@npmcli/template-oss 3.0.0 → 3.1.2

package/lib/check/check-required.js

@@ -1,29 +1,48 @@
+const log = require('proc-log')
+const npa = require('npm-package-arg')
+const { partition } = require('lodash')
 const hasPackage = require('../util/has-package.js')
-const { groupBy } = require('lodash')
-
-const run = ({ pkg, config: { requiredPackages = {} } }) => {
-  // ensure required packages are present in the correct place
-
-  const mustHave = Object.entries(requiredPackages).flatMap(([location, pkgs]) =>
-  // first make a flat array of {name, version, location}
-    Object.entries(pkgs).map(([name, version]) => ({
-      name,
-      version,
-      location,
-    })))
-    .filter(({ name, version, location }) => !hasPackage(pkg, name, version, [location]))
-
-  if (mustHave.length) {
-    return Object.entries(groupBy(mustHave, 'location')).map(([location, specs]) => {
-      const rm = specs.map(({ name }) => name).join(' ')
-      const install = specs.map(({ name, version }) => `${name}@${version}`).join(' ')
-      const installLocation = hasPackage.flags[location]
+
+const rmCommand = (specs) =>
+  `npm rm ${specs.map((s) => s.name).join(' ')}`.trim()
+
+const installCommand = (specs, flags) => specs.length ?
+  `npm i ${specs.map((s) => `${s.name}@${s.fetchSpec}`).join(' ')} ${flags.join(' ')}`.trim() : ''
+
+// ensure required packages are present in the correct place
+const run = ({ pkg, path, config: { requiredPackages = {} } }) => {
+  // keys are the dependency location in package.json
+  // values are a filtered list of parsed specs that dont exist in the current package
+  // { [location]: [spec1, spec2] }
+  const requiredByLocation = Object.entries(requiredPackages)
+    .reduce((acc, [location, pkgs]) => {
+      acc[location] = pkgs
+        .filter((spec) => !hasPackage(pkg, spec, [location], path))
+        .map((spec) => npa(spec))
+      log.verbose(location, pkg, pkgs)
+      return acc
+    }, {})
+
+  const requiredEntries = Object.entries(requiredByLocation)
+
+  log.verbose('check-required', requiredEntries)
+
+  if (requiredEntries.flatMap(([, specs]) => specs).length) {
+    return requiredEntries.map(([location, specs]) => {
+      const locationFlag = hasPackage.flags[location]
+      const [exactSpecs, saveSpecs] = partition(specs, (s) => s.type === 'version')
+
+      log.verbose('check-required', location, specs)
 
       return {
         title: `The following required ${location} were not found:`,
-        body: specs.map(({ name, version }) => `${name}@${version}`),
+        body: specs.map((s) => s.rawSpec ? `${s.name}@${s.rawSpec}` : s.name),
         // solution is to remove any existing all at once but add back in by --save-<location>
-        solution: [`npm rm ${rm}`, `npm i ${install} ${installLocation}`].join(' && '),
+        solution: [
+          rmCommand(specs),
+          installCommand(saveSpecs, [locationFlag]),
+          installCommand(exactSpecs, [locationFlag, '--save-exact']),
+        ].filter(Boolean).join(' && '),
       }
     })
   }

package/lib/content/audit.yml

@@ -11,6 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       {{> setupGit}}
-      {{> setupNode }}
+      {{> setupNode}}
       - run: npm i --package-lock
       - run: npm audit

package/lib/content/ci.yml

@@ -7,7 +7,7 @@ on:
       - '*'
     {{#if pkgRelPath}}
     paths:
-      - {{pkgRelPath}}
+      - {{pkgRelPath}}/**
     {{/if}}
   push:
     branches:
@@ -16,7 +16,7 @@ on:
       {{/each}}
     {{#if pkgRelPath}}
     paths:
-      - {{pkgRelPath}}
+      - {{pkgRelPath}}/**
     {{/if}}
   schedule:
     # "At 02:00 on Monday" https://crontab.guru/#0_2_*_*_1
@@ -54,6 +54,6 @@ jobs:
         shell: $\{{ matrix.platform.shell }}
     steps:
       {{> setupGit}}
-      {{> setupNode}}
+      {{> setupNode useMatrix=true}}
       - run: npm i
       - run: npm test --ignore-scripts {{~#if isWorkspace}} -w {{pkgName}}{{/if}}

