Lockfile autodetection for test, wizard, protect and monitor #228
Conversation
lili2311
force-pushed
the
fix/lockfiles-monitor
branch
2 times, most recently
from
97535e1 to
5a32fd3
Compare
|
WORK IN PROGRESS |
lili2311
force-pushed
the
fix/lockfiles-monitor
branch
from
5a32fd3 to
aca149e
Compare
lili2311
force-pushed
the
fix/lockfiles-monitor
branch
2 times, most recently
from
ddc11cc to
e2e8484
Compare
| if (!nodeModulesExist) { | ||
| // throw a custom error | ||
| throw new Error( | ||
| 'Missing node_modules folder: we can\'t patch without having installed packages.' + |
There was a problem hiding this comment.
test can now be performed without node_modules so change the wording to better reflect why we need node_modules during wizard for all node lockfiles & non lockfiles project types
| if (isLockFileBased) { | ||
| // we need to trigger a lockfile update after adding snyk | ||
| // as a dep | ||
| return protect.update(['snyk'], live, packageManager); |
There was a problem hiding this comment.
if a project is lockfile based we need to also update the lockfile after adding in snyk as a dep, without this the files go out of sync and fail a re-test on monitor command
| @@ -10,6 +10,7 @@ var chalk = require('chalk'); | |||
|
|
|||
| var DETECTABLE_FILES = [ | |||
| 'yarn.lock', | |||
| 'package-lock.json', | |||
There was a problem hiding this comment.
change order to ensure lockfile based projects get processed as suck
lili2311
force-pushed
the
fix/lockfiles-monitor
branch
from
e2e8484 to
f398253
Compare
| // but not the latest node-lockfile-parser | ||
| // HACK: if yarn set traverseNodeModules option to | ||
| // bypass lockfile test for wizard | ||
| options.traverseNodeModules = true; |
There was a problem hiding this comment.
Fallback for yarn projects where we currently do not support traversing node_modules with the new lockfile-parser
| // but not the latest node-lockfile-parser | ||
| // HACK: if yarn set traverseNodeModules option to | ||
| // bypass lockfile test for wizard | ||
| if (targetFile.endsWith('yarn.lock')) { |
There was a problem hiding this comment.
Fallback for yarn projects where we currently do not support traversing node_modules with the new lockfile-parser
|
Great job, waiting for tests to pass before final approvement. |
src/cli/commands/protect/wizard.js
Outdated
| return snyk.test(cwd, options).then(function (res) { | ||
| if (alerts.hasAlert('tests-reached') && res.isPrivate) { | ||
| return; | ||
| var intro = __dirname + '/../../../../help/wizard-intro.txt'; |
lili2311
force-pushed
the
fix/lockfiles-monitor
branch
7 times, most recently
from
d41a593 to
81f337e
Compare
Lockfile autodetection functionality wuth fall back for yarn.lock files on node < 6 && yarn//lock wizard flow.
|
🎉 This PR is included in version 1.102.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
What does this PR do?
node_moduletraversal as fall back for package.json & shrinkwrap projectsThe state of NPM lockfile support in this pr:
package.json&package-lock.jsonwill be tested via the new lockfile parser lib forsnyk protect,test,monitorThe state of Yarn lockfile support in this pr:
package.json&yarn.lockwill be tested via the new lockfile parser lib forsnyk test,monitorpackage.json&yarn.lockwill be tested via the oldnode_modulestraversal lib (resolve-deps) forsnyk protectandwizardpackage.json&yarn.lockon node@4 will be tested via the oldnode_modulestraversal lib (resolve-deps) for allsnykcommands. Yarn parser lib we use is not compatible with node@4Where should the reviewer start?
How should this be manually tested?
What are the relevant tickets?
https://snyksec.atlassian.net/browse/SC-6240
https://snyksec.atlassian.net/browse/SC-6277