MetaMask · kanthesha · Mar 28, 2024 · Mar 21, 2024 · Mar 21, 2024 · Mar 22, 2024
@@ -56,6 +56,7 @@
     "execa": "^5.1.1",
     "lodash": "^4.17.21",
     "superstruct": "^1.0.3",
+    "yaml": "^2.4.1",
     "yargs": "^17.7.2"
   },
   "devDependencies": {

@@ -6,6 +6,7 @@ import execa from 'execa';
 import path from 'path';
 import { MockWritable } from 'stdio-mock';
 import stripAnsi from 'strip-ansi';
+import { stringify } from 'yaml';
 
 import { main } from './main';
 import { FakeOutputLogger } from '../tests/fake-output-logger';
@@ -61,10 +62,6 @@ describe('main', () => {
           await ensureDirectoryStructureExists(
             path.join(repository.directoryPath, 'src'),
           );
-          await writeFile(
-            path.join(repository.directoryPath, '.yarnrc.yml'),
-            '',
-          );
           await writeFile(
             path.join(
               repository.directoryPath,
@@ -96,6 +93,8 @@ describe('main', () => {
                 typescript: '1.0.0',
                 typedoc: '1.0.0',
                 '@metamask/auto-changelog': '1.0.0',
+                '@lavamoat/allow-scripts': '1.0.0',
+                '@lavamoat/preinstall-always-fail': '1.0.0',
               },
               scripts: {
                 test: 'test script',
@@ -109,6 +108,12 @@ describe('main', () => {
               repository: {
                 url: 'https://github.com/MetaMask/module-lint.git',
               },
+              lavamoat: {
+                allowScripts: {
+                  'tsup>esbuild': true,
+                  '@lavamoat/preinstall-always-fail': false,
+                },
+              },
             }),
           );
           await writeFile(
@@ -155,6 +160,25 @@ describe('main', () => {
             path.join(repository.directoryPath, '.gitignore'),
             'content for .gitignore',
           );
+          await writeFile(
+            path.join(repository.directoryPath, '.yarnrc.yml'),
+            stringify({
+              enableScripts: false,
+              plugins: [
+                {
+                  path: '.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs',
+                  spec: 'https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js',
+                },
+              ],
+            }),
+          );
+          await writeFile(
+            path.join(
+              repository.directoryPath,
+              '.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs',
+            ),
+            'test scripts',
+          );
         }
         const outputLogger = new FakeOutputLogger();
 
@@ -193,6 +217,8 @@ repo-1
   - Do the typedoc-related \`scripts\` in \`package.json\` conform? ✅
   - Do the changelog-related \`devDependencies\` in \`package.json\` conform? ✅
   - Do the changelog-related \`scripts\` in \`package.json\` conform? ✅
+  - Do the lavamoat-related \`devDependencies\` in \`package.json\` conform? ✅
+  - Does lavamoat lists \`@lavamoat/preinstall-always-fail: false\` in allow scripts? ✅
 - Is \`README.md\` present? ✅
   - Does the README conform by recommending the correct Yarn version to install? ✅
   - Does the README conform by recommending node install from nodejs.org? ✅
@@ -210,8 +236,10 @@ repo-1
 - Is \`.editorconfig\` present, and does it conform? ✅
 - Is \`.gitattributes\` present, and does it conform? ✅
 - Is \`.gitignore\` present, and does it conform? ✅
+- Does allow scripts conforms to yarn? ✅
+- Does yarn plugins conforms to allow scripts? ✅
 
-Results:       36 passed, 0 failed, 36 total
+Results:       40 passed, 0 failed, 40 total
 Elapsed time:  0 ms
 
