npm - @sentry/cli - Versions diffs - 2.8.0 → 2.9.0 - Mend

@sentry/cli 2.8.0 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +9 -0
package/checksums.txt +9 -9
package/js/helper.js +21 -10
package/js/logger.js +14 -0
package/package.json +11 -6
package/scripts/install.js +25 -15
package/scripts/test-vercel-nft.js +16 -0

package/README.md CHANGED Viewed

@@ -97,6 +97,15 @@ docker pull getsentry/sentry-cli
 docker run --rm -v $(pwd):/work getsentry/sentry-cli --help
 ```
+Starting version _`2.8.0`_, in case you see `"error: config value 'safe.directory' was not found;"` message,
+you also need to correctly set UID and GID of mounted volumes like so:
+```sh
+docker run --rm -u "$(id -u):$(id -g)" -v $(pwd):/work getsentry/sentry-cli --help
+```
+This is required due to security issue in older `git` implementations. See [here](https://github.blog/2022-04-12-git-security-vulnerability-announced/) for more details.
 ## Compiling
 In case you want to compile this yourself, you need to install at minimum the

package/checksums.txt CHANGED Viewed

@@ -1,9 +1,9 @@
-sentry-cli-Darwin-arm64=772a45b9e9935f1105bdd3bd63f448bd78432fc4616c253cc6aa295f743c364c
-sentry-cli-Darwin-universal=a2aadaf804fad99ac70f52a32bf1f0ff53327ed52c2a723fea04bbe9cbde3485
-sentry-cli-Darwin-x86_64=eb4f04ad6c577fcf397a46c58e9d9a7073d777237f70a25af5c30c3f00060e55
-sentry-cli-Linux-aarch64=652b0a6fb992fac95b80bcc6d2f59868750ac22eb2ff4156d3c8bd646c934c3b
-sentry-cli-Linux-armv7=0c41f307f3f2a69270150b1b8fd41acbbcfbe8730610d3a7dd8bdd7aecac6613
-sentry-cli-Linux-i686=b543cf7394a0516fa85d69a63a8f0a91a5aa3ccceb5d40355193f8491224b1bf
-sentry-cli-Linux-x86_64=bbbd739afc0d8a6736ae45e5f6fcd6db87f7abf45de9fa76e5621834f2dfd15d
-sentry-cli-Windows-i686.exe=760d313eddd0f1dd5b23301635dc7c4512b021d9dc01067eb7fa6b54e4789078
-sentry-cli-Windows-x86_64.exe=a89a4ca913be1e5ff9ccb456b5bde221bb59128eb5ca2de0f6bcd09a119471ee
+sentry-cli-Darwin-arm64=1052d4eb071794634c1619850dd1cbdf91be9ffaa0e5ea5cb849eba0330ee729
+sentry-cli-Darwin-universal=db65a1ae2ff0322f0fcdae8848151f32159c53f80372ff1da961277498fa2ed0
+sentry-cli-Darwin-x86_64=05784bb587ab197c3c22c9928300ee4bb1943684a74154652c703472753d9b66
+sentry-cli-Linux-aarch64=0130b100deabf8a391945253de6dd173c021e0922bf0e0d0327b4c4ec6d1000f
+sentry-cli-Linux-armv7=602d0bb3dc29f99edd65646087ccabcfdfa5299bbea087b9371cd54801a756c3
+sentry-cli-Linux-i686=ad782c3fb8e4c3d0bf1883ca27b29298c5c309d594ade73a65bcae55844c2b25
+sentry-cli-Linux-x86_64=8d24e65b07eee362cd8e8b80a98b6029c66950c01cc58b4345f235fae2e243a4
+sentry-cli-Windows-i686.exe=0897d6848aabe654faf6483511f40fdff26d847a20e6291ef29969cc5ef92c1e
+sentry-cli-Windows-x86_64.exe=b5c67065525a37349bc68c33fe97faaf5ba8eba89849ef0986979928419ed10b

package/js/helper.js CHANGED Viewed

@@ -1,21 +1,29 @@
 'use strict';
+const path = require('path');
 const childProcess = require('child_process');
 /**
- * Absolute path to the sentry-cli binary (platform dependent).
- * @type {string}
+ * This convoluted function resolves the path to the `sentry-cli` binary in a
+ * way that can't be analysed by @vercel/nft.
+ *
+ * Without this, the binary can be detected as an asset and included by bundlers
+ * that use @vercel/nft.
