synp - npm Package Compare versions

Comparing version 1.8.0 to 1.8.1

cli/run.js

@@ -14,5 +14,7 @@ #!/usr/bin/env node
   try {
-    const { sourceFile } = program
+    const { sourceFile, withWorkspace } = program
     const sourceFileName = sourceFile && sourceFile.split(path.sep).pop()
     validateArgs(program, sourceFileName)
+    validatePath(program)
+
     const convert = sourceFileName === 'yarn.lock'
@@ -22,7 +24,7 @@ ? synp.yarnToNpm
     const sourcePath = sourceFile.split(path.sep).slice(0, -1).join(path.sep)
-    validatePath(program)
+
     const destinationFileName = sourceFileName === 'yarn.lock' ? 'package-lock.json' : 'yarn.lock'
     const destinationPath = sourceFile.split(path.sep).slice(0, -1).join(path.sep)
     const destination = path.join(destinationPath, destinationFileName)
-    const output = convert(sourcePath)
+    const output = convert(sourcePath, withWorkspace)
     writeOutput(output, destination)
@@ -29,0 +31,0 @@ } catch (e) {

cli/synp.js

@@ -12,4 +12,5 @@ #!/usr/bin/env node
   .option('-f, --force', 'Force overwrite destination file')
+  .option('--with-workspace', 'Enable experimental npm lockfile v2 processing')
   .parse(process.argv)
 
 run(program)

index.d.ts

 declare module 'synp' {
-  export function yarnToNpm(packageDir: string): string
-  export function npmToYarn(packageDir: string): string
+  export function yarnToNpm(packageDir: string, withWorkspace?: boolean): string
+  export function npmToYarn(packageDir: string, withWorkspace?: boolean): string
 }

index.js

 'use strict'
 
-const fs = require('fs')
 const path = require('path')
 const { convertYarnToNpm, convertNpmToYarn } = require('./lib')
+const { read } = require('./util/read')
 
 module.exports = {
-  yarnToNpm (packageDir) {
-    const yarnLock = fs.readFileSync(
-      path.join(packageDir, 'yarn.lock'),
-      'utf-8'
-    )
-    const packageJson = fs.readFileSync(path.join(packageDir, 'package.json'))
-    const { name, version } = JSON.parse(packageJson)
-    return convertYarnToNpm(yarnLock, name, version, packageDir)
+  yarnToNpm (packageDir, withWorkspace) {
+    const yarnLock = read(path.join(packageDir, 'yarn.lock'), true)
+    const { name, version } = read(path.join(packageDir, 'package.json'))
+
+    return convertYarnToNpm(yarnLock, name, version, packageDir, withWorkspace)
   },
-  npmToYarn (packageDir) {
-    const packageLockFileString = fs.readFileSync(
-      path.join(packageDir, 'package-lock.json'),
-      'utf-8'
-    )
-    return convertNpmToYarn(packageLockFileString, packageDir)
+  npmToYarn (packageDir, withWorkspace) {
+    const packageLockFileString = read(path.join(packageDir, 'package-lock.json'), true)
+
+    return convertNpmToYarn(packageLockFileString, packageDir, withWorkspace)
   }
 }

lib/index.js

 'use strict'
 
 const { join } = require('path')
-const { readJson } = require('../util/read')
+const { read } = require('../util/read')
 const { convertYarnToNpmV1, convertNpmV1ToYarn } = require('./lockfileV1')
 const { convertYarnToNpmV2, convertNpmV2ToYarn } = require('./lockfileV2')
 
+const checkWorkspace = (requiresWorkspace, withWorkspace) => {
+  if (requiresWorkspace && !withWorkspace) {
+    console.warn('Workspace (npm lockfile v2) support is experimental. Pass `--with-workspaces` flag to enable and cross your fingers. Good luck!')
+
+    return false
+  }
+
+  return requiresWorkspace
+}
+
 module.exports = {
-  convertYarnToNpm (yarnLock, name, version, packageDir) {
-    const packageJson = readJson(join(packageDir, 'package.json'))
+  convertYarnToNpm (yarnLock, name, version, packageDir, withWorkspace) {
+    const packageJson = read(join(packageDir, 'package.json'))
+    const requiresWorkspace = !!packageJson.workspaces
 
-    // NOTE workspaces require lockfile v2
-    return packageJson.workspaces
+    return checkWorkspace(requiresWorkspace, withWorkspace)
       ? convertYarnToNpmV2(yarnLock, name, version, packageDir, packageJson)
       : convertYarnToNpmV1(yarnLock, name, version, packageDir, packageJson)
   },
-  convertNpmToYarn (packageLockFileString, packageDir) {
+  convertNpmToYarn (packageLockFileString, packageDir, withWorkspace) {
     const packageLock = JSON.parse(packageLockFileString)
     const { lockfileVersion } = packageLock
+    const requiresWorkspace = lockfileVersion === 2
 
-    return lockfileVersion === 2
+    return checkWorkspace(requiresWorkspace, withWorkspace)
       ? convertNpmV2ToYarn(packageLockFileString, packageDir)
@@ -23,0 +34,0 @@ : convertNpmV1ToYarn(packageLockFileString, packageDir)

lib/lockfileV1/entry.js

@@ -10,3 +10,3 @@ 'use strict'
 
