refactor(scripts): Update clean-shrinkwrap script (#1816)

* refactor(scripts): Update clean-shrinkwrap script This updates the `postshrinkwrap` script to traverse the dependency tree and remove all `from` fields to avoid inconsistent diffs across platforms, environments and installs when shrinkwrapping anew. * chore(shrinkwrap): Update npm-shrinkwrap.json * fix(scripts): Ensure `resolved` field in shrinkwrap is HTTPS * fix(scripts): Only strip "from" of registry packages * fix(clean-shrinkwrap): Fix linter errors * chore(shrinkwrap): Update npm-shrinkwrap.json * fix(scripts): fix spelling typo Change-Type: patch
2025-04-24 07:17:18 +00:00 · 2017-12-15 16:08:33 +01:00 · 2017-12-15 16:08:33 +01:00 · b086e4c2a1
commit b086e4c2a1
parent b45306487b
3 changed files with 94 additions and 1967 deletions
--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json
--- a/package.json
+++ b/package.json
@ -28,15 +28,9 @@
  "author": "Resin Inc. <hello@etcher.io>",
  "license": "Apache-2.0",
  "platformSpecificDependencies": [
-    [
-      "7zip-bin-mac"
-    ],
-    [
-      "7zip-bin-win"
-    ],
-    [
-      "7zip-bin-linux"
-    ]
+    "7zip-bin-mac",
+    "7zip-bin-win",
+    "7zip-bin-linux"
  ],
  "dependencies": {
    "angular": "1.6.3",
--- a/scripts/clean-shrinkwrap.js
+++ b/scripts/clean-shrinkwrap.js
@ -7,264 +7,107 @@
 * the project in another platform.
 *
 * As a workaround, we keep a list of platform dependent dependencies in
- * the `shrinkwrapIgnore` property of `package.json`, and manually remove
- * them from `npm-shrinkwrap.json` if they exists.
+ * the `platformSpecificDependencies` property of `package.json`,
+ * and manually remove them from `npm-shrinkwrap.json` if they exist.
 *
 * See: https://github.com/npm/npm/issues/2679
 */

+/* eslint-disable lodash/prefer-lodash-method */
+/* eslint-disable no-magic-numbers */
+/* eslint-disable no-undefined */
+
 'use strict'

-const _ = require('lodash')
 const fs = require('fs')
 const path = require('path')
-const packageJSON = require('../package.json')
-const NPM_SHRINKWRAP_FILE_PATH = path.join(__dirname, '..', 'npm-shrinkwrap.json')
-const shrinkwrapFile = require(NPM_SHRINKWRAP_FILE_PATH)
-const platformSpecificDependencies = packageJSON.platformSpecificDependencies
-const JSON_INDENTATION_SPACES = 2

-console.log('Removing:', platformSpecificDependencies.join(', '))
+const JSON_INDENT = 2
+const SHRINKWRAP_FILENAME = path.join(__dirname, '..', 'npm-shrinkwrap.json')
+
+const packageInfo = require('../package.json')
+const shrinkwrap = require('../npm-shrinkwrap.json')