 
@@ -237,6 +265,8 @@ repo-2
   - Do the typedoc-related \`scripts\` in \`package.json\` conform? ✅
   - Do the changelog-related \`devDependencies\` in \`package.json\` conform? ✅
   - Do the changelog-related \`scripts\` in \`package.json\` conform? ✅
+  - Do the lavamoat-related \`devDependencies\` in \`package.json\` conform? ✅
+  - Does lavamoat lists \`@lavamoat/preinstall-always-fail: false\` in allow scripts? ✅
 - Is \`README.md\` present? ✅
   - Does the README conform by recommending the correct Yarn version to install? ✅
   - Does the README conform by recommending node install from nodejs.org? ✅
@@ -254,8 +284,10 @@ repo-2
 - Is \`.editorconfig\` present, and does it conform? ✅
 - Is \`.gitattributes\` present, and does it conform? ✅
 - Is \`.gitignore\` present, and does it conform? ✅
+- Does allow scripts conforms to yarn? ✅
+- Does yarn plugins conforms to allow scripts? ✅
 
-Results:       36 passed, 0 failed, 36 total
+Results:       40 passed, 0 failed, 40 total
 Elapsed time:  0 ms
 
 `,
@@ -282,6 +314,20 @@ Elapsed time:  0 ms
         for (const repository of repositories.slice(1)) {
           await writeFile(path.join(repository.directoryPath, '.yarnrc'), '');
         }
+        for (const repository of repositories) {
+          await writeFile(
+            path.join(repository.directoryPath, '.yarnrc.yml'),
+            stringify({
+              enableScripts: true,
+              plugins: [
+                {
+                  path: '.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs',
+                  spec: 'https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js',
+                },
+              ],
+            }),
+          );
+        }
         const outputLogger = new FakeOutputLogger();
 
         await main({
@@ -307,7 +353,6 @@ repo-1
 - Is \`README.md\` present? ❌
   - \`README.md\` does not exist in this project.
 - Are all of the files for Yarn Modern present, and do they conform? ❌
-  - \`.yarnrc.yml\` does not exist in this project.
   - \`.yarn/releases/\` does not exist in this project.
   - \`.yarn/plugins/\` does not exist in this project.
 - Does the \`src/\` directory exist? ❌
@@ -332,8 +377,12 @@ repo-1
   - \`.gitattributes\` does not exist in this project.
 - Is \`.gitignore\` present, and does it conform? ❌
   - \`.gitignore\` does not exist in this project.
+- Does allow scripts conforms to yarn? ❌
+  - \`.yarnrc.yml\` should list \`'enableScripts': false\`, but does not.
+- Does yarn plugins conforms to allow scripts? ❌
+  - \`.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs\` does not exist in this project.
 
-Results:       0 passed, 15 failed, 15 total
+Results:       0 passed, 17 failed, 17 total
 Elapsed time:  0 ms
 
 
@@ -347,7 +396,6 @@ repo-2
 - Is \`README.md\` present? ❌
   - \`README.md\` does not exist in this project.
 - Are all of the files for Yarn Modern present, and do they conform? ❌
-  - \`.yarnrc.yml\` does not exist in this project.
   - \`.yarn/releases/\` does not exist in this project.
   - \`.yarn/plugins/\` does not exist in this project.
 - Does the \`src/\` directory exist? ❌
@@ -372,8 +420,12 @@ repo-2
   - \`.gitattributes\` does not exist in this project.
 - Is \`.gitignore\` present, and does it conform? ❌
   - \`.gitignore\` does not exist in this project.
+- Does allow scripts conforms to yarn? ❌
+  - \`.yarnrc.yml\` should list \`'enableScripts': false\`, but does not.
+- Does yarn plugins conforms to allow scripts? ❌
+  - \`.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs\` does not exist in this project.
 
