@yarnpkg/plugin-essentials 4.0.0 → 4.0.2

package/lib/commands/add.js

@@ -240,7 +240,7 @@ AddCommand.usage = clipanion_1.Command.Usage({
 
       - \`update-lockfile\` will skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.
 
-      For a compilation of all the supported protocols, please consult the dedicated page from our website: https://yarnpkg.com/features/protocols.
+      For a compilation of all the supported protocols, please consult the dedicated page from our website: https://yarnpkg.com/protocols.
     `,
     examples: [[
             `Add a regular package to the current workspace`,

package/lib/commands/explain/peerRequirements.d.ts

@@ -5,7 +5,7 @@ import { Writable } from 'stream';
 export default class ExplainPeerRequirementsCommand extends BaseCommand {
     static paths: string[][];
     static usage: import("clipanion").Usage;
-    hash: string | undefined;
+    hash: string;
     execute(): Promise<0 | 1>;
 }
 export declare function explainPeerRequirements(peerRequirementsHash: string, project: Project, opts: {

package/lib/commands/explain/peerRequirements.js

@@ -11,8 +11,7 @@ class ExplainPeerRequirementsCommand extends cli_1.BaseCommand {
     constructor() {
         super(...arguments);
         this.hash = clipanion_1.Option.String({
-            required: false,
-            validator: t.applyCascade(t.isString(), [
+            validator: t.cascade(t.isString(), [
                 t.matchesRegExp(/^p[0-9a-f]{5}$/),
             ]),
         });
@@ -23,42 +22,10 @@ class ExplainPeerRequirementsCommand extends cli_1.BaseCommand {
         await project.restoreInstallState({
             restoreResolutions: false,
         });
-        // peerRequirements aren't stored inside the install state
         await project.applyLightResolution();
-        if (typeof this.hash !== `undefined`) {
-            return await explainPeerRequirements(this.hash, project, {
-                stdout: this.context.stdout,
-            });
-        }
-        const report = await core_1.StreamReport.start({
-            configuration,
+        return await explainPeerRequirements(this.hash, project, {
             stdout: this.context.stdout,
-            includeFooter: false,
-        }, async (report) => {
-            const sortCriterias = [
-                ([, requirement]) => core_1.structUtils.stringifyLocator(project.storedPackages.get(requirement.subject)),
-                ([, requirement]) => core_1.structUtils.stringifyIdent(requirement.requested),
-            ];
-            for (const [hash, requirement] of core_1.miscUtils.sortMap(project.peerRequirements, sortCriterias)) {
-                const subject = project.storedPackages.get(requirement.subject);
-                if (typeof subject === `undefined`)
-                    throw new Error(`Assertion failed: Expected the subject package to have been registered`);
-                const rootRequester = project.storedPackages.get(requirement.rootRequester);
-                if (typeof rootRequester === `undefined`)
-                    throw new Error(`Assertion failed: Expected the root package to have been registered`);
-                const providedDescriptor = subject.dependencies.get(requirement.requested.identHash) ?? null;
-                const prettyHash = core_1.formatUtils.pretty(configuration, hash, core_1.formatUtils.Type.CODE);
-                const prettySubject = core_1.structUtils.prettyLocator(configuration, subject);
-                const prettyIdent = core_1.structUtils.prettyIdent(configuration, requirement.requested);
-                const prettyRoot = core_1.structUtils.prettyIdent(configuration, rootRequester);
-                const descendantCount = requirement.allRequesters.length - 1;
-                const pluralized = `descendant${descendantCount === 1 ? `` : `s`}`;
-                const maybeDescendants = descendantCount > 0 ? ` and ${descendantCount} ${pluralized}` : ``;
-                const provides = providedDescriptor !== null ? `provides` : `doesn't provide`;
-                report.reportInfo(null, `${prettyHash} → ${prettySubject} ${provides} ${prettyIdent} to ${prettyRoot}${maybeDescendants}`);
-            }
         });
-        return report.exitCode();
     }
 }
 ExplainPeerRequirementsCommand.paths = [
@@ -85,79 +52,83 @@ ExplainPeerRequirementsCommand.usage = clipanion_1.Command.Usage({
 });
 exports.default = ExplainPeerRequirementsCommand;
 async function explainPeerRequirements(peerRequirementsHash, project, opts) {
-    const { configuration } = project;
-    const requirement = project.peerRequirements.get(peerRequirementsHash);
-    if (typeof requirement === `undefined`)
+    const warning = project.peerWarnings.find(warning => {
+        return warning.hash === peerRequirementsHash;
+    });
+    if (typeof warning === `undefined`)
         throw new Error(`No peerDependency requirements found for hash: "${peerRequirementsHash}"`);
     const report = await core_1.StreamReport.start({
-        configuration,
+        configuration: project.configuration,
         stdout: opts.stdout,
         includeFooter: false,
+        includePrefix: false,
     }, async (report) => {
