@yarnpkg/plugin-essentials 4.0.1 → 4.1.0

package/lib/commands/add.js

@@ -240,7 +240,7 @@ AddCommand.usage = clipanion_1.Command.Usage({
 
       - \`update-lockfile\` will skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.
 
-      For a compilation of all the supported protocols, please consult the dedicated page from our website: https://yarnpkg.com/features/protocols.
+      For a compilation of all the supported protocols, please consult the dedicated page from our website: https://yarnpkg.com/protocols.
     `,
     examples: [[
             `Add a regular package to the current workspace`,

package/lib/commands/install.js

@@ -241,6 +241,18 @@ class YarnCommand extends cli_1.BaseCommand {
             restoreResolutions: false,
         });
         const enableHardenedMode = configuration.get(`enableHardenedMode`);
+        if (enableHardenedMode && typeof configuration.sources.get(`enableHardenedMode`) === `undefined`) {
+            await core_1.StreamReport.start({
+                configuration,
+                json: this.json,
+                stdout: this.context.stdout,
+                includeFooter: false,
+            }, async (report) => {
+                report.reportWarning(core_1.MessageName.UNNAMED, `Yarn detected that the current workflow is executed from a public pull request. For safety the hardened mode has been enabled.`);
+                report.reportWarning(core_1.MessageName.UNNAMED, `It will prevent malicious lockfile manipulations, in exchange for a slower install time. You can opt-out if necessary; check our ${core_1.formatUtils.applyHyperlink(configuration, `documentation`, `https://yarnpkg.com/features/security#hardened-mode`)} for more details.`);
+                report.reportSeparator();
+            });
+        }
         if (this.refreshLockfile ?? enableHardenedMode)
             project.lockfileNeedsRefresh = true;
         const checkResolutions = this.checkResolutions ?? enableHardenedMode;
@@ -251,15 +263,17 @@ class YarnCommand extends cli_1.BaseCommand {
         // install logic should be implemented elsewhere (probably in either of
         // the Configuration and Install classes). Feel free to open an issue
         // in order to ask for design feedback before writing features.
-        return await project.installWithNewReport({
+        const report = await core_1.StreamReport.start({
+            configuration,
             json: this.json,
             stdout: this.context.stdout,
-        }, {
-            cache,
-            immutable,
-            checkResolutions,
-            mode: this.mode,
+            forceSectionAlignment: true,
+            includeLogs: true,
+            includeVersion: true,
+        }, async (report) => {
+            await project.install({ cache, report, immutable, checkResolutions, mode: this.mode });
         });
+        return report.exitCode();
     }
 }
 YarnCommand.paths = [

package/lib/commands/plugin/import.js

@@ -8,7 +8,6 @@ const core_2 = require("@yarnpkg/core");
 const fslib_1 = require("@yarnpkg/fslib");
 const clipanion_1 = require("clipanion");
 const semver_1 = tslib_1.__importDefault(require("semver"));
-const url_1 = require("url");
 const vm_1 = require("vm");
 const list_1 = require("./list");
 // eslint-disable-next-line arca/no-default-export
@@ -39,7 +38,7 @@ class PluginImportCommand extends cli_1.BaseCommand {
                 let pluginUrl;
                 if (this.name.match(/^https?:/)) {
                     try {
-                        new url_1.URL(this.name);
+                        new URL(this.name);
                     }
                     catch {
                         throw new core_1.ReportError(core_1.MessageName.INVALID_PLUGIN_REFERENCE, `Plugin specifier "${this.name}" is neither a plugin name nor a valid url`);

package/lib/commands/runIndex.d.ts

@@ -1,5 +1,6 @@
 import { BaseCommand } from '@yarnpkg/cli';
 export default class RunIndexCommand extends BaseCommand {
     static paths: string[][];
+    json: boolean;
     execute(): Promise<0 | 1>;
 }

package/lib/commands/runIndex.js

@@ -3,9 +3,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const cli_1 = require("@yarnpkg/cli");
 const core_1 = require("@yarnpkg/core");
 const core_2 = require("@yarnpkg/core");
+const clipanion_1 = require("clipanion");
 const util_1 = require("util");
 // eslint-disable-next-line arca/no-default-export
 class RunIndexCommand extends cli_1.BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.json = clipanion_1.Option.Boolean(`--json`, false, {
+            description: `Format the output as an NDJSON stream`,
+        });
+    }
     async execute() {
         const configuration = await core_1.Configuration.find(this.context.cwd, this.context.plugins);
         const { project, workspace } = await core_1.Project.find(configuration, this.context.cwd);
@@ -14,6 +21,7 @@ class RunIndexCommand extends cli_1.BaseCommand {
         const report = await core_1.StreamReport.start({
             configuration,
             stdout: this.context.stdout,
+            json: this.json,
         }, async (report) => {
             const scripts = workspace.manifest.scripts;
             const keys = core_2.miscUtils.sortMap(scripts.keys(), key => key);
@@ -25,8 +33,9 @@ class RunIndexCommand extends cli_1.BaseCommand {
             const maxKeyLength = keys.reduce((max, key) => {
                 return Math.max(max, key.length);
             }, 0);
-            for (const [key, value] of scripts.entries()) {
-                report.reportInfo(null, `${key.padEnd(maxKeyLength, ` `)}   ${(0, util_1.inspect)(value, inspectConfig)}`);
+            for (const [key, script] of scripts.entries()) {
+                report.reportInfo(null, `${key.padEnd(maxKeyLength, ` `)}   ${(0, util_1.inspect)(script, inspectConfig)}`);
+                report.reportJson({ name: key, script });
             }
         });
         return report.exitCode();

