uups-checker 1.0.0

package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js

@@ -0,0 +1,48 @@
+const { readFileSync } = require('fs');
+const { join } = require('path');
+const { version } = require(join(__dirname, '../../../package.json'));
+
+module.exports = async ({ github, context }) => {
+  const changelog = readFileSync('CHANGELOG.md', 'utf8');
+
+  await github.rest.repos.createRelease({
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    tag_name: `v${version}`,
+    target_commitish: github.ref_name,
+    body: extractSection(changelog, version),
+    prerelease: process.env.PRERELEASE === 'true',
+  });
+};
+
+// From https://github.com/frangio/extract-changelog/blob/master/src/utils/word-regexp.ts
+function makeWordRegExp(word) {
+  const start = word.length > 0 && /\b/.test(word[0]) ? '\\b' : '';
+  const end = word.length > 0 && /\b/.test(word[word.length - 1]) ? '\\b' : '';
+  return new RegExp(start + [...word].map(c => (/[a-z0-9]/i.test(c) ? c : '\\' + c)).join('') + end);
+}
+
+// From https://github.com/frangio/extract-changelog/blob/master/src/core.ts
+function extractSection(document, wantedHeading) {
+  // ATX Headings as defined in GitHub Flavored Markdown (https://github.github.com/gfm/#atx-headings)
+  const heading = /^ {0,3}(?<lead>#{1,6})(?: [ \t\v\f]*(?<text>.*?)[ \t\v\f]*)?(?:[\n\r]+|$)/gm;
+
+  const wantedHeadingRe = makeWordRegExp(wantedHeading);
+
+  let start, end;
+
+  for (const m of document.matchAll(heading)) {
+    if (!start) {
+      if (m.groups.text.search(wantedHeadingRe) === 0) {
+        start = m;
+      }
+    } else if (m.groups.lead.length <= start.groups.lead.length) {
+      end = m;
+      break;
+    }
+  }
+
+  if (start) {
+    return document.slice(start.index + start[0].length, end?.index);
+  }
+}

package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+CHECKSUMS="$RUNNER_TEMP/checksums.txt"
+
+# Extract tarball content into a tmp directory
+tar xf "$TARBALL" -C "$RUNNER_TEMP"
+
+# Move to extracted directory
+cd "$RUNNER_TEMP/package"
+
+# Checksum all Solidity files
+find . -type f -name "*.sol" | xargs shasum > "$CHECKSUMS"
+
+# Back to directory with git contents
+cd "$GITHUB_WORKSPACE/contracts"
+
+# Check against tarball contents
+shasum -c "$CHECKSUMS"

package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+dist_tag() {
+  PACKAGE_JSON_NAME="$(jq -r .name ./package.json)"
+  LATEST_NPM_VERSION="$(npm info "$PACKAGE_JSON_NAME" version)"
+  PACKAGE_JSON_VERSION="$(jq -r .version ./package.json)"
+  
+  if [ "$PRERELEASE" = "true" ]; then
+    echo "next"
+  elif npx semver -r ">$LATEST_NPM_VERSION" "$PACKAGE_JSON_VERSION" > /dev/null; then
+    echo "latest"
+  else
+    # This is a patch for an older version
+    # npm can't publish without a tag
+    echo "tmp"
+  fi
+}
+
+cd contracts
+TARBALL="$(npm pack | tee /dev/stderr | tail -1)"
+echo "tarball_name=$TARBALL" >> $GITHUB_OUTPUT
+echo "tarball=$(pwd)/$TARBALL" >> $GITHUB_OUTPUT
+echo "tag=$(dist_tag)" >> $GITHUB_OUTPUT
+cd ..

