@pnpm/plugin-trusted-deps 0.2.2 → 0.3.0-0

package/allowBuilds.json

@@ -0,0 +1,374 @@
+{
+  "core-js": false,
+  "core-js-pure": false,
+  "es5-ext": false,
+  "less": false,
+  "protobufjs": false,
+  "@airbnb/node-memwatch": true,
+  "@apollo/protobufjs": true,
+  "@apollo/rover": true,
+  "@appsignal/nodejs": true,
+  "@arkweid/lefthook": true,
+  "@aws-amplify/cli": true,
+  "@bahmutov/add-typescript-to-cypress": true,
+  "@bazel/concatjs": true,
+  "@bazel/cypress": true,
+  "@bazel/esbuild": true,
+  "@bazel/hide-bazel-files": true,
+  "@bazel/jasmine": true,
+  "@bazel/protractor": true,
+  "@bazel/rollup": true,
+  "@bazel/terser": true,
+  "@bazel/typescript": true,
+  "@bufbuild/buf": true,
+  "@cdktf/node-pty-prebuilt-multiarch": true,
+  "@ckeditor/ckeditor5-vue": true,
+  "@cloudflare/wrangler": true,
+  "@contrast/fn-inspect": true,
+  "@cubejs-backend/cubestore": true,
+  "@cubejs-backend/native": true,
+  "@cypress/snapshot": true,
+  "@danmarshall/deckgl-typings": true,
+  "@datadog/mobile-react-native": true,
+  "@discordjs/opus": true,
+  "@eversdk/lib-node": true,
+  "@evilmartians/lefthook": true,
+  "@ffmpeg-installer/darwin-arm64": true,
+  "@ffmpeg-installer/darwin-x64": true,
+  "@ffmpeg-installer/linux-arm": true,
+  "@ffmpeg-installer/linux-arm64": true,
+  "@ffmpeg-installer/linux-ia32": true,
+  "@ffmpeg-installer/linux-x64": true,
+  "@ffprobe-installer/darwin-arm64": true,
+  "@ffprobe-installer/darwin-x64": true,
+  "@ffprobe-installer/linux-arm": true,
+  "@ffprobe-installer/linux-arm64": true,
+  "@ffprobe-installer/linux-ia32": true,
+  "@ffprobe-installer/linux-x64": true,
+  "@fingerprintjs/fingerprintjs-pro-react": true,
+  "@ghaiklor/x509": true,
+  "@go-task/cli": true,
+  "@injectivelabs/sdk-ts": true,
+  "@instana/autoprofile": true,
+  "@intlify/vue-i18n-bridge": true,
+  "@intlify/vue-router-bridge": true,
+  "@matteodisabatino/gc_info": true,
+  "@memlab/cli": true,
+  "@microsoft.azure/autorest-core": true,
+  "@microsoft/teamsfx-cli": true,
+  "@microsoft/ts-command-line": true,
+  "@napi-rs/pinyin": true,
+  "@nativescript/core": true,
+  "@netlify/esbuild": true,
+  "@newrelic/native-metrics": true,
+  "@notarize/qlc-cli": true,
+  "@nx-dotnet/core": true,
+  "@opensearch-project/oui": true,
+  "@pact-foundation/pact-node": true,
+  "@paloaltonetworks/postman-code-generators": true,
+  "@parcel/watcher": true,
+  "@pdftron/pdfnet-node": true,
+  "@percy/core": true,
+  "@pnpm/exe": true,
+  "@prisma/client": true,
+  "@prisma/engines": true,
+  "@progress/kendo-licensing": true,
+  "@pulumi/aws-native": true,
+  "@pulumi/awsx": true,
+  "@pulumi/command": true,
+  "@pulumi/kubernetes": true,
+  "@railway/cli": true,
+  "@replayio/cypress": true,
+  "@replayio/playwright": true,
+  "@roots/bud-framework": true,
+  "@sap/hana-client": true,
+  "@sap/hana-performance-tools": true,
+  "@sap/hana-theme-vscode": true,
+  "@scarf/scarf": true,
+  "@sematext/gc-stats": true,
+  "@sentry/capacitor": true,
+  "@sentry/profiling-node": true,
+  "@serialport/bindings": true,
+  "@serialport/bindings-cpp": true,
+  "@shopify/ngrok": true,
+  "@shopify/plugin-cloudflare": true,
+  "@sitespeed.io/chromedriver": true,
+  "@sitespeed.io/edgedriver": true,
+  "@softvisio/core": true,
+  "@splunk/otel": true,
+  "@strapi/strapi": true,
