@esy-nightly/esy - npm Package Compare versions

Comparing version 0.7.0-b69dd3 to 0.7.0-beta.4-3-gca55d28e

package.json

 {
   "name": "@esy-nightly/esy",
-  "version": "0.7.0-b69dd3",
-  "license": "MIT",
+  "version": "0.7.0-beta.4-3-gca55d28e\n",
+  "license": "BSD-2-Clause",
   "description": "Package builder for esy.",
-  "dependencies": {
-    "esy-solve-cudf": "^0.1.10"
-  },
   "scripts": {
-    "postinstall": "node ./postinstall.js"
+    "postinstall": "node -e \"process.env['OCAML_VERSION'] = process.platform == 'linux' ? '4.12.0-musl.static.flambda': '4.12.0'; process.env['OCAML_PKG_NAME'] = 'ocaml'; require('./postinstall.js')\""
   },
   "bin": {
-    "esy": "_build/default/bin/esy.exe"
+    "esy": "bin/esy"
   },
   "files": [
+    "_export/",
     "bin/",
     "postinstall.js",
+    "esyInstallRelease.js",
     "platform-linux/",
     "platform-darwin/",
-    "platform-win32/",
-    "_build/default/**/*.exe"
+    "platform-darwin-arm64/",
+    "platform-windows-x64/"
   ]
 }

postinstall.js

@@ -18,21 +18,40 @@ /**
 
-const binariesToCopy = [
-  path.join('_build', 'default', 'bin', 'esy.exe'),
-  path.join('_build', 'default', 'bin', 'esyInstallRelease.js'),
-  path.join(
-    '_build',
-    'default',
-    'esy-build-package',
-    'bin',
-    'esyBuildPackageCommand.exe'
-  ),
-  path.join(
-    '_build',
-    'default',
-    'esy-build-package',
-    'bin',
-    'esyRewritePrefixCommand.exe'
-  )
-];
+var packageJson = require('./package.json');
+var binariesToCopy = Object.keys(packageJson.bin)
+  .map(function (name) {
+    return packageJson.bin[name];
+  })
+  .concat(['esyInstallRelease.js']);
+var foldersToCopy = ['bin', '_export'];
 
+function copyRecursive(srcDir, dstDir) {
+  var results = [];
+  var list = fs.readdirSync(srcDir);
+  var src, dst;
+  list.forEach(function (file) {
+    src = path.join(srcDir, file);
+    dst = path.join(dstDir, file);
+
+    var stat = fs.statSync(src);
+    if (stat && stat.isDirectory()) {
+      try {
+        fs.mkdirSync(dst);
+      } catch (e) {
+        console.log('directory already exists: ' + dst);
+        console.error(e);
+      }
+      results = results.concat(copyRecursive(src, dst));
+    } else {
+      try {
+        fs.writeFileSync(dst, fs.readFileSync(src));
+      } catch (e) {
+        console.log("could't copy file: " + dst);
+        console.error(e);
+      }
+      results.push(src);
+    }
+  });
+  return results;
+}
+
 /**
@@ -98,14 +117,28 @@ * Since os.arch returns node binary's target arch, not
 function copyFileSync(sourcePath, destPath) {
-  const data = fs.readFileSync(sourcePath);
-  const stat = fs.statSync(sourcePath);
+  var data;
+  try {
+    data = fs.readFileSync(sourcePath);
+  } catch (e) {
+    data = fs.readFileSync(sourcePath + '.exe');
+    sourcePath = sourcePath + '.exe';
+    destPath = destPath + '.exe';
+  }
+  var stat = fs.statSync(sourcePath);
   fs.writeFileSync(destPath, data);
-  fs.chmodSync(destPath, stat.mode);
+  fs.chmodSync(destPath, 0755);
 }
 
-const copyPlatformBinaries = platformPath => {
-  const platformBuildPath = path.join(__dirname, 'platform-' + platformPath);
+var copyPlatformBinaries = (platformPath) => {
+  var platformBuildPath = path.join(__dirname, 'platform-' + platformPath);
 
-  binariesToCopy.forEach(binaryPath => {
-    const sourcePath = path.join(platformBuildPath, binaryPath);
-    const destPath = path.join(__dirname, binaryPath);
+  foldersToCopy.forEach((folderPath) => {
+    var sourcePath = path.join(platformBuildPath, folderPath);
+    var destPath = path.join(__dirname, folderPath);
+
+    copyRecursive(sourcePath, destPath);
+  });
+
+  binariesToCopy.forEach((binaryPath) => {
+    var sourcePath = path.join(platformBuildPath, binaryPath);
+    var destPath = path.join(__dirname, binaryPath);
     if (fs.existsSync(destPath)) {
@@ -115,6 +148,11 @@ fs.unlinkSync(destPath);
     copyFileSync(sourcePath, destPath);
-    fs.chmodSync(destPath, 0o755);
   });
 };
 