-        const subject = project.storedPackages.get(requirement.subject);
-        if (typeof subject === `undefined`)
-            throw new Error(`Assertion failed: Expected the subject package to have been registered`);
-        const rootRequester = project.storedPackages.get(requirement.rootRequester);
-        if (typeof rootRequester === `undefined`)
-            throw new Error(`Assertion failed: Expected the root package to have been registered`);
-        const providedDescriptor = subject.dependencies.get(requirement.requested.identHash) ?? null;
-        const providedResolution = providedDescriptor !== null
-            ? project.storedResolutions.get(providedDescriptor.descriptorHash)
-            : null;
-        if (typeof providedResolution === `undefined`)
-            throw new Error(`Assertion failed: Expected the resolution to have been registered`);
-        const provided = providedResolution !== null
-            ? project.storedPackages.get(providedResolution)
-            : null;
-        if (typeof provided === `undefined`)
-            throw new Error(`Assertion failed: Expected the provided package to have been registered`);
-        const allRequesters = [...requirement.allRequesters.values()].map(requesterHash => {
-            const pkg = project.storedPackages.get(requesterHash);
-            if (typeof pkg === `undefined`)
-                throw new Error(`Assertion failed: Expected the package to be registered`);
-            const devirtualizedLocator = core_1.structUtils.devirtualizeLocator(pkg);
-            const devirtualizedPkg = project.storedPackages.get(devirtualizedLocator.locatorHash);
-            if (typeof devirtualizedPkg === `undefined`)
-                throw new Error(`Assertion failed: Expected the package to be registered`);
-            const peerDependency = devirtualizedPkg.peerDependencies.get(requirement.requested.identHash);
-            if (typeof peerDependency === `undefined`)
-                throw new Error(`Assertion failed: Expected the peer dependency to be registered`);
-            return { pkg, peerDependency };
-        });
-        if (provided !== null) {
-            const satisfiesAllRanges = allRequesters.every(({ peerDependency }) => {
-                return core_1.semverUtils.satisfiesWithPrereleases(provided.version, peerDependency.range);
-            });
-            report.reportInfo(core_1.MessageName.UNNAMED, `${core_1.structUtils.prettyLocator(configuration, subject)} provides ${core_1.structUtils.prettyLocator(configuration, provided)} with version ${core_1.structUtils.prettyReference(configuration, provided.version ?? `<missing>`)}, which ${satisfiesAllRanges ? `satisfies` : `doesn't satisfy`} the following requirements:`);
-        }
-        else {
-            report.reportInfo(core_1.MessageName.UNNAMED, `${core_1.structUtils.prettyLocator(configuration, subject)} doesn't provide ${core_1.structUtils.prettyIdent(configuration, requirement.requested)}, breaking the following requirements:`);
-        }
-        report.reportSeparator();
-        const Mark = core_1.formatUtils.mark(configuration);
-        const requirements = [];
-        for (const { pkg, peerDependency } of core_1.miscUtils.sortMap(allRequesters, requester => core_1.structUtils.stringifyLocator(requester.pkg))) {
-            const isSatisfied = provided !== null
-                ? core_1.semverUtils.satisfiesWithPrereleases(provided.version, peerDependency.range)
-                : false;
-            const mark = isSatisfied ? Mark.Check : Mark.Cross;
-            requirements.push({
-                stringifiedLocator: core_1.structUtils.stringifyLocator(pkg),
-                prettyLocator: core_1.structUtils.prettyLocator(configuration, pkg),
-                prettyRange: core_1.structUtils.prettyRange(configuration, peerDependency.range),
-                mark,
-            });
-        }
-        const maxStringifiedLocatorLength = Math.max(...requirements.map(({ stringifiedLocator }) => stringifiedLocator.length));
-        const maxPrettyRangeLength = Math.max(...requirements.map(({ prettyRange }) => prettyRange.length));
-        for (const { stringifiedLocator, prettyLocator, prettyRange, mark } of core_1.miscUtils.sortMap(requirements, ({ stringifiedLocator }) => stringifiedLocator)) {
-            report.reportInfo(null, `${
-            // We have to do this because prettyLocators can contain multiple colors
-            prettyLocator.padEnd(maxStringifiedLocatorLength + (prettyLocator.length - stringifiedLocator.length), ` `)} → ${prettyRange.padEnd(maxPrettyRangeLength, ` `)} ${mark}`);
-        }
-        if (requirements.length > 1) {
-            report.reportSeparator();
-            report.reportInfo(core_1.MessageName.UNNAMED, `Note: these requirements start with ${core_1.structUtils.prettyLocator(project.configuration, rootRequester)}`);
+        const Marks = core_1.formatUtils.mark(project.configuration);
+        switch (warning.type) {
+            case core_1.PeerWarningType.NotCompatibleAggregate:
+                {
+                    report.reportInfo(core_1.MessageName.UNNAMED, `We have a problem with ${core_1.formatUtils.pretty(project.configuration, warning.requested, core_1.formatUtils.Type.IDENT)}, which is provided with version ${core_1.structUtils.prettyReference(project.configuration, warning.version)}.`);
