Skip to content

Commit

Permalink
deps: upgrade tslib to 2.4.0, remove @yarn-tool/resolve-package (#326)
Browse files Browse the repository at this point in the history
- tslib 2.4.0 is forward and backward-compatible with older and newer
  Node exports mechanisms, so the Node 17 error should no longer be
  present
  - it has the older `./` and the newer `./*` in its package exports,
    which should allow for `package.json` to be read in both older and
    newer implementations

- this allows us to remove the extra dep on `@yarn-tool/resolve-package`
  as well
  - other than less unnecessary deps being good,
    `@yarn-tool/resolve-package` is also a not well-documented package
    with very few users, which does not make for a good security posture
    for rpt2 (which has historically prioritized supply chain security
    in other issues around deps) or, in particular, its consumers, which
    there are very many of (in contrast with `@yarn-tool`)
  - per my issue comment, we could also have avoided the extra dep prior
    to the tslib upgrade by resolving to absolute paths, as Node only
    does a "weak" encapsulation of relative imports

- test: add a small unit test for tslib.ts to ensure that this method
  works and passes on different Node versions in CI
  - more a smoke test that it runs at all, the testing is additional
    and a bit duplicative of the source tbh
  • Loading branch information
agilgur5 authored May 16, 2022
1 parent 327574e commit 60f3489
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 15 deletions.
11 changes: 11 additions & 0 deletions __tests__/tslib.spec.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import { test, expect } from "@jest/globals";
import * as fs from "fs-extra";

import { tslibVersion, tslibSource } from "../src/tslib";

test("tslib", async () => {
expect(tslibVersion).toEqual(require("tslib/package.json").version);

const tslibES6 = await fs.readFile(require.resolve("tslib/tslib.es6.js"), "utf8");
expect(tslibSource).toEqual(tslibES6);
});
58 changes: 48 additions & 10 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,10 @@
},
"dependencies": {
"@rollup/pluginutils": "^4.1.2",
"@yarn-tool/resolve-package": "^1.0.40",
"find-cache-dir": "^3.3.2",
"fs-extra": "^10.0.0",
"resolve": "^1.20.0",
"tslib": "^2.3.1"
"tslib": "^2.4.0"
},
"peerDependencies": {
"rollup": ">=1.26.3",
Expand Down
6 changes: 3 additions & 3 deletions src/tslib.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ export const TSLIB = "tslib";
export const TSLIB_VIRTUAL = "\0tslib.js";
export let tslibSource: string;
export let tslibVersion: string;

try
{
// tslint:disable-next-line:no-string-literal no-var-requires
const _ = require("@yarn-tool/resolve-package").resolvePackage('tslib');
const tslibPackage = _.pkg;
const tslibPath = _.resolveLocation(tslibPackage.module);
const tslibPackage = require("tslib/package.json");
const tslibPath = require.resolve("tslib/" + tslibPackage.module);
tslibSource = readFileSync(tslibPath, "utf8");
tslibVersion = tslibPackage.version;
} catch (e)
Expand Down

0 comments on commit 60f3489

Please sign in to comment.