nx 21.5.2 → 21.5.3

package/src/daemon/server/shutdown-utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shutdown-utils.d.ts","sourceRoot":"","sources":["../../../../../../packages/nx/src/daemon/server/shutdown-utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAI1C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAQ5C,eAAO,MAAM,4BAA4B,EAAG,QAAiB,CAAC;AAI9D,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,OAAO,QAErD;AAED,wBAAgB,kBAAkB,YAEjC;AAID,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,OAAO,QAE3D;AAED,wBAAgB,wBAAwB,YAEvC;AAED,UAAU,oCAAoC;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;CAC3B;AAED,wBAAsB,8BAA8B,CAAC,EACnD,MAAM,EACN,MAAM,EACN,OAAO,GACR,EAAE,oCAAoC,iBAmCtC;AAID,wBAAgB,sBAAsB,CAAC,EAAE,EAAE,MAAM,IAAI,GAAG,IAAI,CAK3D;AAED,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,oBAcpB;AAED,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,KAAK,iBAkBb"}
+{"version":3,"file":"shutdown-utils.d.ts","sourceRoot":"","sources":["../../../../../../packages/nx/src/daemon/server/shutdown-utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAI1C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAQ5C,eAAO,MAAM,4BAA4B,EAAG,QAAiB,CAAC;AAI9D,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,OAAO,QAErD;AAED,wBAAgB,kBAAkB,YAEjC;AAID,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,OAAO,QAE3D;AAED,wBAAgB,wBAAwB,YAEvC;AAED,UAAU,oCAAoC;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;CAC3B;AAED,wBAAsB,8BAA8B,CAAC,EACnD,MAAM,EACN,MAAM,EACN,OAAO,GACR,EAAE,oCAAoC,iBAmCtC;AAID,wBAAgB,sBAAsB,CAAC,EAAE,EAAE,MAAM,IAAI,GAAG,IAAI,CAK3D;AAED,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,oBAcpB;AAED,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,KAAK,iBAsBb"}

package/src/daemon/server/shutdown-utils.js

@@ -80,7 +80,8 @@ function respondToClient(socket, response, description) {
     });
 }
 async function respondWithErrorAndExit(socket, description, error) {
-    const normalizedError = error instanceof error_types_1.DaemonProjectGraphError
+    const isProjectGraphError = error instanceof error_types_1.DaemonProjectGraphError;
+    const normalizedError = isProjectGraphError
         ? error_types_1.ProjectGraphError.fromDaemonProjectGraphError(error)
         : error;
     // print some extra stuff in the error message
@@ -88,5 +89,8 @@ async function respondWithErrorAndExit(socket, description, error) {
     console.error(normalizedError.stack);
     // Respond with the original error
     await respondToClient(socket, (0, socket_utils_1.serializeResult)(error, null, null), null);
-    process.exit(1);
+    // Project Graph errors are okay. Restarting the daemon won't help with this.
+    if (!isProjectGraphError) {
+        process.exit(1);
+    }
 }

package/src/executors/run-script/run-script.impl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run-script.impl.d.ts","sourceRoot":"","sources":["../../../../../../packages/nx/src/executors/run-script/run-script.impl.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AASpE,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,yBACE,OAAO,EAAE,gBAAgB,EACzB,OAAO,EAAE,eAAe;;GA6BzB"}
+{"version":3,"file":"run-script.impl.d.ts","sourceRoot":"","sources":["../../../../../../packages/nx/src/executors/run-script/run-script.impl.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AASpE,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,yBACE,OAAO,EAAE,gBAAgB,EACzB,OAAO,EAAE,eAAe;;GA6BzB"}