package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+PACKAGE_JSON_NAME="$(tar xfO "$TARBALL" package/package.json | jq -r .name)"
+PACKAGE_JSON_VERSION="$(tar xfO "$TARBALL" package/package.json | jq -r .version)"
+
+# Intentionally escape $ to avoid interpolation and writing the token to disk
+echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
+
+# Actual publish
+npm publish "$TARBALL" --tag "$TAG"
+
+# Clean up tags
+delete_tag() {
+  npm dist-tag rm "$PACKAGE_JSON_NAME" "$1"
+}
+
+if [ "$TAG" = tmp ]; then
+  delete_tag "$TAG"
+elif [ "$TAG" = latest ]; then
+  # Delete the next tag if it exists and is a prerelease for what is currently being published
+  if npm dist-tag ls "$PACKAGE_JSON_NAME" | grep -q "next: $PACKAGE_JSON_VERSION"; then
+    delete_tag next
+  fi
+fi

package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js

@@ -0,0 +1,7 @@
+module.exports = ({ github, context }) =>
+  github.rest.actions.createWorkflowDispatch({
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    workflow_id: 'release-cycle.yml',
+    ref: process.env.REF || process.env.GITHUB_REF_NAME,
+  });

package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js

@@ -0,0 +1,17 @@
+const { coerce, inc, rsort } = require('semver');
+const { join } = require('path');
+const { version } = require(join(__dirname, '../../../package.json'));
+
+module.exports = async ({ core }) => {
+  // Variables not in the context
+  const refName = process.env.GITHUB_REF_NAME;
+
+  // Compare package.json version's next patch vs. first version patch
+  // A recently opened branch will give the next patch for the previous minor
+  // So, we get the max against the patch 0 of the release branch's version
+  const branchPatch0 = coerce(refName.replace('release-v', '')).version;
+  const packageJsonNextPatch = inc(version, 'patch');
+  const [nextVersion] = rsort([branchPatch0, packageJsonNextPatch], false);
+
+  core.exportVariable('TITLE', `Release v${nextVersion}`);
+};

package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Set changeset status location
+# This is needed because `changeset status --output` only works with relative routes
+CHANGESETS_STATUS_JSON="$(realpath --relative-to=. "$RUNNER_TEMP/status.json")"
+
+# Save changeset status to temp file
+npx changeset status --output="$CHANGESETS_STATUS_JSON"
+
+# Defensive assertion. SHOULD NOT BE REACHED
+if [ "$(jq '.releases | length' "$CHANGESETS_STATUS_JSON")" != 1 ]; then
+  echo "::error file=$CHANGESETS_STATUS_JSON::The status doesn't contain only 1 release"
+  exit 1;
+fi;
+
+# Create branch
+BRANCH_SUFFIX="$(jq -r '.releases[0].newVersion | gsub("\\.\\d+$"; "")' $CHANGESETS_STATUS_JSON)"
+RELEASE_BRANCH="release-v$BRANCH_SUFFIX"
+git checkout -b "$RELEASE_BRANCH"
+
+# Output branch
+echo "branch=$RELEASE_BRANCH" >> $GITHUB_OUTPUT
+
+# Enter in prerelease state
+npx changeset pre enter rc
+git add .
+git commit -m "Start release candidate"
+
+# Push branch
+if ! git push origin "$RELEASE_BRANCH"; then
+  echo "::error file=scripts/release/start.sh::Can't push $RELEASE_BRANCH. Did you forget to run this workflow from $RELEASE_BRANCH?"
+  exit 1
+fi