+                    report.reportInfo(core_1.MessageName.UNNAMED, `It is needed by the following direct dependencies of workspaces in your project:`);
+                    report.reportSeparator();
+                    for (const dependent of warning.requesters.values()) {
+                        const dependentPkg = project.storedPackages.get(dependent.locatorHash);
+                        if (!dependentPkg)
+                            throw new Error(`Assertion failed: Expected the package to be registered`);
+                        const descriptor = dependentPkg?.peerDependencies.get(warning.requested.identHash);
+                        if (!descriptor)
+                            throw new Error(`Assertion failed: Expected the package to list the peer dependency`);
+                        const mark = core_1.semverUtils.satisfiesWithPrereleases(warning.version, descriptor.range)
+                            ? Marks.Check
+                            : Marks.Cross;
+                        report.reportInfo(null, `  ${mark} ${core_1.structUtils.prettyLocator(project.configuration, dependent)} (via ${core_1.structUtils.prettyRange(project.configuration, descriptor.range)})`);
+                    }
+                    const transitiveLinks = [...warning.links.values()].filter(link => {
+                        return !warning.requesters.has(link.locatorHash);
+                    });
+                    if (transitiveLinks.length > 0) {
+                        report.reportSeparator();
+                        report.reportInfo(core_1.MessageName.UNNAMED, `However, those packages themselves have more dependencies listing ${core_1.structUtils.prettyIdent(project.configuration, warning.requested)} as peer dependency:`);
+                        report.reportSeparator();
+                        for (const link of transitiveLinks) {
+                            const linkPkg = project.storedPackages.get(link.locatorHash);
+                            if (!linkPkg)
+                                throw new Error(`Assertion failed: Expected the package to be registered`);
+                            const descriptor = linkPkg?.peerDependencies.get(warning.requested.identHash);
+                            if (!descriptor)
+                                throw new Error(`Assertion failed: Expected the package to list the peer dependency`);
+                            const mark = core_1.semverUtils.satisfiesWithPrereleases(warning.version, descriptor.range)
+                                ? Marks.Check
+                                : Marks.Cross;
+                            report.reportInfo(null, `  ${mark} ${core_1.structUtils.prettyLocator(project.configuration, link)} (via ${core_1.structUtils.prettyRange(project.configuration, descriptor.range)})`);
+                        }
+                    }
+                    const allRanges = Array.from(warning.links.values(), locator => {
+                        const pkg = project.storedPackages.get(locator.locatorHash);
+                        if (typeof pkg === `undefined`)
+                            throw new Error(`Assertion failed: Expected the package to be registered`);
+                        const peerDependency = pkg.peerDependencies.get(warning.requested.identHash);
+                        if (typeof peerDependency === `undefined`)
+                            throw new Error(`Assertion failed: Expected the ident to be registered`);
+                        return peerDependency.range;
+                    });
+                    if (allRanges.length > 1) {
+                        const resolvedRange = core_1.semverUtils.simplifyRanges(allRanges);
+                        report.reportSeparator();
+                        if (resolvedRange === null) {
+                            report.reportInfo(core_1.MessageName.UNNAMED, `Unfortunately, put together, we found no single range that can satisfy all those peer requirements.`);
+                            report.reportInfo(core_1.MessageName.UNNAMED, `Your best option may be to try to upgrade some dependencies with ${core_1.formatUtils.pretty(project.configuration, `yarn up`, core_1.formatUtils.Type.CODE)}, or silence the warning via ${core_1.formatUtils.pretty(project.configuration, `logFilters`, core_1.formatUtils.Type.CODE)}.`);
+                        }
+                        else {
+                            report.reportInfo(core_1.MessageName.UNNAMED, `Put together, the final range we computed is ${core_1.formatUtils.pretty(project.configuration, resolvedRange, core_1.formatUtils.Type.RANGE)}`);
+                        }
+                    }
+                }
+                break;
+            default:
+                {
+                    report.reportInfo(core_1.MessageName.UNNAMED, `The ${core_1.formatUtils.pretty(project.configuration, `yarn explain peer-requirements`, core_1.formatUtils.Type.CODE)} command doesn't support this warning type yet.`);
+                }
+                break;
         }
     });
     return report.exitCode();