package/lib/commands/set/resolution.d.ts

@@ -3,7 +3,6 @@ import { Usage } from 'clipanion';
 export default class SetResolutionCommand extends BaseCommand {
     static paths: string[][];
     static usage: Usage;
-    save: boolean;
     descriptor: string;
     resolution: string;
     execute(): Promise<0 | 1>;

package/lib/commands/set/resolution.js

@@ -8,9 +8,6 @@ const clipanion_1 = require("clipanion");
 class SetResolutionCommand extends cli_1.BaseCommand {
     constructor() {
         super(...arguments);
-        this.save = clipanion_1.Option.Boolean(`-s,--save`, false, {
-            description: `Persist the resolution inside the top-level manifest`,
-        });
         this.descriptor = clipanion_1.Option.String();
         this.resolution = clipanion_1.Option.String();
     }
@@ -43,7 +40,7 @@ SetResolutionCommand.usage = clipanion_1.Command.Usage({
     details: `
       This command updates the resolution table so that \`descriptor\` is resolved by \`resolution\`.
 
-      Note that by default this command only affect the current resolution table - meaning that this "manual override" will disappear if you remove the lockfile, or if the package disappear from the table. If you wish to make the enforced resolution persist whatever happens, add the \`-s,--save\` flag which will also edit the \`resolutions\` field from your top-level manifest.
+      Note that by default this command only affect the current resolution table - meaning that this "manual override" will disappear if you remove the lockfile, or if the package disappear from the table. If you wish to make the enforced resolution persist whatever happens, edit the \`resolutions\` field in your top-level manifest.
 
       Note that no attempt is made at validating that \`resolution\` is a valid resolution entry for \`descriptor\`.
     `,

package/lib/commands/set/version/sources.js

@@ -10,6 +10,7 @@ const sources_1 = require("../../plugin/import/sources");
 const list_1 = require("../../plugin/list");
 const version_1 = require("../version");
 const PR_REGEXP = /^[0-9]+$/;
+const IS_WIN32 = process.platform === `win32`;
 function getBranchRef(branch) {
     if (PR_REGEXP.test(branch)) {
         return `pull/${branch}/head`;
@@ -31,7 +32,7 @@ const updateWorkflow = ({ branch }) => [
 ];
 const buildWorkflow = ({ plugins, noMinify }, output, target) => [
     [`yarn`, `build:cli`, ...new Array().concat(...plugins.map(plugin => [`--plugin`, fslib_1.ppath.resolve(target, plugin)])), ...noMinify ? [`--no-minify`] : [], `|`],
-    [`mv`, `packages/yarnpkg-cli/bundles/yarn.js`, fslib_1.npath.fromPortablePath(output), `|`],
+    [IS_WIN32 ? `move` : `mv`, `packages/yarnpkg-cli/bundles/yarn.js`, fslib_1.npath.fromPortablePath(output), `|`],
 ];
 // eslint-disable-next-line arca/no-default-export
 class SetVersionSourcesCommand extends cli_1.BaseCommand {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yarnpkg/plugin-essentials",
-  "version": "4.0.1",
+  "version": "4.1.0",
   "license": "BSD-2-Clause",
   "main": "./lib/index.js",
   "exports": {
@@ -8,7 +8,7 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@yarnpkg/fslib": "^3.0.1",
+    "@yarnpkg/fslib": "^3.0.2",
     "@yarnpkg/parsers": "^3.0.0",
     "ci-info": "^3.2.0",
     "clipanion": "^4.0.0-rc.2",
@@ -20,16 +20,16 @@
     "typanion": "^3.14.0"
   },
   "peerDependencies": {
-    "@yarnpkg/cli": "^4.0.1",
-    "@yarnpkg/core": "^4.0.1",
+    "@yarnpkg/cli": "^4.1.0",
+    "@yarnpkg/core": "^4.0.3",
     "@yarnpkg/plugin-git": "^3.0.0"
   },
   "devDependencies": {
     "@types/lodash": "^4.14.136",
     "@types/micromatch": "^4.0.1",
     "@types/semver": "^7.1.0",
-    "@yarnpkg/cli": "^4.0.1",
-    "@yarnpkg/core": "^4.0.1",
+    "@yarnpkg/cli": "^4.1.0",
+    "@yarnpkg/core": "^4.0.3",
     "@yarnpkg/plugin-git": "^3.0.0"
   },
   "repository": {