package/lib/openzeppelin-contracts/scripts/release/workflow/state.js

@@ -0,0 +1,112 @@
+const { readPreState } = require('@changesets/pre');
+const { default: readChangesets } = require('@changesets/read');
+const { join } = require('path');
+const { fetch } = require('undici');
+const { version, name: packageName } = require(join(__dirname, '../../../contracts/package.json'));
+
+module.exports = async ({ github, context, core }) => {
+  const state = await getState({ github, context, core });
+
+  function setOutput(key, value) {
+    core.info(`State ${key} = ${value}`);
+    core.setOutput(key, value);
+  }
+
+  // Jobs to trigger
+  setOutput('start', shouldRunStart(state));
+  setOutput('promote', shouldRunPromote(state));
+  setOutput('changesets', shouldRunChangesets(state));
+  setOutput('publish', shouldRunPublish(state));
+  setOutput('merge', shouldRunMerge(state));
+
+  // Global Variables
+  setOutput('is_prerelease', state.prerelease);
+};
+
+function shouldRunStart({ isMaster, isWorkflowDispatch, botRun }) {
+  return isMaster && isWorkflowDispatch && !botRun;
+}
+
+function shouldRunPromote({ isReleaseBranch, isWorkflowDispatch, botRun }) {
+  return isReleaseBranch && isWorkflowDispatch && !botRun;
+}
+
+function shouldRunChangesets({ isReleaseBranch, isPush, isWorkflowDispatch, botRun }) {
+  return (isReleaseBranch && isPush) || (isReleaseBranch && isWorkflowDispatch && botRun);
+}
+
+function shouldRunPublish({ isReleaseBranch, isPush, hasPendingChangesets, isPublishedOnNpm }) {
+  return isReleaseBranch && isPush && !hasPendingChangesets && !isPublishedOnNpm;
+}
+
+function shouldRunMerge({
+  isReleaseBranch,
+  isPush,
+  prerelease,
+  isCurrentFinalVersion,
+  hasPendingChangesets,
+  prBackExists,
+}) {
+  return isReleaseBranch && isPush && !prerelease && isCurrentFinalVersion && !hasPendingChangesets && !prBackExists;
+}
+
+async function getState({ github, context, core }) {
+  // Variables not in the context
+  const refName = process.env.GITHUB_REF_NAME;
+  const botRun = process.env.TRIGGERING_ACTOR === 'github-actions[bot]';
+
+  const { changesets, preState } = await readChangesetState();
+
+  // Static vars
+  const state = {
+    refName,
+    hasPendingChangesets: changesets.length > 0,
+    prerelease: preState?.mode === 'pre',
+    isMaster: refName === 'master',
+    isReleaseBranch: refName.startsWith('release-v'),
+    isWorkflowDispatch: context.eventName === 'workflow_dispatch',
+    isPush: context.eventName === 'push',
+    isCurrentFinalVersion: !version.includes('-rc.'),
+    botRun,
+  };
+
+  // Async vars
+  const { data: prs } = await github.rest.pulls.list({
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    head: `${context.repo.owner}:merge/${state.refName}`,
+    base: 'master',
+    state: 'open',
+  });
+
+  state.prBackExists = prs.length !== 0;
+
+  state.isPublishedOnNpm = await isPublishedOnNpm(packageName, version);
+
+  // Log every state value in debug mode
+  if (core.isDebug()) for (const [key, value] of Object.entries(state)) core.debug(`${key}: ${value}`);
+
+  return state;
+}
+
+// From https://github.com/changesets/action/blob/v1.4.1/src/readChangesetState.ts
+async function readChangesetState(cwd = process.cwd()) {
+  const preState = await readPreState(cwd);
+  const isInPreMode = preState !== undefined && preState.mode === 'pre';
+
+  let changesets = await readChangesets(cwd);
+
+  if (isInPreMode) {
+    changesets = changesets.filter(x => !preState.changesets.includes(x.id));
+  }
+
+  return {
+    preState: isInPreMode ? preState : undefined,
+    changesets,
+  };
+}
+
+async function isPublishedOnNpm(package, version) {
+  const res = await fetch(`https://registry.npmjs.com/${package}/${version}`);
+  return res.ok;
+}

package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js

@@ -0,0 +1,45 @@
+#!/usr/bin/env node
+
+// This script removes the build artifacts of ignored contracts.
+
+const fs = require('fs');
+const path = require('path');
+const match = require('micromatch');
+
+function readJSON(path) {
+  return JSON.parse(fs.readFileSync(path));
+}
+
+const pkgFiles = readJSON('package.json').files;
+
+// Get only negated patterns.
+const ignorePatterns = pkgFiles
+  .filter(pat => pat.startsWith('!'))
+  // Remove the negation part. Makes micromatch usage more intuitive.
+  .map(pat => pat.slice(1));
+
+const ignorePatternsSubtrees = ignorePatterns
+  // Add **/* to ignore all files contained in the directories.
+  .concat(ignorePatterns.map(pat => path.join(pat, '**/*')))
+  .map(p => p.replace(/^\//, ''));
+
+const artifactsDir = 'contracts/build/contracts';
+const buildinfo = 'artifacts/build-info';
+const filenames = fs.readdirSync(buildinfo);
+
+let n = 0;
+
+for (const filename of filenames) {
+  const solcOutput = readJSON(path.join(buildinfo, filename)).output;
+  for (const sourcePath in solcOutput.contracts) {
+    const ignore = match.any(sourcePath, ignorePatternsSubtrees);
+    if (ignore) {
+      for (const contract in solcOutput.contracts[sourcePath]) {
+        fs.unlinkSync(path.join(artifactsDir, contract + '.json'));
+        n += 1;
+      }
+    }
+  }
+}
+
+console.error(`Removed ${n} mock artifacts`);