-function yarnToNpmResolved (version, yarnResolved, request) {
+function yarnToNpmResolved (version, yarnResolved, request, integrityField) {
   // Handle file dependency (there is no URL to parse).
@@ -25,4 +25,4 @@ if (yarnResolved === undefined) {
   const hexChecksum = yarnResolved.replace(/^.*#/, '')
-  const sha1 = Buffer.from(hexChecksum, 'hex').toString('base64')
-  const integrity = sha1 ? 'sha1-' + sha1 : undefined
+  const intergityFromUrlHash = Buffer.from(hexChecksum, 'hex').toString('base64')
+  const integrity = (intergityFromUrlHash ? 'sha1-' + intergityFromUrlHash : integrityField) || undefined
 
@@ -78,3 +78,3 @@ const isTarball = /^https?:\/\//.test(request)
     const yarnResolved = entryInYarnFile.resolved
-    const entry = yarnToNpmResolved(version, yarnResolved, request)
+    const entry = yarnToNpmResolved(version, yarnResolved, request, entryInYarnFile.integrity)
     if (dependencies && Object.keys(dependencies).length > 0) {
@@ -81,0 +81,0 @@ entry.requires = npmRequires(dependencies, yarnObject)

lib/lockfileV1/tree.js

 'use strict'
 
-const { sep } = require('path')
+const { sep, resolve } = require('path')
 const { dependenciesForYarn } = require('./dependencies')
 const { yarnEntry, npmEntry } = require('./entry')
+const { npmEntryFromWorkspace } = require('../lockfileV2/workspace')
 
@@ -54,7 +55,4 @@ const {
         const { name, dependencies } = nodeModulesTree[mPath]
+        const entry = npmEntry(nodeModulesTree, yarnObject, mPath) || npmEntryFromWorkspace(workspacesTree, name, modulesInPath, resolve(basePath.join(sep)).split(sep))
 
-        const entry = npmEntry(nodeModulesTree, yarnObject, mPath) || (workspacesTree && modulesInPath.length === 1 && {
-          version: `file:${workspacesTree[name].pkgPath.split(sep).slice(basePath.length).join(sep)}`
-        })
-
         if (!entry) {
@@ -61,0 +59,0 @@ return tree

lib/lockfileV2/index.js

@@ -10,3 +10,3 @@ 'use strict'
 const { convertNpmV1ToYarn } = require('../lockfileV1')
-const { readJson } = require('../../util/read')
+const { read } = require('../../util/read')
 const { getWorkspaces } = require('./workspace')
@@ -21,3 +21,3 @@ const sortObject = require('sort-object-keys')
     const workspacesTree = getWorkspaces(packageJson, packageDir).reduce((tree, pkgJsonPath) => {
-      const pkgJson = readJson(pkgJsonPath)
+      const pkgJson = read(pkgJsonPath)
       const pkgPath = pkgJsonPath.split(sep).slice(0, -1).join(sep) // trim "/package.json" ending
@@ -38,5 +38,7 @@
         const isWorkspacePkg = /^file:/.test(entry.version)
-        const _name = join(prefix, isWorkspacePkg ? entry.version.slice(5) : `node_modules/${name}`)
+        const _name = join(prefix, isWorkspacePkg ? entry.version.slice(5) : `node_modules${sep}${name}`)
         const pkgJsonPath = join(packageDir, _name, 'package.json')
-        const pkgJson = readJson(pkgJsonPath)
+        const pkgJson = read(pkgJsonPath)
+        const requires = entry.requires
+        const deps = (requires && Object.keys(requires).length > 0) ? requires : undefined
         const pkg = {
@@ -48,3 +50,4 @@ [_name]: {
             license: pkgJson.license,
-            dependencies: entry.requires || undefined
+            dependencies: deps,
+            dev: entry.dev
           }
@@ -54,3 +57,3 @@ }
           ? {
-            ['node_modules/' + name]: {
+            [`node_modules${sep}${name}`]: {
               resolved: _name,
@@ -64,3 +67,3 @@ link: true
           ...tree,
-          ...flattenDeps(entry.dependencies, `${_name}/`),
+          ...flattenDeps(entry.dependencies, `${_name}${sep}`),
           ...pkg,
@@ -74,3 +77,3 @@ ...link
       // append root package
-      '': pick(packageJson, 'name', 'version', 'license', 'workspaces', 'dependencies'),
+      '': pick(packageJson, 'name', 'version', 'license', 'workspaces', 'dependencies', 'devDependencies', 'optionalDependencies'),
       ...flattenDeps(dependencies)
@@ -77,0 +80,0 @@ })

lib/lockfileV2/workspace.js

 const glob = require('bash-glob')
+const { sep, resolve } = require('path')
 