package/lib/content/dependabot.yml

@@ -7,7 +7,7 @@ updates:
       interval: daily
     allow:
       - dependency-type: direct
-    versioning-strategy: increase
+    versioning-strategy: increase-if-necessary
     commit-message:
       prefix: deps
       prefix-development: chore

package/lib/content/index.js

@@ -1,3 +1,5 @@
+const { name: NAME, version: LATEST_VERSION } = require('../../package.json')
+
 // Changes applied to the root of the repo
 const rootRepo = {
   add: {
@@ -26,7 +28,7 @@ const rootModule = {
     '.gitignore': 'gitignore',
     '.npmrc': 'npmrc',
     'SECURITY.md': 'SECURITY.md',
-    'package.json': 'package.json',
+    'package.json': 'pkg.json',
   },
   rm: [
     '.eslintrc.!(js|local.*)',
@@ -37,7 +39,7 @@ const rootModule = {
 const workspaceRepo = {
   add: {
     '.github/workflows/release-please-{{pkgNameFs}}.yml': 'release-please.yml',
-    '.github/workflows/ci-{{pkgNameFs}}.yml': 'ci.yml'
+    '.github/workflows/ci-{{pkgNameFs}}.yml': 'ci.yml',
   },
 }
 
@@ -46,7 +48,7 @@ const workspaceModule = {
   add: {
     '.eslintrc.js': 'eslintrc.js',
     '.gitignore': 'gitignore',
-    'package.json': 'package.json',
+    'package.json': 'pkg.json',
   },
   rm: [
     '.npmrc',
@@ -73,18 +75,18 @@ module.exports = {
     'standard',
   ],
   requiredPackages: {
-    devDependencies: {
-      '@npmcli/template-oss': '*',
-      '@npmcli/eslint-config': '>=3.0.0',
-      tap: '>=15.0.0',
-    },
+    devDependencies: [
+      `${NAME}@${LATEST_VERSION}`,
+      '@npmcli/eslint-config',
+      'tap',
+    ],
   },
   allowedPackages: [],
   changelogTypes: [
-    { type: "feat", section: "Features", hidden: false },
-    { type: "fix", section: "Bug Fixes", hidden: false },
-    { type: "docs", section: "Documentation", hidden: false },
-    { type: "deps", section: "Dependencies", hidden: false },
-    { type: "chore", hidden: true },
+    { type: 'feat', section: 'Features', hidden: false },
+    { type: 'fix', section: 'Bug Fixes', hidden: false },
+    { type: 'docs', section: 'Documentation', hidden: false },
+    { type: 'deps', section: 'Dependencies', hidden: false },
+    { type: 'chore', hidden: true },
   ],
 }

package/lib/content/post-dependabot.yml

@@ -5,6 +5,7 @@ on:
 
 # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps
 permissions:
+  actions: write
   contents: write
 
 jobs:
@@ -20,7 +21,7 @@ jobs:
         with:
           github-token: "$\{{ secrets.GITHUB_TOKEN }}"
       - name: npm install and commit
-        if: contains(steps.metadata.outputs.dependency-names, '@npmcli/template-oss')
+        if: contains(steps.metadata.outputs.dependency-names, '{{__NAME__}}')
         env:
           GITHUB_TOKEN: $\{{ secrets.GITHUB_TOKEN }}
         run: |

package/lib/content/pull-request.yml

@@ -16,13 +16,10 @@ jobs:
       {{> setupGit with=(obj fetch-depth=0)}}
       {{> setupNode}}
       - name: Install deps
-        run: |
-          npm i -D @commitlint/cli @commitlint/config-conventional
+        run: npm i -D @commitlint/cli @commitlint/config-conventional
       - name: Check commits OR PR title
         env:
           PR_TITLE: $\{{ github.event.pull_request.title }}
         run: |
-          npx commitlint -x @commitlint/config-conventional -V \
-            --from origin/main --to $\{{ github.event.pull_request.head.sha }} \
-            || echo $PR_TITLE | \
-            npx commitlint -x @commitlint/config-conventional -V
+          npx --offline commitlint -V --from origin/main --to $\{{ github.event.pull_request.head.sha }} \
+            || echo $PR_TITLE | npx --offline commitlint -V