+  "@sveltejs/kit": true,
+  "@syncfusion/ej2-angular-base": true,
+  "@taquito/taquito": true,
+  "@temporalio/core-bridge": true,
+  "@tensorflow/tfjs-node": true,
+  "@trufflesuite/bigint-buffer": true,
+  "@typescript-tools/rust-implementation": true,
+  "@vaadin/vaadin-usage-statistics": true,
+  "@vscode/ripgrep": true,
+  "@vscode/sqlite3": true,
+  "abstract-socket": true,
+  "admin-lte": true,
+  "appdynamics": true,
+  "appium-chromedriver": true,
+  "appium-windows-driver": true,
+  "applicationinsights-native-metrics": true,
+  "argon2": true,
+  "autorest": true,
+  "aws-crt": true,
+  "azure-functions-core-tools": true,
+  "azure-streamanalytics-cicd": true,
+  "backport": true,
+  "bcrypt": true,
+  "better-sqlite3": true,
+  "bigint-buffer": true,
+  "blake-hash": true,
+  "bs-platform": true,
+  "bufferutil": true,
+  "bun": true,
+  "canvacord": true,
+  "canvas": true,
+  "cbor-extract": true,
+  "chromedriver": true,
+  "chromium": true,
+  "classic-level": true,
+  "cld": true,
+  "cldr-data": true,
+  "clevertap-react-native": true,
+  "clientjs": true,
+  "cmark-gfm": true,
+  "compresion": true,
+  "contentlayer": true,
+  "contextify": true,
+  "cordova.plugins.diagnostic": true,
+  "couchbase": true,
+  "cpu-features": true,
+  "cwebp-bin": true,
+  "cy2": true,
+  "cypress": true,
+  "dd-trace": true,
+  "deasync": true,
+  "detox": true,
+  "detox-recorder": true,
+  "diskusage": true,
+  "dotnet-2.0.0": true,
+  "dprint": true,
+  "drivelist": true,
+  "dtrace-provider": true,
+  "duckdb": true,
+  "dugite": true,
+  "eccrypto": true,
+  "egg-bin": true,
+  "egg-ci": true,
+  "electron": true,
+  "electron-chromedriver": true,
+  "electron-prebuilt": true,
+  "electron-winstaller": true,
+  "elm": true,
+  "elm-format": true,
+  "esbuild": true,
+  "esoftplay": true,
+  "event-loop-stats": true,
+  "exifreader": true,
+  "farmhash": true,
+  "fast-folder-size": true,
+  "faunadb": true,
+  "ffi": true,
+  "ffi-napi": true,
+  "ffmpeg-static": true,
+  "fibers": true,
+  "fmerge": true,
+  "free-email-domains": true,
+  "fs-xattr": true,
+  "full-icu": true,
+  "gatsby": true,
+  "gc-stats": true,
+  "gcstats.js": true,
+  "geckodriver": true,
+  "gentype": true,
+  "ghooks": true,
+  "gif2webp-bin": true,
+  "gifsicle": true,
+  "git-commit-msg-linter": true,
+  "git-validate": true,
+  "git-win": true,
+  "gl": true,
+  "go-ios": true,
+  "grpc": true,
+  "grpc-tools": true,
+  "handbrake-js": true,
+  "hasura-cli": true,
+  "heapdump": true,
+  "hiredis": true,
+  "hnswlib-node": true,
+  "hugo-bin": true,
+  "hummus": true,
+  "ibm_db": true,
+  "iconv": true,
+  "iedriver": true,
+  "iltorb": true,
+  "incremental-json-parser": true,
+  "install-peers": true,
+  "interruptor": true,
+  "iobroker.js-controller": true,
+  "iso-constants": true,
+  "isolated-vm": true,
+  "java": true,
+  "jest-preview": true,
+  "jpeg-recompress-bin": true,
+  "jpegtran-bin": true,
+  "keccak": true,
+  "kerberos": true,
+  "keytar": true,
+  "lefthook": true,
+  "leveldown": true,
+  "libpg-query": true,
+  "libpq": true,
+  "libxmljs": true,
+  "libxmljs2": true,
+  "lightningcss-cli": true,
+  "lint": true,
+  "lmdb": true,
+  "lmdb-store": true,
+  "local-cypress": true,
+  "lz4": true,
+  "lzma-native": true,
+  "lzo": true,