package/lib/commands/install.js

@@ -241,6 +241,18 @@ class YarnCommand extends cli_1.BaseCommand {
             restoreResolutions: false,
         });
         const enableHardenedMode = configuration.get(`enableHardenedMode`);
+        if (enableHardenedMode && typeof configuration.sources.get(`enableHardenedMode`) === `undefined`) {
+            await core_1.StreamReport.start({
+                configuration,
+                json: this.json,
+                stdout: this.context.stdout,
+                includeFooter: false,
+            }, async (report) => {
+                report.reportWarning(core_1.MessageName.UNNAMED, `Yarn detected that the current workflow is executed from a public pull request. For safety the hardened mode has been enabled.`);
+                report.reportWarning(core_1.MessageName.UNNAMED, `It will prevent malicious lockfile manipulations, in exchange for a slower install time. You can opt-out if necessary; check our ${core_1.formatUtils.applyHyperlink(configuration, `documentation`, `https://yarnpkg.com/features/security#hardened-mode`)} for more details.`);
+                report.reportSeparator();
+            });
+        }
         if (this.refreshLockfile ?? enableHardenedMode)
             project.lockfileNeedsRefresh = true;
         const checkResolutions = this.checkResolutions ?? enableHardenedMode;
@@ -251,15 +263,17 @@ class YarnCommand extends cli_1.BaseCommand {
         // install logic should be implemented elsewhere (probably in either of
         // the Configuration and Install classes). Feel free to open an issue
         // in order to ask for design feedback before writing features.
-        return await project.installWithNewReport({
+        const report = await core_1.StreamReport.start({
+            configuration,
             json: this.json,
             stdout: this.context.stdout,
-        }, {
-            cache,
-            immutable,
-            checkResolutions,
-            mode: this.mode,
+            forceSectionAlignment: true,
+            includeLogs: true,
+            includeVersion: true,
+        }, async (report) => {
+            await project.install({ cache, report, immutable, checkResolutions, mode: this.mode });
         });
+        return report.exitCode();
     }
 }
 YarnCommand.paths = [

package/lib/commands/set/resolution.d.ts

@@ -3,7 +3,6 @@ import { Usage } from 'clipanion';
 export default class SetResolutionCommand extends BaseCommand {
     static paths: string[][];
     static usage: Usage;
-    save: boolean;
     descriptor: string;
     resolution: string;
     execute(): Promise<0 | 1>;