package/lib/content/setup-node.yml

@@ -1,9 +1,10 @@
 - uses: actions/setup-node@v3
   with:
-    node-version: {{#each ciVersions}}{{#if @last}}{{.}}{{/if}}{{/each}}
+    node-version: {{#if useMatrix}}$\{{ matrix.node-version }}{{else}}{{#each ciVersions}}{{#if @last}}{{.}}{{/if}}{{/each}}{{/if}}
+{{#if useMatrix}}
 - name: Update to workable npm (windows)
   # node 12 and 14 ship with npm@6, which is known to fail when updating itself in windows
-  if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12') || startsWith(matrix.node-version, '14'))
+  if: matrix.platform.os == 'windows-latest' && (startsWith(matrix.node-version, '12.') || startsWith(matrix.node-version, '14.'))
   run: |
     curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz
     tar xf npm-7.5.4.tgz
@@ -13,9 +14,12 @@
     rmdir /s /q package
 - name: Update npm to 7
   # If we do test on npm 10 it needs npm7
-  if: matrix.node-version <= 10
+  if: startsWith(matrix.node-version, '10.')
   run: npm i --prefer-online --no-fund --no-audit -g npm@7
 - name: Update npm to latest
-  if: matrix.node-version > 10
+  if: $\{{ !startsWith(matrix.node-version, '10.') }}
+{{else}}
+- name: Update npm to latest
+{{/if}}
   run: npm i --prefer-online --no-fund --no-audit -g npm@latest
 - run: npm -v

package/lib/util/has-package.js

@@ -1,5 +1,7 @@
-const intersects = require('semver/ranges/intersects')
+const semver = require('semver')
+const npa = require('npm-package-arg')
 const { has } = require('lodash')
+const { join } = require('path')
 
 const installLocations = [
   'dependencies',
@@ -9,20 +11,71 @@ const installLocations = [
   'optionalDependencies',
 ]
 
+// from a spec get either a semver version or range. it gets parsed with npa and
+// only a few appropriate types are handled. eg this doesnt match any git
+// shas/tags, etc
+const getSpecVersion = (spec, where) => {
+  const arg = npa(spec, where)
+  switch (arg.type) {
+    case 'range':
+      return new semver.Range(arg.fetchSpec)
+    case 'tag': {
+      // special case an empty spec to mean any version
+      return arg.rawSpec === '' && new semver.Range('*')
+    }
+    case 'version':
+      return new semver.SemVer(arg.fetchSpec)
+    case 'directory': {
+      // allows this repo to use a file spec as a devdep and pass this check
+      const pkg = require(join(arg.fetchSpec, 'package.json'))
+      return new semver.SemVer(pkg.version)
+    }
+  }
+  return null
+}
+
+const isVersion = (s) => s instanceof semver.SemVer
+
+// Returns whether the pkg has the dependency in a semver
+// compatible version in one or more locationscccc
 const hasPackage = (
   pkg,
-  name,
-  version = '*',
-  locations = installLocations
-) => locations
-  .map((l) => pkg[l])
-  .some((deps) =>
-    has(deps, name) &&
-    (version === '*' || intersects(deps[name], version))
-  )
+  spec,
+  locations = installLocations,
+  path
+) => {
+  const name = npa(spec).name
+  const requested = getSpecVersion(spec)
 