+  "macos-alias": true,
+  "mbt": true,
+  "memlab": true,
+  "microtime": true,
+  "minidump": true,
+  "mmmagic": true,
+  "modern-syslog": true,
+  "mongodb-client-encryption": true,
+  "mongodb-crypt-library-dummy": true,
+  "mongodb-crypt-library-version": true,
+  "mongodb-memory-server": true,
+  "mozjpeg": true,
+  "ms-chromium-edge-driver": true,
+  "msgpackr-extract": true,
+  "msnodesqlv8": true,
+  "msw": true,
+  "muhammara": true,
+  "netlify-cli": true,
+  "ngrok": true,
+  "ngx-popperjs": true,
+  "nice-napi": true,
+  "node": true,
+  "node-expat": true,
+  "node-hid": true,
+  "node-jq": true,
+  "node-libcurl": true,
+  "node-mac-contacts": true,
+  "node-pty": true,
+  "node-rdkafka": true,
+  "node-sass": true,
+  "node-webcrypto-ossl": true,
+  "node-zopfli": true,
+  "node-zopfli-es": true,
+  "nodegit": true,
+  "nodejieba": true,
+  "nodent-runtime": true,
+  "nx": true,
+  "odiff-bin": true,
+  "oniguruma": true,
+  "opencode-ai": true,
+  "optipng-bin": true,
+  "oracledb": true,
+  "os-dns-native": true,
+  "parse-server": true,
+  "phantomjs": true,
+  "phantomjs-prebuilt": true,
+  "pkcs11js": true,
+  "playwright-chromium": true,
+  "playwright-firefox": true,
+  "playwright-webkit": true,
+  "pngout-bin": true,
+  "pngquant-bin": true,
+  "posix": true,
+  "pprof": true,
+  "pre-commit": true,
+  "pre-push": true,
+  "prisma": true,
+  "protoc": true,
+  "protoc-gen-grpc-web": true,
+  "puppeteer": true,
+  "purescript": true,
+  "re2": true,
+  "react-jsx-parser": true,
+  "react-native-stylex": true,
+  "react-particles": true,
+  "react-tsparticles": true,
+  "react-vertical-timeline-component": true,
+  "realm": true,
+  "redis-memory-server": true,
+  "ref": true,
+  "ref-napi": true,
+  "registry-js": true,
+  "robotjs": true,
+  "sauce-connect-launcher": true,
+  "saucectl": true,
+  "secp256k1": true,
+  "segfault-handler": true,
+  "shared-git-hooks": true,
+  "sharp": true,
+  "simple-git-hooks": true,
+  "sleep": true,
+  "slice2js": true,
+  "snyk": true,
+  "sockopt": true,
+  "sodium-native": true,
+  "sonar-scanner": true,
+  "spago": true,
+  "spectron": true,
+  "spellchecker": true,
+  "sq-native": true,
+  "sqlite3": true,
+  "sse4_crc32": true,
+  "ssh2": true,
+  "storage-engine": true,
+  "subrequests": true,
+  "subrequests-express": true,
+  "subrequests-json-merger": true,
+  "supabase": true,
+  "svf-lib": true,
+  "swagger-ui": true,
+  "swiftlint": true,
+  "taiko": true,
+  "tldjs": true,
+  "tree-sitter": true,
+  "tree-sitter-cli": true,
+  "tree-sitter-json": true,
+  "tree-sitter-kotlin": true,
+  "tree-sitter-typescript": true,
+  "tree-sitter-yaml": true,
+  "truffle": true,
+  "tsparticles-engine": true,
+  "ttag-cli": true,
+  "ttf2woff2": true,
+  "typemoq": true,
+  "unix-dgram": true,
+  "ursa-optional": true,
+  "usb": true,
+  "utf-8-validate": true,
+  "v8-profiler-next": true,
+  "vue-demi": true,
+  "vue-echarts": true,
+  "vue-inbrowser-compiler-demi": true,
+  "wd": true,
+  "wdeasync": true,
+  "weak-napi": true,
+  "webdev-toolkit": true,
+  "windows-build-tools": true,
+  "wix-style-react": true,
+  "wordpos": true,
+  "workerd": true,
+  "wrtc": true,
+  "xxhash": true,
+  "yo": true,
+  "yorkie": true,
+  "zeromq": true,
+  "zlib-sync": true,
+  "zopflipng-bin": true
+}

