feat: add support for yarn berry lockfiles (#147)

* feat: add support for yarn berry lockfiles

* Update packages/lockfile-lint-api/package.json

* Update packages/lockfile-lint/package.json

* Update packages/lockfile-lint-api/__tests__/parseYarnLockfile.test.js

* Update packages/lockfile-lint/package.json

* Update packages/lockfile-lint/package.json

* Update packages/lockfile-lint-api/__tests__/parseYarnLockfile.test.js

Co-authored-by: Liran Tal <[email protected]>

Author: brad-decker

packages/lockfile-lint-api/__tests__/__fixtures__/yarnberry.lock

@@ -0,0 +1,38 @@
+# This file is generated by running "yarn install" inside your project.
+# Manual changes might be lost - proceed with caution!
+
+__metadata:
+  version: 6
+  cacheKey: 8
+
+"debug@npm:4.1.1":
+  version: 4.1.1
+  resolution: "debug@npm:4.1.1"
+  dependencies:
+    ms: ^2.1.1
+  checksum: 1e681f5cce94ba10f8dde74b20b42e4d8cf0d2a6700f4c165bb3bb6885565ef5ca5885bf07e704974a835f2415ff095a63164f539988a1f07e8a69fe8b1d65ad
+  languageName: node
+  linkType: hard
+
+"ms@npm:2.1.2":
+  version: 2.1.2
+  resolution: "ms@npm:2.1.2"
+  checksum: 673cdb2c3133eb050c745908d8ce632ed2c02d85640e2edb3ace856a2266a813b30c613569bf3354fdf4ea7d1a1494add3bfa95e2713baa27d0c2c71fc44f58f
+  languageName: node
+  linkType: hard
+
+"ms@npm:^2.1.1":
+  version: 2.1.3
+  resolution: "ms@npm:2.1.3"
+  checksum: aa92de608021b242401676e35cfa5aa42dd70cbdc082b916da7fb925c542173e36bce97ea3e804923fe92c0ad991434e4a38327e15a1b5b5f945d66df615ae6d
+  languageName: node
+  linkType: hard
+
+"test@workspace:.":
+  version: 0.0.0-use.local
+  resolution: "test@workspace:."
+  dependencies:
+    debug: 4.1.1
+    ms: 2.1.2
+  languageName: unknown
+  linkType: soft

packages/lockfile-lint-api/__tests__/parseYarnLockfile.test.js

@@ -24,6 +24,26 @@ describe('ParseLockfile Yarn', () => {
     )
   })
 
+  it('parsing a yarn berry lockfile returns an object with packages', () => {
+    const mockYarnLockfilePath = path.join(__dirname, './__fixtures__/yarnberry.lock')
+    const options = {
+      lockfilePath: mockYarnLockfilePath,
+      lockfileType: 'yarn'
+    }
+    const parser = new ParseLockfile(options)
+    const lockfile = parser.parseSync()
+
+    expect(lockfile.type).toEqual('success')
+    expect(lockfile.object).toEqual(
+      expect.objectContaining({
+        'debug@npm:4.1.1': expect.any(Object),
+        'ms@npm:2.1.2': expect.any(Object),
+        'ms@npm:^2.1.1': expect.any(Object),
+        'test@workspace:.': expect.any(Object)
+      })
+    )
+  })
+
   it('providing empty content for lockfileText throws an error', () => {
     const parser = new ParseLockfile({lockfileText: '\n\n', lockfileType: 'yarn'})
     expect(() => {

packages/lockfile-lint-api/package.json

@@ -49,7 +49,7 @@
     "directory": "packages/lockfile-lint-api"
   },
   "dependencies": {
-    "@yarnpkg/parsers": "^3.0.0-rc.6",
+    "@yarnpkg/parsers": "^3.0.0-rc.32",
     "object-hash": "^3.0.0"
   },
   "devDependencies": {