package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js

@@ -0,0 +1,84 @@
+const path = require('path');
+const minimatch = require('minimatch');
+
+// Files matching these patterns will be ignored unless a rule has `static global = true`
+const ignore = ['contracts/mocks/**/*', 'test/**/*'];
+
+class Base {
+  constructor(reporter, config, source, fileName) {
+    this.reporter = reporter;
+    this.ignored = this.constructor.global || ignore.some(p => minimatch(path.normalize(fileName), p));
+    this.ruleId = this.constructor.ruleId;
+    if (this.ruleId === undefined) {
+      throw Error('missing ruleId static property');
+    }
+  }
+
+  error(node, message) {
+    if (!this.ignored) {
+      this.reporter.error(node, this.ruleId, message);
+    }
+  }
+}
+
+module.exports = [
+  class extends Base {
+    static ruleId = 'interface-names';
+
+    ContractDefinition(node) {
+      if (node.kind === 'interface' && !/^I[A-Z]/.test(node.name)) {
+        this.error(node, 'Interface names should have a capital I prefix');
+      }
+    }
+  },
+
+  class extends Base {
+    static ruleId = 'private-variables';
+
+    VariableDeclaration(node) {
+      const constantOrImmutable = node.isDeclaredConst || node.isImmutable;
+      if (node.isStateVar && !constantOrImmutable && node.visibility !== 'private') {
+        this.error(node, 'State variables must be private');
+      }
+    }
+  },
+
+  class extends Base {
+    static ruleId = 'leading-underscore';
+
+    VariableDeclaration(node) {
+      if (node.isDeclaredConst) {
+        // TODO: expand visibility and fix
+        if (node.visibility === 'private' && /^_/.test(node.name)) {
+          this.error(node, 'Constant variables should not have leading underscore');
+        }
+      } else if (node.visibility === 'private' && !/^_/.test(node.name)) {
+        this.error(node, 'Non-constant private variables must have leading underscore');
+      }
+    }
+
+    FunctionDefinition(node) {
+      if (node.visibility === 'private' || (node.visibility === 'internal' && node.parent.kind !== 'library')) {
+        if (!/^_/.test(node.name)) {
+          this.error(node, 'Private and internal functions must have leading underscore');
+        }
+      }
+      if (node.visibility === 'internal' && node.parent.kind === 'library') {
+        if (/^_/.test(node.name)) {
+          this.error(node, 'Library internal functions should not have leading underscore');
+        }
+      }
+    }
+  },
+
+  // TODO: re-enable and fix
+  // class extends Base {
+  //   static ruleId = 'no-external-virtual';
+  //
+  //   FunctionDefinition(node) {
+  //     if (node.visibility == 'external' && node.isVirtual) {
+  //       this.error(node, 'Functions should not be external and virtual');
+  //     }
+  //   }
+  // },
+];

package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "solhint-plugin-openzeppelin",
+  "version": "0.0.0",
+  "private": true
+}