package/src/executors/run-script/run-script.impl.js

@@ -3,8 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = default_1;
 const child_process_1 = require("child_process");
 const path = require("path");
+const treeKill = require("tree-kill");
 const pseudo_terminal_1 = require("../../tasks-runner/pseudo-terminal");
 const package_manager_1 = require("../../utils/package-manager");
+const LARGE_BUFFER = 1024 * 1000000;
 async function default_1(options, context) {
     const pm = (0, package_manager_1.getPackageManagerCommand)();
     try {
@@ -22,7 +24,7 @@ async function default_1(options, context) {
             await ptyProcess(command, cwd, env);
         }
         else {
-            nodeProcess(command, cwd, env);
+            await nodeProcess(command, cwd, env);
         }
         return { success: true };
     }
@@ -31,19 +33,42 @@ async function default_1(options, context) {
     }
 }
 function nodeProcess(command, cwd, env) {
-    (0, child_process_1.execSync)(command, {
-        stdio: ['inherit', 'inherit', 'inherit'],
-        cwd,
-        env,
-        windowsHide: false,
+    return new Promise((res, rej) => {
+        let cp = (0, child_process_1.exec)(command, { cwd, env, maxBuffer: LARGE_BUFFER, windowsHide: false }, (error) => {
+            if (error) {
+                rej(error);
+            }
+            else {
+                res();
+            }
+        });
+        // Forward stdout/stderr to parent process
+        cp.stdout.pipe(process.stdout);
+        cp.stderr.pipe(process.stderr);
+        const exitHandler = (signal) => {
+            if (cp && cp.pid && !cp.killed) {
+                treeKill(cp.pid, signal, (error) => {
+                    // On Windows, tree-kill (which uses taskkill) may fail when the process or its child process is already terminated.
+                    // Ignore the errors, otherwise we will log them unnecessarily.
+                    if (error && process.platform !== 'win32') {
+                        rej(error);
+                    }
+                    else {
+                        res();
+                    }
+                });
+            }
+        };
+        process.on('SIGINT', () => exitHandler('SIGINT'));
+        process.on('SIGTERM', () => exitHandler('SIGTERM'));
+        process.on('SIGHUP', () => exitHandler('SIGHUP'));
     });
 }
-let cp;
 async function ptyProcess(command, cwd, env) {
     const terminal = (0, pseudo_terminal_1.createPseudoTerminal)();
     await terminal.init();
     return new Promise((res, rej) => {
-        cp = terminal.runCommand(command, { cwd, jsEnv: env });
+        let cp = terminal.runCommand(command, { cwd, jsEnv: env });
         cp.onExit((code) => {
             if (code === 0) {
                 res();

package/src/tasks-runner/fork.js

@@ -20,26 +20,52 @@ const childProcess = (0, child_process_1.fork)(script, {
 const pseudoIPC = new pseudo_ipc_1.PseudoIPCClient(pseudoIPCPath);
 pseudoIPC.onMessageFromParent(forkId, (message) => {
     childProcess.send(message);
+}, () => {
+    // IPC connection closed
+    cleanup();
+    process.exit(0);
+}, () => {
+    // IPC connection error
+    cleanup();
+    process.exit(0);
 });
 pseudoIPC.notifyChildIsReady(forkId);
 process.on('message', (message) => {
     pseudoIPC.sendMessageToParent(message);
 });
 childProcess.on('exit', (code) => {
-    pseudoIPC.close();
+    cleanup();
     process.exit(code);
 });
+let isCleaningUp = false;
+function cleanup() {
+    if (isCleaningUp) {
+        return;
+    }
+    isCleaningUp = true;
+    // Kill child process if still running
+    if (childProcess && !childProcess.killed) {
+        childProcess.kill('SIGTERM');
+    }
+    // Close IPC connection
+    try {
+        pseudoIPC.close();
+    }
+    catch {
+        // Ignore errors when closing, connection might already be broken
+    }
+}
 // Terminate the child process when exiting
 process.on('exit', () => {
-    childProcess.kill();
+    cleanup();
 });
 process.on('SIGINT', () => {
-    childProcess.kill('SIGTERM');
+    cleanup();
     process.exit((0, exit_codes_1.signalToCode)('SIGINT'));
 });
 process.on('SIGTERM', () => {
-    childProcess.kill('SIGTERM');
+    cleanup();
 });
 process.on('SIGHUP', () => {
-    childProcess.kill('SIGTERM');
+    cleanup();
 });