@@ -14,3 +15,3 @@ module.exports = {
       {
-        cwd,
+        cwd: resolve(cwd),
         realpath: true,
@@ -20,3 +21,10 @@ ignore: '**/node_modules/**'
     )
+  },
+  npmEntryFromWorkspace (workspacesTree, name, modulesInPath, basePath) {
+    if (workspacesTree && workspacesTree[name] && modulesInPath.length === 1) {
+      return {
+        version: `file:${workspacesTree[name].pkgPath.split(sep).slice(basePath.length).join(sep)}`
+      }
+    }
   }
 }

package.json

 {
   "name": "synp",
-  "version": "1.8.0",
+  "version": "1.8.1",
   "description": "Convert yarn.lock to package-lock.json and vice versa",
@@ -5,0 +5,0 @@ "keywords": [

test/integration.spec.js

 'use strict'
 
 const test = require('tape')
+const sinon = require('sinon')
 const fs = require('fs')
@@ -313,2 +314,29 @@ const lockfile = require('@yarnpkg/lockfile')
 
+test('warn if `--with-workspace` flag is missed', async t => {
+  t.plan(2)
+  try {
+    const path = `${__dirname}/fixtures/yarn-workspace`
+    const warning = 'Workspace (npm lockfile v2) support is experimental. Pass `--with-workspaces` flag to enable and cross your fingers. Good luck!'
+
+    sinon.spy(console, 'warn')
+    npmToYarn(path)
+    yarnToNpm(path)
+
+    t.ok(
+      console.warn.alwaysCalledWithExactly(warning),
+      'console prints same warning for npmToYarn & yarnToNpm calls'
+    )
+
+    t.ok(
+      console.warn.calledTwice,
+      'console prints warning each time when it`s required'
+    )
+
+    console.warn.restore()
+  } catch (e) {
+    t.fail(e.stack)
+    t.end()
+  }
+})
+
 test('translate package-lock to yarn.lock when integrity url hash is absent, but integrity field is present', async t => {
@@ -406,5 +434,6 @@ try {
     const yarnLockSnap = fs.readFileSync(`${path}/.yarn-lock-snapshot`, 'utf-8')
+    const withWorkspace = true
 
     fs.writeFileSync(`${path}/yarn.lock`, yarnLockSnap)
-    const packageLock = yarnToNpm(path)
+    const packageLock = yarnToNpm(path, withWorkspace)
     t.deepEquals(
@@ -417,3 +446,3 @@ JSON.parse(packageLock),
     fs.writeFileSync(`${path}/package-lock.json`, packageLockSnap)
-    const yarnLock = npmToYarn(path)
+    const yarnLock = npmToYarn(path, withWorkspace)
     t.deepEquals(
@@ -429,1 +458,30 @@ lockfile.parse(yarnLock),
 })
+
+test('translate yarn.lock to package-lock.json for workspaces with cross-refs ', async t => {
+  try {
+    t.plan(2)
+    const path = `${__dirname}/fixtures/yarn-workspace-with-cross-refs`
+    const packageLockSnap = fs.readFileSync(`${path}/.package-lock-snapshot.json`, 'utf-8')
+    const yarnLockSnap = fs.readFileSync(`${path}/.yarn-lock-snapshot`, 'utf-8')
+    const withWorkspace = true
+
+    fs.writeFileSync(`${path}/yarn.lock`, yarnLockSnap)
+    const packageLock = yarnToNpm(path, withWorkspace)
+    t.deepEquals(
+      JSON.parse(packageLock),
+      JSON.parse(packageLockSnap),
+      'result is equal to package-lock.json snapshot'
+    )
+
+    fs.writeFileSync(`${path}/package-lock.json`, packageLockSnap)
+    const yarnLock = npmToYarn(path, withWorkspace)
+    t.deepEquals(
+      lockfile.parse(yarnLock),
+      lockfile.parse(yarnLockSnap),
+      'result is equal to yarn.lock snapshot'
+    )
+  } catch (e) {
+    t.fail(e.stack)
+    t.end()
+  }
+})

util/read.js

@@ -6,5 +6,7 @@ 'use strict'
 module.exports = {
-  readJson (path) {
-    return JSON.parse(readFileSync(path).toString('utf-8').trim())
+  read (path, skipParse) {
+    const contents = readFileSync(path).toString('utf-8')
+
+    return skipParse ? contents : JSON.parse(contents.trim())
   }
 }

util/traverse.js

 'use strict'
 
-const path = require('path')
+const { join, sep } = require('path')
 
 function parentPackagePath (parentPath) {
-  const nmPos = parentPath.lastIndexOf('/node_modules/')
+  const nmPos = (sep + parentPath).lastIndexOf(`${sep}node_modules${sep}`)
 
@@ -12,7 +12,7 @@ if (nmPos === -1) {
 
-  return parentPath.slice(0, nmPos)
+  return parentPath.slice(0, nmPos && nmPos - sep.length)
 }
 
 function findDepVersion (dep, nodeModulesTree, parentPath) {
-  const depPath = path.join(parentPath, 'node_modules', dep)
+  const depPath = join(parentPath, 'node_modules', dep)
   if (nodeModulesTree[depPath]) {
@@ -19,0 +19,0 @@ const { version } = nodeModulesTree[depPath]

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

202681

increased by1.53%

Lines of code

1457

increased by4.52%

Number of low supply chain risk alerts

6

decreased by-14.29%

No dependency changes