0YzJjODUxMDhmZWQzZDNkODBmOTYyNGNkMzRiZTEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.3qLap2s4e8Klpjz6fGIM32ioinjYpQFFw5bHDGVcEAQ)
parseDependencies
inLockfileDependency
, theentryId
is further processed based on its original content. I suppose the processed results will not appear in thepnpm-lock.yaml
file. For example, content likelink:../../liveart-core/packages/actions
will be transformed byLockfileDependency
to start with 'project', which will not appear in thepnpm-lock.yaml
file. Therefore, I have imposed further restrictions here.