package/lib/openzeppelin-contracts/scripts/update-docs-branch.js

@@ -0,0 +1,65 @@
+const proc = require('child_process');
+const read = cmd => proc.execSync(cmd, { encoding: 'utf8' }).trim();
+const run = cmd => {
+  proc.execSync(cmd, { stdio: 'inherit' });
+};
+const tryRead = cmd => {
+  try {
+    return read(cmd);
+  } catch (e) {
+    return undefined;
+  }
+};
+
+const releaseBranchRegex = /^release-v(?<version>(?<major>\d+)\.(?<minor>\d+)(?:\.(?<patch>\d+))?)$/;
+
+const currentBranch = read('git rev-parse --abbrev-ref HEAD');
+const match = currentBranch.match(releaseBranchRegex);
+
+if (!match) {
+  console.error('Not currently on a release branch');
+  process.exit(1);
+}
+
+const pkgVersion = require('../package.json').version;
+
+if (pkgVersion.includes('-') && !pkgVersion.includes('.0.0-')) {
+  console.error('Refusing to update docs: non-major prerelease detected');
+  process.exit(0);
+}
+
+const current = match.groups;
+const docsBranch = `docs-v${current.major}.x`;
+
+// Fetch remotes and find the docs branch if it exists
+run('git fetch --all --no-tags');
+const matchingDocsBranches = tryRead(`git rev-parse --glob='*/${docsBranch}'`);
+
+if (!matchingDocsBranches) {
+  // Create the branch
+  run(`git checkout --orphan ${docsBranch}`);
+} else {
+  const [publishedRef, ...others] = new Set(matchingDocsBranches.split('\n'));
+  if (others.length > 0) {
+    console.error(
+      `Found conflicting ${docsBranch} branches.\n` +
+        'Either local branch is outdated or there are multiple matching remote branches.',
+    );
+    process.exit(1);
+  }
+  const publishedVersion = JSON.parse(read(`git show ${publishedRef}:package.json`)).version;
+  const publishedMinor = publishedVersion.match(/\d+\.(?<minor>\d+)\.\d+/).groups.minor;
+  if (current.minor < publishedMinor) {
+    console.error('Refusing to update docs: newer version is published');
+    process.exit(0);
+  }
+
+  run('git checkout --quiet --detach');
+  run(`git reset --soft ${publishedRef}`);
+  run(`git checkout ${docsBranch}`);
+}
+
+run('npm run prepare-docs');
+run('git add -f docs'); // --force needed because generated docs files are gitignored
+run('git commit -m "Update docs"');
+run(`git checkout ${currentBranch}`);

package/lib/openzeppelin-contracts/scripts/upgradeable/README.md

@@ -0,0 +1,21 @@
+The upgradeable variant of OpenZeppelin Contracts is automatically generated from the original Solidity code. We call this process "transpilation" and it is implemented by our [Upgradeability Transpiler](https://github.com/OpenZeppelin/openzeppelin-transpiler/).
+
+When the `master` branch or `release-v*` branches are updated, the code is transpiled and pushed to [OpenZeppelin/openzeppelin-contracts-upgradeable](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable) by the `upgradeable.yml` workflow.
+
+## `transpile.sh`
+
+Applies patches and invokes the transpiler with the command line flags we need for our requirements (for example, excluding certain files).
+
+## `transpile-onto.sh`
+
+```
+bash scripts/upgradeable/transpile-onto.sh <target> [<base>]
+```
+
+Transpiles the contents of the current git branch and commits the result as a new commit on branch `<target>`. If branch `<target>` doesn't exist, it will copy the commit history of `[<base>]` (this is used in GitHub Actions, but is usually not necessary locally).
+
+## `patch-apply.sh` & `patch-save.sh`
+
+Some of the upgradeable contract variants require ad-hoc changes that are not implemented by the transpiler. These changes are implemented by patches stored in `upgradeable.patch` in this directory. `patch-apply.sh` applies these patches.
+
+If the patches fail to apply due to changes in the repo, the conflicts have to be resolved manually. Once fixed, `patch-save.sh` will take the changes staged in Git and update `upgradeable.patch` to match.