package/src/tasks-runner/task-orchestrator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"task-orchestrator.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/tasks-runner/task-orchestrator.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAQnD,OAAO,EAAE,MAAM,EAAE,MAAM,6BAA6B,CAAC;AAMrD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAGnE,OAAO,EAAgB,UAAU,EAAE,MAAM,cAAc,CAAC;AAGxD,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAiB,MAAM,kBAAkB,CAAC;AAUxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAExE,qBAAa,gBAAgB;IA6CzB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IAtDtC,OAAO,CAAC,WAAW,CAAwC;IAC3D,OAAO,CAAC,KAAK,CAA2C;IACxD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,OAAO,CAAC,uBAAuB,CAG7B;IAEF,OAAO,CAAC,mBAAmB,CAElB;IACT,OAAO,CAAC,aAAa,CAInB;IAGF,OAAO,CAAC,QAAQ,CAGd;IACF,OAAO,CAAC,eAAe,CAAwC;IAE/D,OAAO,CAAC,mBAAmB,CAAkD;IAE7E,OAAO,CAAC,cAAc,CAAiD;IACvE,OAAO,CAAC,gBAAgB,CAAmC;IAE3D,OAAO,CAAC,cAAc,CAEf;IACP,OAAO,CAAC,eAAe,CAAkB;IAEzC,OAAO,CAAC,MAAM,CAAM;IAEpB,OAAO,CAAC,MAAM,CAAS;IAEvB,OAAO,CAAC,sBAAsB,CAAkC;IAChE,OAAO,CAAC,uBAAuB,CAAkC;gBAK9C,MAAM,EAAE,UAAU,EAClB,iBAAiB,EAAE,MAAM,GAAG,SAAS,EACrC,eAAe,EAAE,IAAI,EAAE,EACvB,YAAY,EAAE,YAAY,EAC1B,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,mBAAmB,EAC3B,OAAO,EAAE,MAAM,GAAG,yBAAyB,EAC3C,IAAI,EAAE,OAAO,EACb,MAAM,EAAE,YAAY,EACpB,WAAW,EAAE,MAAM,EACnB,mBAAmB,GAAE,SAAqB;IAGvD,IAAI;IAiBJ,GAAG;;;IA4CF,SAAS;YAIF,wCAAwC;IA2CtD,OAAO,CAAC,YAAY;YAUN,WAAW;YAoBX,qBAAqB;IAkB5B,wBAAwB;YAajB,kBAAkB;YAUlB,iBAAiB;IAuClB,wBAAwB,CACnC,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,EAAE,CAAC;YAmEV,QAAQ;IA6ChB,uBAAuB,CAC3B,cAAc,EAAE,OAAO,EACvB,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,CAAC;YAkER,OAAO;YAiKP,sBAAsB;IA2C9B,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;YAkHvC,WAAW;YAQX,YAAY;YAmFZ,kCAAkC;IAQhD,OAAO,CAAC,QAAQ;YA0CF,iBAAiB;IAiB/B,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,UAAU;IASlB,OAAO,CAAC,SAAS;YAIH,0BAA0B;YAQ1B,iBAAiB;YAQjB,OAAO;IA0BrB,OAAO,CAAC,8BAA8B;CAwBvC;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,GAAG,yBAAyB,EAC3C,SAAS,EAAE,SAAS,UAqBrB"}
+{"version":3,"file":"task-orchestrator.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/tasks-runner/task-orchestrator.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAGvD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAQnD,OAAO,EAAE,MAAM,EAAE,MAAM,6BAA6B,CAAC;AAMrD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAGnE,OAAO,EAAgB,UAAU,EAAE,MAAM,cAAc,CAAC;AAGxD,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAiB,MAAM,kBAAkB,CAAC;AAUxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAExE,qBAAa,gBAAgB;IA6CzB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IAtDtC,OAAO,CAAC,WAAW,CAAwC;IAC3D,OAAO,CAAC,KAAK,CAA2C;IACxD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,OAAO,CAAC,uBAAuB,CAG7B;IAEF,OAAO,CAAC,mBAAmB,CAElB;IACT,OAAO,CAAC,aAAa,CAInB;IAGF,OAAO,CAAC,QAAQ,CAGd;IACF,OAAO,CAAC,eAAe,CAAwC;IAE/D,OAAO,CAAC,mBAAmB,CAAkD;IAE7E,OAAO,CAAC,cAAc,CAAiD;IACvE,OAAO,CAAC,gBAAgB,CAAmC;IAE3D,OAAO,CAAC,cAAc,CAEf;IACP,OAAO,CAAC,eAAe,CAAkB;IAEzC,OAAO,CAAC,MAAM,CAAM;IAEpB,OAAO,CAAC,MAAM,CAAS;IAEvB,OAAO,CAAC,sBAAsB,CAAkC;IAChE,OAAO,CAAC,uBAAuB,CAAkC;gBAK9C,MAAM,EAAE,UAAU,EAClB,iBAAiB,EAAE,MAAM,GAAG,SAAS,EACrC,eAAe,EAAE,IAAI,EAAE,EACvB,YAAY,EAAE,YAAY,EAC1B,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,mBAAmB,EAC3B,OAAO,EAAE,MAAM,GAAG,yBAAyB,EAC3C,IAAI,EAAE,OAAO,EACb,MAAM,EAAE,YAAY,EACpB,WAAW,EAAE,MAAM,EACnB,mBAAmB,GAAE,SAAqB;IAGvD,IAAI;IAiBJ,GAAG;;;IA4CF,SAAS;YAIF,wCAAwC;IA2CtD,OAAO,CAAC,YAAY;YAUN,WAAW;YAoBX,qBAAqB;IAkB5B,wBAAwB;YAajB,kBAAkB;YAUlB,iBAAiB;IAuClB,wBAAwB,CACnC,cAAc,EAAE,OAAO,EACvB,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,EAAE,CAAC;YAmEV,QAAQ;IA6ChB,uBAAuB,CAC3B,cAAc,EAAE,OAAO,EACvB,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,CAAC;YAkER,OAAO;YAiKP,sBAAsB;IA2C9B,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;YAmHvC,WAAW;YAQX,YAAY;YAmFZ,kCAAkC;IAQhD,OAAO,CAAC,QAAQ;YA0CF,iBAAiB;IAiB/B,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,UAAU;IASlB,OAAO,CAAC,SAAS;YAIH,0BAA0B;YAQ1B,iBAAiB;YAQjB,OAAO;IA4BrB,OAAO,CAAC,8BAA8B;CAwBvC;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,GAAG,yBAAyB,EAC3C,SAAS,EAAE,SAAS,UAqBrB"}