package/index.js

@@ -1 +1,6 @@
 module.exports.TRUSTED_PACKAGE_NAMES = require('./allow.json')
+
+Object.defineProperty(module.exports, 'DEFAULT_ALLOW_BUILDS', {
+  get () { return require('./allowBuilds.json') },
+  enumerable: true,
+})

package/package.json

@@ -1,11 +1,13 @@
 {
   "name": "@pnpm/plugin-trusted-deps",
-  "version": "0.2.2",
+  "version": "0.3.0-0",
   "description": "A list of OSS packages that are known to require lifecycle scripts to function properly",
   "main": "index.js",
   "files": [
     "index.js",
     "allow.json",
+    "allowBuilds.json",
+    "untrusted.js",
     "pnpmfile.cjs"
   ],
   "keywords": [

package/pnpmfile.cjs

@@ -1,13 +1,32 @@
 module.exports = {
   hooks: {
     updateConfig (config) {
-      if (config.onlyBuiltDependencies == null) {
-        config.onlyBuiltDependencies = []
-      }
+      const pnpmMajor = parseInt(config.packageManager?.version?.split('.')[0] ?? '0', 10)
+      const useAllowBuilds = pnpmMajor >= 11
       const defaultAllowed = require('./allow.json')
-      if (!config.ignoredBuiltDependencies?.length) {
-        config.onlyBuiltDependencies.push(...defaultAllowed)
+      const defaultUntrusted = require('./untrusted.js')
+      if (useAllowBuilds) {
+        if (config.allowBuilds == null) {
+          config.allowBuilds = {}
+        }
+        for (const untrusted of defaultUntrusted) {
+          if (config.allowBuilds[untrusted] == null) {
+            config.allowBuilds[untrusted] = false
+          }
+        }
+        for (const allowed of defaultAllowed) {
+          if (config.allowBuilds[allowed] == null) {
+            config.allowBuilds[allowed] = true
+          }
+        }
       } else {
+        if (config.onlyBuiltDependencies == null) {
+          config.onlyBuiltDependencies = []
+        }
+        if (config.ignoredBuiltDependencies == null) {
+          config.ignoredBuiltDependencies = []
+        }
+        config.ignoredBuiltDependencies.push(...defaultUntrusted)
         const ignored = new Set(config.ignoredBuiltDependencies)
         for (const allowed of defaultAllowed) {
           if (!ignored.has(allowed)) {

package/untrusted.js

@@ -0,0 +1,8 @@
+module.exports = [
+  // Prints a message in postinstall script
+  'core-js',
+  'core-js-pure',
+  'es5-ext',
+  'less',
+  'protobufjs',
+]