package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+DIRNAME="$(dirname -- "${BASH_SOURCE[0]}")"
+PATCH="$DIRNAME/upgradeable.patch"
+
+error() {
+  echo Error: "$*" >&2
+  exit 1
+}
+
+if ! git diff-files --quiet ":!$PATCH" || ! git diff-index --quiet HEAD ":!$PATCH"; then
+  error "Repository must have no staged or unstaged changes"
+fi
+
+if ! git apply -3 "$PATCH"; then
+  error "Fix conflicts and run $DIRNAME/patch-save.sh"
+fi

package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+DIRNAME="$(dirname -- "${BASH_SOURCE[0]}")"
+PATCH="$DIRNAME/upgradeable.patch"
+
+error() {
+  echo Error: "$*" >&2
+  exit 1
+}
+
+if ! git diff-files --quiet ":!$PATCH"; then
+  error "Unstaged changes. Stage to include in patch or temporarily stash."
+fi
+
+git diff-index --cached --patch --output="$PATCH" HEAD
+git restore --staged --worktree ":!$PATCH"

package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if [ $# -lt 1 ]; then
+  echo "usage: bash $0 <target> [<base>]" >&2
+  exit 1
+fi
+
+set -x
+
+target="$1"
+base="${2-}"
+
+bash scripts/upgradeable/transpile.sh
+
+commit="$(git rev-parse --short HEAD)"
+start_branch="$(git rev-parse --abbrev-ref HEAD)"
+
+git add contracts
+
+# detach from the current branch to avoid making changes to it
+git checkout --quiet --detach
+
+# switch to the target branch, creating it if necessary
+if git rev-parse -q --verify "$target"; then
+  # if the branch exists, make it the current HEAD without checking out its contents
+  git reset --soft "$target"
+  git checkout "$target"
+else
+  # if the branch doesn't exist, create it as an orphan and check it out
+  git checkout --orphan "$target"
+  if [ -n "$base" ] && git rev-parse -q --verify "$base"; then
+    # if base was specified and it exists, set it as the branch history
+    git reset --soft "$base"
+  fi
+fi
+
+# abort if there are no changes to commit at this point
+if git diff --quiet --cached; then
+  exit
+fi
+
+if [[ -v SUBMODULE_REMOTE ]]; then
+  lib=lib/openzeppelin-contracts
+  git submodule add -b "${base#origin/}" "$SUBMODULE_REMOTE" "$lib"
+  git -C "$lib" checkout "$commit"
+  git add "$lib"
+fi
+
+git commit -m "Transpile $commit"
+
+# return to original branch
+git checkout "$start_branch"

package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+set -euo pipefail -x
+
+VERSION="$(jq -r .version contracts/package.json)"
+DIRNAME="$(dirname -- "${BASH_SOURCE[0]}")"
+
+bash "$DIRNAME/patch-apply.sh"
+sed -i'' -e "s/<package-version>/$VERSION/g" "contracts/package.json"
+git add contracts/package.json
+
+npm run clean
+npm run compile
+
+build_info=($(jq -r '.input.sources | keys | if any(test("^contracts/mocks/.*\\bunreachable\\b")) then empty else input_filename end' artifacts/build-info/*))
+build_info_num=${#build_info[@]}
+
+if [ $build_info_num -ne 1 ]; then
+  echo "found $build_info_num relevant build info files but expected just 1"
+  exit 1
+fi
+
+# -D: delete original and excluded files
+# -b: use this build info file
+# -i: use included Initializable
+# -x: exclude proxy-related contracts with a few exceptions
+# -p: emit public initializer
+# -n: use namespaces
+# -N: exclude from namespaces transformation
+# -q: partial transpilation using @openzeppelin/contracts as peer project
+npx @openzeppelin/upgrade-safe-transpiler -D \
+  -b "$build_info" \
+  -i contracts/proxy/utils/Initializable.sol \
+  -x 'contracts-exposed/**/*' \
+  -x 'contracts/proxy/**/*' \
+  -x '!contracts/proxy/Clones.sol' \
+  -x '!contracts/proxy/ERC1967/ERC1967Storage.sol' \
+  -x '!contracts/proxy/ERC1967/ERC1967Utils.sol' \
+  -x '!contracts/proxy/utils/UUPSUpgradeable.sol' \
+  -x '!contracts/proxy/beacon/IBeacon.sol' \
+  -p 'contracts/**/presets/**/*' \
+  -n \
+  -N 'contracts/mocks/**/*' \
+  -q '@openzeppelin/'
+
+# delete compilation artifacts of vanilla code
+npm run clean