package/src/tasks-runner/task-orchestrator.js

@@ -505,8 +505,9 @@ class TaskOrchestrator {
             if (this.tuiEnabled) {
                 this.options.lifeCycle.setTaskStatus(task.id, 9 /* NativeTaskStatus.Stopped */);
             }
-            this.runningTasksService.removeRunningTask(task.id);
-            this.runningContinuousTasks.delete(task.id);
+            if (this.runningContinuousTasks.delete(task.id)) {
+                this.runningTasksService.removeRunningTask(task.id);
+            }
         });
         await this.scheduleNextTasksAndReleaseThreads();
         if (this.initializingTaskIds.has(task.id)) {
@@ -667,13 +668,15 @@ class TaskOrchestrator {
             ...Array.from(this.runningContinuousTasks).map(async ([taskId, t]) => {
                 try {
                     await t.kill();
-                    this.options.lifeCycle.setTaskStatus(taskId, 9 /* NativeTaskStatus.Stopped */);
+                    this.options.lifeCycle.setTaskStatus?.(taskId, 9 /* NativeTaskStatus.Stopped */);
                 }
                 catch (e) {
                     console.error(`Unable to terminate ${taskId}\nError:`, e);
                 }
                 finally {
-                    this.runningTasksService.removeRunningTask(taskId);
+                    if (this.runningContinuousTasks.delete(taskId)) {
+                        this.runningTasksService.removeRunningTask(taskId);
+                    }
                 }
             }),
             ...Array.from(this.runningRunCommandsTasks).map(async ([taskId, t]) => {
@@ -700,7 +703,7 @@ class TaskOrchestrator {
                 const runningTask = this.runningContinuousTasks.get(taskId);
                 if (runningTask) {
                     runningTask.kill();
-                    this.options.lifeCycle.setTaskStatus(taskId, 9 /* NativeTaskStatus.Stopped */);
+                    this.options.lifeCycle.setTaskStatus?.(taskId, 9 /* NativeTaskStatus.Stopped */);
                 }
             }
         }

package/src/utils/provenance.d.ts

@@ -1,5 +1,7 @@
 export declare function ensurePackageHasProvenance(packageName: string, packageVersion: string): Promise<void>;
-export declare const noProvenanceError: (packageName: string, packageVersion: string, error?: string) => string;
+export declare class ProvenanceError extends Error {
+    constructor(packageName: string, packageVersion: string, error?: string);
+}
 export declare function getNxPackageGroup(): string[];
 export type DecodedAttestationPayload = {
     _type: 'https://in-toto.io/Statement/v1';