 /**
- * @summary Get a shrinkwrap dependency object
- * @function
- * @private
- *
- * @param {Object} shrinkwrap - the shrinkwrap file contents
- * @param {String[]} shrinkwrapPath - path to shrinkwrap dependency
- * @returns {Object} shrinkwrap object
- *
+ * @summary Traverse a shrinkwrap tree and call
+ * a given function on each dependency
+ * @param {Object} tree - shrinkwrap
+ * @param {Function} onNode - callback({Object} parent, {String} parentName, {String} name, {Object} info)
+ * @param {String} [parentName] - name of dependent (used internally)
 * @example
- * const object = getShrinkwrapDependencyObject(require('./npm-shrinkwrap.json'), [
- *   'drivelist',
- *   'lodash'
- * ]);
- *
- * console.log(object.version);
- * console.log(object.dependencies);
- */
-const getShrinkwrapDependencyObject = (shrinkwrap, shrinkwrapPath) => {
-  return _.reduce(shrinkwrapPath, (accumulator, dependency) => {
-    return _.get(accumulator, [ 'dependencies', dependency ], {})
-  }, shrinkwrap)
-}
-
-/**
- * @summary Get a cleaned shrinkwrap dependency object
- * @function
- * @private
- *
- * @description
- * This function wraps `getShrinkwrapDependencyObject()` to
- * omit unnecessary properties such as `from`, or `dependencies`.
- *
- * @param {Object} shrinkwrap - the shrinkwrap file contents
- * @param {String[]} shrinkwrapPath - path to shrinkwrap dependency
- * @returns {Object} pretty shrinkwrap object
- *
- * @example
- * const object = getPrettyShrinkwrapDependencyObject(require('./npm-shrinkwrap.json'), [
- *   'drivelist',
- *   'lodash'
- * ]);
- *
- * console.log(object.name);
- * console.log(object.path);
- * console.log(object.version);
- */
-const getPrettyShrinkwrapDependencyObject = (shrinkwrap, shrinkwrapPath) => {
-  const object = getShrinkwrapDependencyObject(shrinkwrap, shrinkwrapPath)
-
-  if (_.isEmpty(object)) {
-    return null
-  }
-
-  return {
-    name: _.last(shrinkwrapPath),
-    path: shrinkwrapPath,
-    version: object.version,
-    development: Boolean(object.dev),
-    optional: Boolean(object.optional)
-  }
-}
-
-/**
- * @summary Get the manifest (package.json) of a shrinkwrap dependency
- * @function
- * @private
- *
- * @param {String[]} shrinkwrapPath - path to shrinkwrap dependency
- * @returns {Object} dependency manifest
- *
- * @example
- * const manifest = getShrinkwrapDependencyManifest([ 'bluebird' ]);
- * console.log(manifest.devDependencies);
- */
-const getShrinkwrapDependencyManifest = (shrinkwrapPath) => {
-  const manifestPath = _.chain(shrinkwrapPath)
-    .flatMap((dependency) => {
-      return [ 'node_modules', dependency ]
-    })
-    .concat([ 'package.json' ])
-    .reduce((accumulator, file) => {
-      return path.join(accumulator, file)
-    }, '.')
-    .value()
-
-  try {
-    // For example
-    // ./node_modules/drivelist/node_modules/lodash/package.json
-    return require(`.${path.sep}${manifestPath}`)
-  } catch (error) {
-    if (error.code === 'MODULE_NOT_FOUND') {
-      return null
-    }
-
-    throw error
-  }
-}
-
-/**
- * @summary Get the top level dependencies of a shrinkwrap object
- * @function
- * @private
- *
- * @param {String[]} shrinkwrapPath - path to shrinkwrap dependency
- * @returns {Object} top level dependencies
- *
- * @example
- * const dependencies = getTopLevelDependenciesForShrinkwrapPath([ 'debug' ]);
- * console.log(dependencies);
- * > {
- * >   "lodash": "^4.0.0"
- * > }
- */
-const getTopLevelDependenciesForShrinkwrapPath = (shrinkwrapPath) => {
-  return _.get(getShrinkwrapDependencyManifest(shrinkwrapPath), [ 'dependencies' ], {})
-}
-
-/**
- * @summary Get the dependency tree of a shrinkwrap dependency
- * @function
- * @private
- *
- * @param {Object} shrinkwrap - the shrinkwrap file contents
- * @param {String[]} shrinkwrapPath - path to shrinkwrap dependency
- * @returns {Object[]} dependency tree
- *
- * @example
- * const dependencyTree = getDependencyTree(require('./npm-shrinkwrap.json'), [ 'drivelist' ]);
- *
- * _.each(dependencyTree, (dependency) => {
- *   console.log(dependency.name);
- *   console.log(dependency.path);
- *   console.log(dependency.version);
+ * traverseDeps(shrinkwrap, (parent, parentName, name, info) => {
+ *   // ...
 * })
 */
-const getDependencyTree = (shrinkwrap, shrinkwrapPath) => {
-  const dependencies = getTopLevelDependenciesForShrinkwrapPath(shrinkwrapPath)
-
-  if (_.isEmpty(dependencies)) {
-    return []
+const traverseDeps = (tree, onNode, parentName) => {
+  if (!tree.dependencies) {
+    return
  }

-  const object = getShrinkwrapDependencyObject(shrinkwrap, shrinkwrapPath)
-  const result = _.map(dependencies, (version, name) => {
-    const dependencyPath = _.has(object.dependencies, name) ? _.concat(shrinkwrapPath, [ name ]) : [ name ]
-    return getPrettyShrinkwrapDependencyObject(shrinkwrap, dependencyPath)
-  })
+  const keys = Object.keys(tree.dependencies)

-  return _.concat(result, _.flatMapDeep(result, (dependency) => {
-    return getDependencyTree(shrinkwrap, dependency.path)
-  }))
+  let name = null
+
+  for (let index = 0; index < keys.length; index += 1) {
+    name = keys[index]
+
+    // Check for this dependency to still exist,
+    // as a node might have been removed just before this iteration
+    if (tree.dependencies[name]) {
+      onNode(tree, parentName || tree.name, name, tree.dependencies[name])
+
+      // Check that the walking function didn't remove the dependency;
+      // if so, skip it and continue with the next one
+      if (tree.dependencies[name] && tree.dependencies[name].dependencies) {
+        traverseDeps(tree.dependencies[name], onNode, name)
+      }
+    }
+  }
 }