packages/lockfile-lint-api/src/ParseLockfile.js

@@ -20,14 +20,14 @@ const {
  * Checks if a sample object is a valid dependency structure
  * @return boolean
  */
-function checkSampleContent (lockfile) {
-  const [sampleKey, sampleValue] = Object.entries(lockfile)[0]
+function checkSampleContent (lockfile, isYarnBerry) {
+  const [sampleKey, sampleValue] = Object.entries(lockfile)[isYarnBerry ? 1 : 0]
   return (
     sampleKey.match(/.*@.*/) &&
     (sampleValue &&
       typeof sampleValue === 'object' &&
       sampleValue.hasOwnProperty('version') &&
-      sampleValue.hasOwnProperty('resolved'))
+      (sampleValue.hasOwnProperty('resolved') || sampleValue.hasOwnProperty('resolution')))
   )
 }
 /**
@@ -36,11 +36,30 @@ function checkSampleContent (lockfile) {
  */
 function yarnParseAndVerify (lockfileBuffer) {
   const lockfile = yarnParseSyml(lockfileBuffer.toString())
+  const isYarnBerry = typeof lockfile.__metadata === 'object'
   const hasSensibleContent =
-    lockfile && typeof lockfile === 'object' && checkSampleContent(lockfile)
+    lockfile && typeof lockfile === 'object' && checkSampleContent(lockfile, isYarnBerry)
   if (!hasSensibleContent) {
     throw Error('Lockfile does not seem to contain a valid dependency list')
   }
+
+  if (isYarnBerry) {
+    const normalizedLockFile = {}
+    Object.entries(lockfile).forEach(([packageName, packageDetails]) => {
+      const resolution = packageDetails.resolution
+      if (resolution) {
+        const splitByAt = resolution.split('@')
+        let host
+        if (splitByAt.length > 2 && resolution[0] === '@') {
+          host = splitByAt[2]
+        } else {
+          host = splitByAt[1]
+        }
+        normalizedLockFile[packageName] = Object.assign({}, packageDetails, {resolved: host})
+      }
+    })
+    return {type: 'success', object: normalizedLockFile}
+  }
   return {type: 'success', object: lockfile}
 }
 class ParseLockfile {

yarn.lock

@@ -1347,13 +1347,13 @@
   resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-12.0.12.tgz#45dd1d0638e8c8f153e87d296907659296873916"
   integrity sha512-SOhuU4wNBxhhTHxYaiG5NY4HBhDIDnJF60GU+2LqHAdKKer86//e4yg69aENCtQ04n0ovz+tq2YPME5t5yp4pw==
 
-"@yarnpkg/parsers@^3.0.0-rc.6":
-  version "3.0.0-rc.6"
-  resolved "https://registry.yarnpkg.com/@yarnpkg/parsers/-/parsers-3.0.0-rc.6.tgz#3c93267fdae4470e4eaaf8c5f81d0d00ea177f76"
-  integrity sha512-YqtJ9VQqQixZsJJS4X83e6RMpgK1jmQJSIrCfd1wO3i/7vPk9QoLvvZS4bwZ2ha8QWqWlO/alAcXCGBezEI1Ig==
+"@yarnpkg/parsers@^3.0.0-rc.32":
+  version "3.0.0-rc.32"
+  resolved "https://registry.yarnpkg.com/@yarnpkg/parsers/-/parsers-3.0.0-rc.32.tgz#0aef0bd1b9e9954173c01a7cbd35f98765e39e7d"
+  integrity sha512-Sz2g88b3iAu2jpMnhtps2bRX2GAAOvanOxGcVi+o7ybGjLetxK23o2cHskXKypvXxtZTsJegel5pUWSPpYphww==
   dependencies:
     js-yaml "^3.10.0"
-    tslib "^1.13.0"
+    tslib "^2.4.0"
 
 JSONStream@^1.0.4, JSONStream@^1.3.4, JSONStream@^1.3.5:
   version "1.3.5"
@@ -9403,16 +9403,16 @@ trim-right@^1.0.1:
   resolved "https://registry.yarnpkg.com/trim-right/-/trim-right-1.0.1.tgz#cb2e1203067e0c8de1f614094b9fe45704ea6003"
   integrity sha1-yy4SAwZ+DI3h9hQJS5/kVwTqYAM=
 
-tslib@^1.13.0:
-  version "1.14.1"
-  resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00"
-  integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==
-
 tslib@^1.9.0:
   version "1.9.3"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.9.3.tgz#d7e4dd79245d85428c4d7e4822a79917954ca286"
   integrity sha512-4krF8scpejhaOgqzBEcGM7yDIEfi0/8+8zDRZhNZZ2kjmHJ4hv3zCbQWxoJGz1iw5U0Jl0nma13xzHXcncMavQ==
 
+tslib@^2.4.0:
+  version "2.4.1"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.4.1.tgz#0d0bfbaac2880b91e22df0768e55be9753a5b17e"
+  integrity sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==
+
 tunnel-agent@^0.6.0:
   version "0.6.0"
   resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.6.0.tgz#27a5dea06b36b04a0a9966774b290868f0fc40fd"