package/src/utils/provenance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"provenance.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/provenance.ts"],"names":[],"mappings":"AAYA,wBAAsB,0BAA0B,CAC9C,WAAW,EAAE,MAAM,EACnB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CA4Ff;AAED,eAAO,MAAM,iBAAiB,GAC5B,aAAa,MAAM,EACnB,gBAAgB,MAAM,EACtB,QAAQ,MAAM,WAIZ,CAAC;AAEL,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAQ5C;AAoBD,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,iCAAiC,CAAC;IACzC,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,aAAa,EAAE,gCAAgC,CAAC;IAChD,SAAS,EAAE;QACT,eAAe,EAAE;YACf,SAAS,EAAE,MAAM,CAAC;YAClB,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACzC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC;SAC7C,CAAC;QACF,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,EAAE,EAAE,MAAM,CAAC;gBACX,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;gBAC3C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aAClC,CAAC;YACF,QAAQ,CAAC,EAAE;gBACT,YAAY,CAAC,EAAE,MAAM,CAAC;gBACtB,SAAS,CAAC,EAAE,MAAM,CAAC;gBACnB,UAAU,CAAC,EAAE,MAAM,CAAC;aACrB,CAAC;YACF,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;SACnC,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE;QACP,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;KACnC,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH"}
+{"version":3,"file":"provenance.d.ts","sourceRoot":"","sources":["../../../../../packages/nx/src/utils/provenance.ts"],"names":[],"mappings":"AAaA,wBAAsB,0BAA0B,CAC9C,WAAW,EAAE,MAAM,EACnB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CA+Gf;AAED,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM;CAOxE;AAED,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAa5C;AAoBD,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,iCAAiC,CAAC;IACzC,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,aAAa,EAAE,gCAAgC,CAAC;IAChD,SAAS,EAAE;QACT,eAAe,EAAE;YACf,SAAS,EAAE,MAAM,CAAC;YAClB,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACxC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACzC,oBAAoB,CAAC,EAAE,kBAAkB,EAAE,CAAC;SAC7C,CAAC;QACF,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,EAAE,EAAE,MAAM,CAAC;gBACX,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,CAAC;gBAC3C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;aAClC,CAAC;YACF,QAAQ,CAAC,EAAE;gBACT,YAAY,CAAC,EAAE,MAAM,CAAC;gBACtB,SAAS,CAAC,EAAE,MAAM,CAAC;gBACnB,UAAU,CAAC,EAAE,MAAM,CAAC;aACrB,CAAC;YACF,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;SACnC,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,WAAW,kBAAkB;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE;QACP,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;KACnC,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH"}