-/**
- * @summary Remove certain development optional dependencies from a shrinkwrap file
- * @function
- * @private
- *
- * @description
- * A shrinkwrap object is a recursive data structure, that apart
- * from some extra metadata, has the following structure:
- *
- * {
- *   ...
- *   "dependencies": {
- *     "<dependency_name>": <recursive definition>,
- *     "<dependency_name>": <recursive definition>,
- *     "<dependency_name>": <recursive definition>,
- *     ...
- *   }
- * }
- *
- * The purpose of this function is to remove certain dependencies
- * that match a blacklist. In order to do so, we start from the top
- * level object, remove the blacklisted dependencies, and recurse
- * if possible.
- *
- * @param {Object} shrinkwrap - the shrinkwrap object
- * @param {Object[]} blacklist - dependency blacklist
- * @returns {Object} filtered shrinkwrap object
- *
- * @example
- * const shrinkwrapFile = require('./npm-shrinkwrap.json');
- * const dependencyTree = getDependencyTree(shrinkwrapFile, [ 'drivelist' ]);
- * const filteredShrinkwrap = removeOptionalDevelopmentDependencies(shrinkwrapFile, dependencyTree);
- */
-const removeOptionalDevelopmentDependencies = (shrinkwrap, blacklist) => {
-  if (!_.isEmpty(shrinkwrap.dependencies)) {
-    shrinkwrap.dependencies = _.chain(shrinkwrap.dependencies)
-      .omitBy((dependency, name) => {
-        return _.every([
-          _.find(blacklist, {
-            name,
-            version: dependency.version
-          }),
-          dependency.dev,
-          dependency.optional
-        ])
-      })
-      .mapValues((dependency) => {
-        return removeOptionalDevelopmentDependencies(dependency, blacklist)
-      })
-      .value()
+console.log('Cleaning shrinkwrap...')
+
+// Walk the generated shrinkwrap tree & apply modifications if necessary
+traverseDeps(shrinkwrap, (parent, parentName, name, info) => {
+  // If this dependency depends on a "blacklisted" optional
+  // dependency; remove it from the shrinkwrap
+  if (packageInfo.platformSpecificDependencies.includes(name)) {
+    console.log(' - Removing "%s" from "%s"', name, parentName)
+    parent.dependencies[name] = undefined
+    Reflect.deleteProperty(parent.dependencies, name)
+    return
  }

-  return shrinkwrap
-}
+  // Ensure the `resolved` field contains a HTTPS registry URL,
+  // as some versions of npm apparently fall back to HTTP on some platforms
+  // under some circumstances
+  if (/^http:\/\//.test(info.resolved)) {
+    info.resolved = info.resolved.replace(/^http/, 'https')
+  }

-/**
- * @summary Get the dependency tree of a dependency plus the dependency itself
- * @function
- * @private
- *
- * @param {Object} shrinkwrap - the shrinkwrap file contents
- * @param {String[]} shrinkwrapPath - path to shrinkwrap dependency
- * @returns {Object[]} tree
- *
- * @example
- * const tree = getTree(require('./npm-shrinkwrap.json'), [ 'drivelist' ]);
- *
- * _.each(tree, (dependency) => {
- *   console.log(dependency.name);
- *   console.log(dependency.path);
- *   console.log(dependency.version);
- * });
- */
-const getTree = (shrinkwrap, shrinkwrapPath) => {
-  return _.compact(_.concat([
-    getPrettyShrinkwrapDependencyObject(shrinkwrap, shrinkwrapPath)
-  ], getDependencyTree(shrinkwrap, shrinkwrapPath)))
-}
+  // Delete `from` fields to avoid different diffs on different platforms
+  // NOTE: Only do this if it's a npm package version range,
+  // as direct installs from github or git need this field
+  // to resolve properly during shrinkwrapping
+  const isScoped = /^@/.test(name)
+  const fromNpm = !/^[a-z0-9-]+\//i.test(info.from)
+  if (isScoped || fromNpm) {
+    info.from = undefined
+    Reflect.deleteProperty(info, 'from')
+  }
+})

-const blacklist = _.reduce(platformSpecificDependencies, (accumulator, dependencyPath) => {
-  return _.concat(accumulator, getTree(shrinkwrapFile, dependencyPath))
-}, [])
+// Generate the new shrinkwrap JSON
+const shrinkwrapJson = `${JSON.stringify(shrinkwrap, null, JSON_INDENT)}\n`

-const filteredShrinkwrap = removeOptionalDevelopmentDependencies(shrinkwrapFile, blacklist)
-const result = JSON.stringify(filteredShrinkwrap, null, JSON_INDENTATION_SPACES)
+// Write back the modified npm-shrinkwrap.json
+fs.writeFile(SHRINKWRAP_FILENAME, shrinkwrapJson, (error) => {
+  if (error) {
+    console.log(`[ERROR] Couldn't write shrinkwrap file: ${error.stack}`)
+    process.exit(1)
+  } else {
+    console.log(`[OK] Wrote shrinkwrap file to ${path.relative(__dirname, SHRINKWRAP_FILENAME)}`)
+  }
+})

-fs.writeFileSync(NPM_SHRINKWRAP_FILE_PATH, `${result}\n`)
-console.log('Done')
+console.log('')