+ * @returns {string} The path to the sentry-cli binary
  */
-let binaryPath = eval(
-  "require('path').resolve(__dirname, require('os').platform() === 'win32' ? '../sentry-cli.exe' : '../sentry-cli')"
-);
+function getBinaryPath() {
+  const parts = [];
+  parts.push(__dirname);
+  parts.push('..');
+  parts.push(`sentry-cli${process.platform === 'win32' ? '.exe' : ''}`);
+  return path.resolve(...parts);
+}
 /**
- * NOTE: `eval` usage is a workaround for @vercel/nft detecting the binary itself as the hard dependency
- *       and effectively always including it in the bundle, which is not what we want.
- * ref: https://github.com/getsentry/sentry-javascript/issues/3865
- * ref: https://github.com/vercel/nft/issues/203
+ * Absolute path to the sentry-cli binary (platform dependent).
+ * @type {string}
  */
+let binaryPath = getBinaryPath();
 /**
  * Overrides the default binary path with a mock value, useful for testing.
@@ -165,7 +173,10 @@ async function execute(args, live, silent, configFile, config = {}) {
   if (config.customHeader) {
     env.CUSTOM_HEADER = config.customHeader;
   } else if (config.headers) {
-    const headers = Object.entries(config.headers).flatMap(([key, value]) => ['--header', `${key}:${value}`]);
+    const headers = Object.entries(config.headers).flatMap(([key, value]) => [
+      '--header',
+      `${key}:${value}`,
+    ]);
     args = [...headers, ...args];
   }
   return new Promise((resolve, reject) => {

package/js/logger.js ADDED Viewed

@@ -0,0 +1,14 @@
+'use strict';
+const format = require('util').format;
+module.exports = class Logger {
+  constructor(stream) {
+    this.stream = stream;
+  }
+  log() {
+    const message = format(...arguments);
+    this.stream.write(`[sentry-cli] ${message}\n`);
+  }
+};

package/package.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "name": "@sentry/cli",
-  "version": "2.8.0",
+  "version": "2.9.0",
   "description": "A command line utility to work with Sentry. https://docs.sentry.io/hosted/learn/cli/",
   "repository": "git://github.com/getsentry/sentry-cli.git",
   "homepage": "https://docs.sentry.io/hosted/learn/cli/",
   "author": "Sentry",
   "license": "BSD-3-Clause",
   "engines": {
-    "node": ">= 12"
+    "node": ">= 10"
   },
   "main": "js/index.js",
   "types": "js/index.d.ts",
@@ -17,13 +17,13 @@
   "dependencies": {
     "https-proxy-agent": "^5.0.0",
     "node-fetch": "^2.6.7",
-    "npmlog": "^6.0.1",
     "progress": "^2.0.3",
     "proxy-from-env": "^1.1.0",
     "which": "^2.0.2"
   },
   "devDependencies": {
-    "eslint": "^8.13.0",
+    "@vercel/nft": "^0.22.1",
+    "eslint": "^7.32.0",
     "eslint-config-prettier": "^8.5.0",
     "jest": "^27.5.1",
     "npm-run-all": "^4.1.5",
@@ -34,11 +34,12 @@
     "fix": "npm-run-all fix:eslint fix:prettier",
     "fix:eslint": "eslint --fix bin/* scripts/**/*.js js/**/*.js",
     "fix:prettier": "prettier --write bin/* scripts/**/*.js js/**/*.js",
-    "test": "npm-run-all test:jest test:eslint test:prettier",
+    "test": "npm-run-all test:jest test:eslint test:prettier test:vercel-nft",
     "test:jest": "jest",
     "test:watch": "jest --watch --notify",
     "test:eslint": "eslint bin/* scripts/**/*.js js/**/*.js",
-    "test:prettier": "prettier --check  bin/* scripts/**/*.js js/**/*.js"
+    "test:prettier": "prettier --check  bin/* scripts/**/*.js js/**/*.js",
+    "test:vercel-nft": "node scripts/test-vercel-nft.js"
   },
   "jest": {
     "collectCoverage": true,
@@ -46,5 +47,9 @@
     "testPathIgnorePatterns": [
       "<rootDir>/src"
     ]
+  },
+  "volta": {
+    "node": "10.24.1",
+    "yarn": "1.22.19"
   }
 }

package/scripts/install.js CHANGED Viewed

@@ -15,11 +15,13 @@ const fetch = require('node-fetch');
 const HttpsProxyAgent = require('https-proxy-agent');
 const ProgressBar = require('progress');
 const Proxy = require('proxy-from-env');
-const npmLog = require('npmlog');
 const which = require('which');
 const helper = require('../js/helper');
 const pkgInfo = require('../package.json');
+const Logger = require('../js/logger');
+const logger = new Logger(getLogStream('stderr'));
 const CDN_URL =
   process.env.SENTRYCLI_LOCAL_CDNURL ||
@@ -157,14 +159,14 @@ function validateChecksum(tempPath, name) {
       }
     }
   } catch (e) {
-    npmLog.info(
+    logger.log(
       'Checksums are generated when the package is published to npm. They are not available directly in the source repository. Skipping validation.'