package/src/utils/provenance.js

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.noProvenanceError = void 0;
+exports.ProvenanceError = void 0;
 exports.ensurePackageHasProvenance = ensurePackageHasProvenance;
 exports.getNxPackageGroup = getNxPackageGroup;
 const child_process_1 = require("child_process");
 const path_1 = require("path");
 const util_1 = require("util");
 const fileutils_1 = require("./fileutils");
+const os_1 = require("os");
 /*
  * Verifies that the given npm package has provenance attestations
  * generated by the GitHub Actions workflow at .github/workflows/publish.yml
@@ -21,42 +22,63 @@ async function ensurePackageHasProvenance(packageName, packageVersion) {
         return;
     }
     const execFileAsync = (0, util_1.promisify)(child_process_1.execFile);
-    const npmViewResult = JSON.parse((await execFileAsync('npm', ['view', `${packageName}@${packageVersion}`, '--json', '--silent'], {
-        timeout: 20000,
-    })).stdout.trim());
-    const attURL = npmViewResult.dist?.attestations?.url;
-    if (!attURL)
-        throw (0, exports.noProvenanceError)(packageName, packageVersion, 'No attestation URL found');
-    const attestations = (await (await fetch(attURL)).json());
-    const provenanceAttestation = attestations?.attestations?.find((a) => a.predicateType === 'https://slsa.dev/provenance/v1');
-    if (!provenanceAttestation)
-        throw (0, exports.noProvenanceError)(packageName, packageVersion, 'No provenance attestation found');
-    const dsseEnvelopePayload = JSON.parse(Buffer.from(provenanceAttestation.bundle.dsseEnvelope.payload, 'base64').toString());
-    const workflowParameters = dsseEnvelopePayload?.predicate?.buildDefinition?.externalParameters
-        ?.workflow;
-    // verify that provenance was actually generated from the right publishing workflow
-    if (workflowParameters?.repository !== 'https://github.com/nrwl/nx') {
-        throw (0, exports.noProvenanceError)(packageName, packageVersion, 'Repository does not match nrwl/nx');
-    }
-    if (workflowParameters?.path !== '.github/workflows/publish.yml') {
-        throw (0, exports.noProvenanceError)(packageName, packageVersion, 'Publishing workflow does not match .github/workflows/publish.yml');
+    try {
+        const result = await execFileAsync((0, os_1.platform)() === 'win32' ? 'npm.cmd' : 'npm', ['view', `${packageName}@${packageVersion}`, '--json', '--silent'], {
+            timeout: 20000,
+        });
+        const npmViewResult = JSON.parse(result.stdout.trim());
+        const attURL = npmViewResult.dist?.attestations?.url;
+        if (!attURL)
+            throw new ProvenanceError(packageName, packageVersion, 'No attestation URL found');
+        const response = await fetch(attURL);
+        if (!response.ok) {
+            throw new ProvenanceError(packageName, packageVersion, `HTTP ${response.status}: ${response.statusText}`);
+        }
+        const attestations = (await response.json());
+        const provenanceAttestation = attestations?.attestations?.find((a) => a.predicateType === 'https://slsa.dev/provenance/v1');
+        const dsseEnvelopePayload = JSON.parse(Buffer.from(provenanceAttestation.bundle.dsseEnvelope.payload, 'base64').toString());
+        const workflowParameters = dsseEnvelopePayload?.predicate?.buildDefinition?.externalParameters
+            ?.workflow;
+        // verify that provenance was actually generated from the right publishing workflow
+        if (!workflowParameters) {
+            throw new ProvenanceError(packageName, packageVersion, 'Missing workflow parameters in attestation');
+        }
+        if (workflowParameters.repository !== 'https://github.com/nrwl/nx') {
+            throw new ProvenanceError(packageName, packageVersion, 'Repository does not match nrwl/nx');
+        }
+        if (workflowParameters.path !== '.github/workflows/publish.yml') {
+            throw new ProvenanceError(packageName, packageVersion, 'Publishing workflow does not match .github/workflows/publish.yml');
+        }
+        if (workflowParameters.ref !== `refs/tags/${npmViewResult.version}`) {
+            throw new ProvenanceError(packageName, packageVersion, `Version ref does not match refs/tags/${npmViewResult.version}`);
+        }
+        // verify that provenance was generated from the exact same artifact as the one we are installing
+        const distSha = Buffer.from(npmViewResult.dist.integrity.replace('sha512-', ''), 'base64').toString('hex');
+        const attestationSha = dsseEnvelopePayload.subject[0].digest.sha512;
+        if (distSha !== attestationSha) {
+            throw new ProvenanceError(packageName, packageVersion, 'Integrity hash does not match attestation hash');
+        }
+        return;
     }
-    if (workflowParameters?.ref !== `refs/tags/${npmViewResult.version}`) {
-        throw (0, exports.noProvenanceError)(packageName, packageVersion, `Version ref does not match refs/tags/${npmViewResult.version}`);
+    catch (error) {
+        if (error instanceof ProvenanceError) {
+            throw error;
+        }
+        throw new ProvenanceError(packageName, packageVersion, error.message || error);
     }
-    // verify that provenance was generated from the exact same artifact as the one we are installing
-    const distSha = Buffer.from(npmViewResult.dist.integrity.replace('sha512-', ''), 'base64').toString('hex');
-    const attestationSha = dsseEnvelopePayload?.subject[0]?.digest.sha512;
-    if (distSha !== attestationSha) {
-        throw (0, exports.noProvenanceError)(packageName, packageVersion, 'Integrity hash does not match attestation hash');
+}
+class ProvenanceError extends Error {
+    constructor(packageName, packageVersion, error) {
+        super(`An error occurred while checking the provenance of ${packageName}@${packageVersion}. This could indicate a security risk. Please double check https://www.npmjs.com/package/${packageName} to see if the package is published correctly or file an issue at https://github.com/nrwl/nx/issues. To disable this check at your own risk, you can set the NX_SKIP_PROVENANCE_CHECK environment variable to true. \n Error: ${error ?? ''}`);
     }
-    return;
 }
-const noProvenanceError = (packageName, packageVersion, error) => `An error occurred while checking the provenance of ${packageName}@${packageVersion}. This could indicate a security risk. Please double check https://www.npmjs.com/package/${packageName} to see if the package is published correctly or file an issue at https://github.com/nrwl/nx/issues \n Error: ${error ?? ''}`;
-exports.noProvenanceError = noProvenanceError;
+exports.ProvenanceError = ProvenanceError;
 function getNxPackageGroup() {
     const packageJsonPath = (0, path_1.join)(__dirname, '../../package.json');
     const packageJson = (0, fileutils_1.readJsonFile)(packageJsonPath);
+    if (!packageJson['nx-migrations']?.packageGroup) {
+        return ['nx'];
+    }
     const packages = packageJson['nx-migrations'].packageGroup.filter((dep) => typeof dep === 'string' && dep.startsWith('@nx/'));
     packages.push('nx');
     return packages;