package/lib/commands/set/resolution.js

@@ -8,9 +8,6 @@ const clipanion_1 = require("clipanion");
 class SetResolutionCommand extends cli_1.BaseCommand {
     constructor() {
         super(...arguments);
-        this.save = clipanion_1.Option.Boolean(`-s,--save`, false, {
-            description: `Persist the resolution inside the top-level manifest`,
-        });
         this.descriptor = clipanion_1.Option.String();
         this.resolution = clipanion_1.Option.String();
     }
@@ -43,7 +40,7 @@ SetResolutionCommand.usage = clipanion_1.Command.Usage({
     details: `
       This command updates the resolution table so that \`descriptor\` is resolved by \`resolution\`.
 
-      Note that by default this command only affect the current resolution table - meaning that this "manual override" will disappear if you remove the lockfile, or if the package disappear from the table. If you wish to make the enforced resolution persist whatever happens, add the \`-s,--save\` flag which will also edit the \`resolutions\` field from your top-level manifest.
+      Note that by default this command only affect the current resolution table - meaning that this "manual override" will disappear if you remove the lockfile, or if the package disappear from the table. If you wish to make the enforced resolution persist whatever happens, edit the \`resolutions\` field in your top-level manifest.
 
       Note that no attempt is made at validating that \`resolution\` is a valid resolution entry for \`descriptor\`.
     `,

package/lib/commands/set/version/sources.js

@@ -10,6 +10,7 @@ const sources_1 = require("../../plugin/import/sources");
 const list_1 = require("../../plugin/list");
 const version_1 = require("../version");
 const PR_REGEXP = /^[0-9]+$/;
+const IS_WIN32 = process.platform === `win32`;
 function getBranchRef(branch) {
     if (PR_REGEXP.test(branch)) {
         return `pull/${branch}/head`;
@@ -31,7 +32,7 @@ const updateWorkflow = ({ branch }) => [
 ];
 const buildWorkflow = ({ plugins, noMinify }, output, target) => [
     [`yarn`, `build:cli`, ...new Array().concat(...plugins.map(plugin => [`--plugin`, fslib_1.ppath.resolve(target, plugin)])), ...noMinify ? [`--no-minify`] : [], `|`],
-    [`mv`, `packages/yarnpkg-cli/bundles/yarn.js`, fslib_1.npath.fromPortablePath(output), `|`],
+    [IS_WIN32 ? `move` : `mv`, `packages/yarnpkg-cli/bundles/yarn.js`, fslib_1.npath.fromPortablePath(output), `|`],
 ];
 // eslint-disable-next-line arca/no-default-export
 class SetVersionSourcesCommand extends cli_1.BaseCommand {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yarnpkg/plugin-essentials",
-  "version": "4.0.0",
+  "version": "4.0.2",
   "license": "BSD-2-Clause",
   "main": "./lib/index.js",
   "exports": {
@@ -8,7 +8,7 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@yarnpkg/fslib": "^3.0.0",
+    "@yarnpkg/fslib": "^3.0.1",
     "@yarnpkg/parsers": "^3.0.0",
     "ci-info": "^3.2.0",
     "clipanion": "^4.0.0-rc.2",
@@ -20,16 +20,16 @@
     "typanion": "^3.14.0"
   },
   "peerDependencies": {
-    "@yarnpkg/cli": "^4.0.0",
-    "@yarnpkg/core": "^4.0.0",
+    "@yarnpkg/cli": "^4.0.2",
+    "@yarnpkg/core": "^4.0.2",
     "@yarnpkg/plugin-git": "^3.0.0"
   },
   "devDependencies": {
     "@types/lodash": "^4.14.136",
     "@types/micromatch": "^4.0.1",
     "@types/semver": "^7.1.0",
-    "@yarnpkg/cli": "^4.0.0",
-    "@yarnpkg/core": "^4.0.0",
+    "@yarnpkg/cli": "^4.0.2",
+    "@yarnpkg/core": "^4.0.2",
     "@yarnpkg/plugin-git": "^3.0.0"
   },
   "repository": {