     );
     return;
   }
   if (!storedHash) {
-    npmLog.info(`Checksum for ${name} not found, skipping validation.`);
+    logger.log(`Checksum for ${name} not found, skipping validation.`);
     return;
   }
@@ -176,7 +178,7 @@ function validateChecksum(tempPath, name) {
       `Checksum validation for ${name} failed.\nExpected: ${storedHash}\nReceived: ${currentHash}`
     );
   } else {
-    npmLog.info('Checksum validation passed.');
+    logger.log('Checksum validation passed.');
   }
 }
@@ -188,7 +190,7 @@ async function downloadBinary() {
   if (process.env.SENTRYCLI_USE_LOCAL === '1') {
     try {
       const binPath = which.sync('sentry-cli');
-      npmLog.info('sentry-cli', `Using local binary: ${binPath}`);
+      logger.log(`Using local binary: ${binPath}`);
       fs.copyFileSync(binPath, outputPath);
       return Promise.resolve();
     } catch (e) {
@@ -206,7 +208,7 @@ async function downloadBinary() {
   const cachedPath = getCachedPath(downloadUrl);
   if (fs.existsSync(cachedPath)) {
-    npmLog.info('sentry-cli', `Using cached binary: ${cachedPath}`);
+    logger.log(`Using cached binary: ${cachedPath}`);
     fs.copyFileSync(cachedPath, outputPath);
     return;
   }
@@ -214,10 +216,10 @@ async function downloadBinary() {
   const proxyUrl = Proxy.getProxyForUrl(downloadUrl);
   const agent = proxyUrl ? new HttpsProxyAgent(proxyUrl) : null;
-  npmLog.info('sentry-cli', `Downloading from ${downloadUrl}`);
+  logger.log(`Downloading from ${downloadUrl}`);
   if (proxyUrl) {
-    npmLog.info('sentry-cli', `Using proxy URL: ${proxyUrl}`);
+    logger.log(`Using proxy URL: ${proxyUrl}`);
   }
   let response;
@@ -258,19 +260,29 @@ async function downloadBinary() {
     decompressor = new stream.PassThrough();
   }
   const name = downloadUrl.match(/.*\/(.*?)$/)[1];
-  const total = parseInt(response.headers.get('content-length'), 10);
-  const progressBar = createProgressBar(name, total);
+  let downloadedBytes = 0;
+  const totalBytes = parseInt(response.headers.get('content-length'), 10);
+  const progressBar = createProgressBar(name, totalBytes);
   const tempPath = getTempFile(cachedPath);
   fs.mkdirSync(path.dirname(tempPath), { recursive: true });
   await new Promise((resolve, reject) => {
     response.body
       .on('error', (e) => reject(e))
-      .on('data', (chunk) => progressBar.tick(chunk.length))
+      .on('data', (chunk) => {
+        downloadedBytes += chunk.length;
+        progressBar.tick(chunk.length);
+      })
       .pipe(decompressor)
       .pipe(fs.createWriteStream(tempPath, { mode: '0755' }))
       .on('error', (e) => reject(e))
-      .on('close', () => resolve());
+      .on('close', () => {
+        if (downloadedBytes >= totalBytes) {
+          resolve();
+        } else {
+          reject(new Error('connection interrupted'));
+        }
+      });
   });
   if (process.env.SENTRYCLI_SKIP_CHECKSUM_VALIDATION !== '1') {
@@ -306,10 +318,8 @@ if (process.env.SENTRYCLI_LOCAL_CDNURL) {
   process.on('exit', () => server.close());
 }
-npmLog.stream = getLogStream('stderr');
 if (process.env.SENTRYCLI_SKIP_DOWNLOAD === '1') {
-  npmLog.info('sentry-cli', `Skipping download because SENTRYCLI_SKIP_DOWNLOAD=1 detected.`);
+  logger.log(`Skipping download because SENTRYCLI_SKIP_DOWNLOAD=1 detected.`);
   process.exit(0);
 }

package/scripts/test-vercel-nft.js ADDED Viewed

@@ -0,0 +1,16 @@
+const { nodeFileTrace } = require('@vercel/nft');
+const entryPoint = require.resolve('..');
+// Trace the module entrypoint
+nodeFileTrace([entryPoint]).then((result) => {
+  console.log('@vercel/nft traced dependencies:', Array.from(result.fileList));
+  // If either binary is picked up, fail the test
+  if (result.fileList.has('sentry-cli') || result.fileList.has('sentry-cli.exe')) {
+    console.error('ERROR: The sentry-cli binary should not be found by @vercel/nft');
+    process.exit(-1);
+  } else {
+    console.log('The sentry-cli binary was not traced by @vercel/nft');
+  }
+});