-module.exports = hasPackage
+  if (!requested) {
+    return false
+  }
 
+  const existingByLocation = locations
+    .map((location) => pkg[location])
+    .filter((deps) => has(deps, name))
+    .map((deps) => getSpecVersion(`${name}@${deps[name]}`, path))
+    .filter(Boolean)
+
+  return existingByLocation.some((existing) => {
+    switch ([existing, requested].map((t) => isVersion(t) ? 'VER' : 'RNG').join('-')) {
+      case `VER-VER`:
+        // two versions, use semver.eq to check equality
+        return semver.eq(existing, requested)
+      case `RNG-RNG`:
+        // two ranges, existing must be entirely within the requested
+        return semver.subset(existing, requested)
+      case `VER-RNG`:
+        // requesting a range with existing version is ok if it satisfies
+        return semver.satisfies(existing, requested)
+      case `RNG-VER`:
+        // requesting a pinned version but has a range, always false
+        return false
+    }
+  })
+}
+
+module.exports = hasPackage
 module.exports.flags = installLocations.reduce((acc, location) => {
   const type = location.replace(/dependencies/i, '')
   acc[location] = '--save' + (type ? `-${type}` : '')

package/lib/util/json-diff.js

@@ -4,11 +4,10 @@ const { diff } = require('just-diff')
 
 const j = (obj, replacer = null) => JSON.stringify(obj, replacer, 2)
 
-const jsonDiff = (s1, s2, DELETE) => {
-  // DELETE is a special string that will be the value of updated if it exists
-  // but should be deleted
-
-  const ops = diff(s1, s2).map(({ op, path, value }) => {
+// DELETE is a special string that will be the value of updated if it exists
+// but should be deleted
+const jsonDiff = (s1, s2, DELETE) => diff(s1, s2)
+  .map(({ op, path, value }) => {
     // there could be cases where a whole object is reported
     // as missing and the expected value does not need to show
     // special DELETED values so filter those out here
@@ -26,13 +25,9 @@ const jsonDiff = (s1, s2, DELETE) => {
     } else if (op === 'add' && value !== DELETE) {
       return AD
     }
-  }).filter(Boolean).sort((a, b) => a.localeCompare(b))
-
-  if (!ops.length) {
-    return true
-  }
-
-  return ops.join('\n')
-}
+  })
+  .filter(Boolean)
+  .sort((a, b) => a.localeCompare(b))
+  .join('\n')
 
 module.exports = jsonDiff

package/lib/util/parser.js

@@ -77,7 +77,7 @@ class Base {
     // create a patch and strip out the filename. if it ends up an empty string
     // then return true since the files are equal
     return Diff.createPatch('', t.replace(/\r\n/g, '\n'), s.replace(/\r\n/g, '\n'))
-      .split('\n').slice(4).join('\n').trim() || true
+      .split('\n').slice(4).join('\n')
   }
 
   diff (t, s) {
@@ -142,9 +142,10 @@ class Base {
       ].join('\n')
     }
 
-    // individual diff methods are responsible for formatting or returning
-    // true if the are equal
-    return this.diff(target, source)
+    // individual diff methods are responsible for returning a string
+    // representing the diff. an empty trimmed string means no diff
+    const diffRes = this.diff(target, source).trim()
+    return diffRes || true
   }
 }
 
@@ -224,7 +225,7 @@ class JsonMerge extends Json {
 }
 
 class PackageJson extends JsonMerge {
-  static types = ['package.json']
+  static types = ['pkg.json']
 
   async prepare (s, t) {
     // merge new source with current pkg content

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/template-oss",
-  "version": "3.0.0",
+  "version": "3.1.2",
   "description": "templated files used in npm CLI team oss projects",
   "main": "lib/content/index.js",
   "bin": {
@@ -17,7 +17,8 @@
     "snap": "tap",
     "test": "tap",
     "template-oss-apply": "template-oss-apply --force",
-    "postlint": "template-oss-check"
+    "postlint": "template-oss-check",
+    "postinstall": "template-oss-apply"
   },
   "repository": {
     "type": "git",
@@ -40,6 +41,7 @@
     "json-parse-even-better-errors": "^2.3.1",
     "just-diff": "^5.0.1",
     "lodash": "^4.17.21",
+    "npm-package-arg": "^9.0.1",
     "proc-log": "^2.0.0",
     "semver": "^7.3.5",
     "yaml": "^2.0.0-10"
@@ -58,8 +60,5 @@
   },
   "engines": {
     "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
-  },
-  "eslintIgnore": [
-    "lib/content/"
-  ]
+  }
 }