-Results:       0 passed, 15 failed, 15 total
+Results:       0 passed, 17 failed, 17 total
 Elapsed time:  0 ms
 
 `,
@@ -456,8 +508,10 @@ repo-2
   - \`.gitattributes\` does not exist in this project.
 - Is \`.gitignore\` present, and does it conform? ❌
   - \`.gitignore\` does not exist in this project.
+- Does allow scripts conforms to yarn? ✅
+- Does yarn plugins conforms to allow scripts? ✅
 
-Results:       1 passed, 14 failed, 15 total
+Results:       3 passed, 14 failed, 17 total
 Elapsed time:  0 ms
 
 `.trimStart(),
@@ -486,10 +540,6 @@ Elapsed time:  0 ms
           await ensureDirectoryStructureExists(
             path.join(repository.directoryPath, 'src'),
           );
-          await writeFile(
-            path.join(repository.directoryPath, '.yarnrc.yml'),
-            '',
-          );
           await writeFile(
             path.join(
               repository.directoryPath,
@@ -521,6 +571,8 @@ Elapsed time:  0 ms
                 typescript: '1.0.0',
                 typedoc: '1.0.0',
                 '@metamask/auto-changelog': '1.0.0',
+                '@lavamoat/allow-scripts': '1.0.0',
+                '@lavamoat/preinstall-always-fail': '1.0.0',
               },
               scripts: {
                 test: 'test script',
@@ -534,6 +586,12 @@ Elapsed time:  0 ms
               repository: {
                 url: 'https://github.com/MetaMask/module-lint.git',
               },
+              lavamoat: {
+                allowScripts: {
+                  'tsup>esbuild': true,
+                  '@lavamoat/preinstall-always-fail': false,
+                },
+              },
             }),
           );
           await writeFile(
@@ -580,6 +638,26 @@ Elapsed time:  0 ms
             path.join(repository.directoryPath, '.gitignore'),
             'content for .gitignore',
           );
+          await writeFile(
+            path.join(repository.directoryPath, '.yarnrc.yml'),
+            stringify({
+              enableScripts: false,
+              plugins: [
+                {
+                  path: '.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs',
+                  spec: 'https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js',
+                },
+              ],
+            }),
+          );
+
+          await writeFile(
+            path.join(
+              repository.directoryPath,
+              '.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs',
+            ),
+            'test scripts',
+          );
         }
         const outputLogger = new FakeOutputLogger();
 
@@ -618,6 +696,8 @@ repo-1
   - Do the typedoc-related \`scripts\` in \`package.json\` conform? ✅
   - Do the changelog-related \`devDependencies\` in \`package.json\` conform? ✅
   - Do the changelog-related \`scripts\` in \`package.json\` conform? ✅
+  - Do the lavamoat-related \`devDependencies\` in \`package.json\` conform? ✅
+  - Does lavamoat lists \`@lavamoat/preinstall-always-fail: false\` in allow scripts? ✅
 - Is \`README.md\` present? ✅
   - Does the README conform by recommending the correct Yarn version to install? ✅
   - Does the README conform by recommending node install from nodejs.org? ✅
@@ -635,8 +715,10 @@ repo-1
 - Is \`.editorconfig\` present, and does it conform? ✅
 - Is \`.gitattributes\` present, and does it conform? ✅
 - Is \`.gitignore\` present, and does it conform? ✅
+- Does allow scripts conforms to yarn? ✅
+- Does yarn plugins conforms to allow scripts? ✅
 
-Results:       36 passed, 0 failed, 36 total
+Results:       40 passed, 0 failed, 40 total
 Elapsed time:  0 ms
 
 
@@ -662,6 +744,8 @@ repo-2
   - Do the typedoc-related \`scripts\` in \`package.json\` conform? ✅
   - Do the changelog-related \`devDependencies\` in \`package.json\` conform? ✅
   - Do the changelog-related \`scripts\` in \`package.json\` conform? ✅
+  - Do the lavamoat-related \`devDependencies\` in \`package.json\` conform? ✅
+  - Does lavamoat lists \`@lavamoat/preinstall-always-fail: false\` in allow scripts? ✅
 - Is \`README.md\` present? ✅
   - Does the README conform by recommending the correct Yarn version to install? ✅
   - Does the README conform by recommending node install from nodejs.org? ✅
@@ -679,8 +763,10 @@ repo-2
 - Is \`.editorconfig\` present, and does it conform? ✅
 - Is \`.gitattributes\` present, and does it conform? ✅
 - Is \`.gitignore\` present, and does it conform? ✅
+- Does allow scripts conforms to yarn? ✅
+- Does yarn plugins conforms to allow scripts? ✅
 