+try {
+  fs.mkdirSync('_export');
+} catch (e) {
+  console.log('Could not create _export folder');
+}
+
 switch (platform) {
@@ -127,11 +165,13 @@ case 'win32':
 
-    copyPlatformBinaries('win32');
-
+    copyPlatformBinaries('windows-x64');
     console.log('Installing native compiler toolchain for Windows...');
-    cp.execSync(`npm install esy-bash@0.3.19 --prefix "${__dirname}"`);
+    cp.execSync(
+      `npm install @prometheansacrifice/esy-bash@0.1.0-dev-f2e419601a34c3ce53cbe1f025f490276b9e879f --prefix "${__dirname}"`,
+    );
     console.log('Native compiler toolchain installed successfully.');
     break;
+    break;
   case 'linux':
   case 'darwin':
-    copyPlatformBinaries(platform);
+    copyPlatformBinaries(platform + (process.arch === 'x64' ? '' : '-arm64'));
     break;
@@ -142,1 +182,3 @@ default:
 }
+
+require('./esyInstallRelease');

README.md

 # esy
 
-`package.json` workflow for native development with Reason/OCaml.
+`package.json` workflow for native development with Reason/OCaml
 
@@ -51,3 +51,3 @@ [![Build Status](https://dev.azure.com/esy-dev/esy/_apis/build/status/build)](https://dev.azure.com/esy-dev/esy/_build/latest?definitionId=1)
     │   This dune library implements sandbox builder - a routine which builds
-    │   the enture dependency graph and provides other introspection APIs.
+    │   the entire dependency graph and provides other introspection APIs.
     │
@@ -101,3 +101,3 @@ ├── esy/bin
     ├── test-e2e-slow
-    │   End-to-end test suite which takes a significiant amount of time.
+    │   End-to-end test suite which takes a significant amount of time.
     │   We execute it on CI by placing `@slowtest` token in commit messages.
@@ -113,19 +113,10 @@ │
 ```
-% git clone git://github.com/esy/esy.git
-% cd esy
-% esy
-% yarn
-% node scripts/bootstrap.js
+% git clone  --recurse-submodules git://github.com/esy/esy.git
+% cd esy # Change to the cloned directory
+% esy # install and build dependencies 
 ```
 
-On Linux/macOS (soon on Windows too) you can run:
+And then run newly built `esy` executable from anywhere by adding `PATH_TO_REPO/_build/install/default/bin`
+to the $PATH during the shell's session. On Windows, append `PATH_TO_REPO/bin` too.
 
-```
-% make install-githooks
-```
-
-which will install git hooks which will do pre commit validation.
-
-To test the `esy` executable in development you can use `bin/esy`.
-
 ### Updating `bin/esyInstallRelease.js`
@@ -152,2 +143,33 @@
 
+#### Slow tests
+By placing `@slowtest` token in commit messages, we mark the commit ready for the slow tests framework
+(tests that hit the network). They are run with `node test-e2e-slow/run-slow-tests.js`
+
+#### Windows
+
+In cases e2e tests fail with `Host key verification failed.`, you might have to create ssh keys
+in the cygwin shall and add them to your github profile.
+
+1. Enter cygwin installed by esy (not the global one)
+
+```sh
+.\node_modules\@prometheansacrifice\esy-bash\re\_build\default\bin\EsyBash.exe bash
+```
+
+2. Generate ssh keys
+
+```sh
+ssh-keygen
+```
+
+3. Add the public key to you Github profile
+
+4. Add the following to the bash rc of the cygwin instance
+
+```sh
+eval $(ssh-agent -s)
+ssh-add ~/.ssh/id_rsa
+```
+
+
 ### Branches
@@ -154,0 +176,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 3 instances in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 6 instances in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 12 instances in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Improved metrics

Dependency count

0

decreased by-100%

Number of package files

24

increased by26.32%

Number of low license alerts

0

decreased by-100%

Lines of code

34552

increased by0.86%

Number of lines in readme file

279

increased by8.56%

Number of medium supply chain risk alerts

27

decreased by-3.57%

Worsened metrics

Total package byte prevSize

84225422

decreased by-54.84%

Number of high supply chain risk alerts

4

increased by300%

Number of low supply chain risk alerts

47

increased by14.63%

Dependency changes

• - Removedesy-solve-cudf@^0.1.10

• - Removedesy-solve-cudf@0.1.10(transitive)