-Results:       36 passed, 0 failed, 36 total
+Results:       40 passed, 0 failed, 40 total
 Elapsed time:  0 ms
 
 `,
@@ -707,6 +793,20 @@ Elapsed time:  0 ms
         for (const repository of repositories.slice(1)) {
           await writeFile(path.join(repository.directoryPath, '.yarnrc'), '');
         }
+        for (const repository of repositories) {
+          await writeFile(
+            path.join(repository.directoryPath, '.yarnrc.yml'),
+            stringify({
+              enableScripts: true,
+              plugins: [
+                {
+                  path: '.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs',
+                  spec: 'https://raw.githubusercontent.com/LavaMoat/LavaMoat/main/packages/yarn-plugin-allow-scripts/bundles/@yarnpkg/plugin-allow-scripts.js',
+                },
+              ],
+            }),
+          );
+        }
         const outputLogger = new FakeOutputLogger();
 
         await main({
@@ -732,7 +832,6 @@ repo-1
 - Is \`README.md\` present? ❌
   - \`README.md\` does not exist in this project.
 - Are all of the files for Yarn Modern present, and do they conform? ❌
-  - \`.yarnrc.yml\` does not exist in this project.
   - \`.yarn/releases/\` does not exist in this project.
   - \`.yarn/plugins/\` does not exist in this project.
 - Does the \`src/\` directory exist? ❌
@@ -757,8 +856,12 @@ repo-1
   - \`.gitattributes\` does not exist in this project.
 - Is \`.gitignore\` present, and does it conform? ❌
   - \`.gitignore\` does not exist in this project.
+- Does allow scripts conforms to yarn? ❌
+  - \`.yarnrc.yml\` should list \`'enableScripts': false\`, but does not.
+- Does yarn plugins conforms to allow scripts? ❌
+  - \`.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs\` does not exist in this project.
 
-Results:       0 passed, 15 failed, 15 total
+Results:       0 passed, 17 failed, 17 total
 Elapsed time:  0 ms
 
 
@@ -772,7 +875,6 @@ repo-2
 - Is \`README.md\` present? ❌
   - \`README.md\` does not exist in this project.
 - Are all of the files for Yarn Modern present, and do they conform? ❌
-  - \`.yarnrc.yml\` does not exist in this project.
   - \`.yarn/releases/\` does not exist in this project.
   - \`.yarn/plugins/\` does not exist in this project.
 - Does the \`src/\` directory exist? ❌
@@ -797,8 +899,12 @@ repo-2
   - \`.gitattributes\` does not exist in this project.
 - Is \`.gitignore\` present, and does it conform? ❌
   - \`.gitignore\` does not exist in this project.
+- Does allow scripts conforms to yarn? ❌
+  - \`.yarnrc.yml\` should list \`'enableScripts': false\`, but does not.
+- Does yarn plugins conforms to allow scripts? ❌
+  - \`.yarn/plugins/@yarnpkg/plugin-allow-scripts.cjs\` does not exist in this project.
 
-Results:       0 passed, 15 failed, 15 total
+Results:       0 passed, 17 failed, 17 total
 Elapsed time:  0 ms
 
 `,
@@ -880,8 +986,10 @@ repo-2
   - \`.gitattributes\` does not exist in this project.
 - Is \`.gitignore\` present, and does it conform? ❌
   - \`.gitignore\` does not exist in this project.
+- Does allow scripts conforms to yarn? ✅
+- Does yarn plugins conforms to allow scripts? ✅
 
-Results:       1 passed, 14 failed, 15 total
+Results:       3 passed, 14 failed, 17 total
 Elapsed time:  0 ms
 
 `,