feat: autodetection for test, monitor, wizard & protect

Lockfile autodetection functionality wuth fall back for yarn.lock files on node < 6 && yarn//lock wizard flow.
Mattlk13 · Oct 5, 2018 · 20b8ccc · 20b8ccc
1 parent 29b8dc9
commit 20b8ccc
Show file tree

Hide file tree

Showing 11 changed files with 386 additions and 214 deletions.
diff --git a/help/file.txt b/help/file.txt
@@ -9,6 +9,7 @@ package information.
 When ommitted Snyk will try to detect the appropriate file for your project by
 looking for files in following order:
   yarn.lock
+  package-lock.json
   package.json
   Gemfile
   Gemfile.lock
@@ -24,4 +25,4 @@ looking for files in following order:
 If more than one file exists it will use the first order-wise. If you wish to specify manually, you can
   point the --file parameter to force using what you specify, for example:
 
-  $ snyk test --file=Gemfile
+  $ snyk test --file=Gemfile
diff --git a/npm-debug.log b/npm-debug.log
@@ -0,0 +1,49 @@
+0 info it worked if it ends with ok
+1 verbose cli [ '/Users/lili/.nvm/versions/node/v6.12.3/bin/node',
+1 verbose cli   '/Users/lili/.nvm/versions/node/v6.12.3/bin/npm',
+1 verbose cli   'run',
+1 verbose cli   'tap' ]
+2 info using npm@3.10.10
+3 info using node@v6.12.3
+4 verbose run-script [ 'pretap', 'tap', 'posttap' ]
+5 info lifecycle snyk@~pretap: snyk@
+6 silly lifecycle snyk@~pretap: no script for pretap, continuing
+7 info lifecycle snyk@~tap: snyk@
+8 verbose lifecycle snyk@~tap: unsafe-perm in lifecycle true
+9 verbose lifecycle snyk@~tap: PATH: /Users/lili/.nvm/versions/node/v6.12.3/lib/node_modules/npm/bin/node-gyp-bin:/Users/lili/www/snyk/snyk/node_modules/.bin:/usr/local/opt/maven@3.3/bin:/Users/lili/Downloads/google-cloud-sdk/bin:/usr/local/heroku/bin:/Users/lili/.rbenv/shims:/Users/lili/.nvm/versions/node/v6.12.3/bin:/usr/local/Cellar/postgresql@9.6/9.6.6/bin/:/Users/lili/.dotnet:/usr/local/go/bin:/System//Library/Frameworks/Python.framework/Versions/2.7/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
+10 verbose lifecycle snyk@~tap: CWD: /Users/lili/www/snyk/snyk
+11 silly lifecycle snyk@~tap: Args: [ '-c',
+11 silly lifecycle   'tap test/cli.acceptance.test.js  -Rspec --timeout=180 --node-path ts-node --test-file-pattern \'/\\.[tj]s$/\'' ]
+12 silly lifecycle snyk@~tap: Returned: code: 1  signal: null
+13 info lifecycle snyk@~tap: Failed to exec tap script
+14 verbose stack Error: snyk@ tap: `tap test/cli.acceptance.test.js  -Rspec --timeout=180 --node-path ts-node --test-file-pattern '/\.[tj]s$/'`
+14 verbose stack Exit status 1
+14 verbose stack     at EventEmitter.<anonymous> (/Users/lili/.nvm/versions/node/v6.12.3/lib/node_modules/npm/lib/utils/lifecycle.js:255:16)
+14 verbose stack     at emitTwo (events.js:106:13)
+14 verbose stack     at EventEmitter.emit (events.js:191:7)
+14 verbose stack     at ChildProcess.<anonymous> (/Users/lili/.nvm/versions/node/v6.12.3/lib/node_modules/npm/lib/utils/spawn.js:40:14)
+14 verbose stack     at emitTwo (events.js:106:13)
+14 verbose stack     at ChildProcess.emit (events.js:191:7)
+14 verbose stack     at maybeClose (internal/child_process.js:920:16)
+14 verbose stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:230:5)
+15 verbose pkgid snyk@
+16 verbose cwd /Users/lili/www/snyk/snyk
+17 error Darwin 17.3.0
+18 error argv "/Users/lili/.nvm/versions/node/v6.12.3/bin/node" "/Users/lili/.nvm/versions/node/v6.12.3/bin/npm" "run" "tap"
+19 error node v6.12.3
+20 error npm  v3.10.10
+21 error code ELIFECYCLE
+22 error snyk@ tap: `tap test/cli.acceptance.test.js  -Rspec --timeout=180 --node-path ts-node --test-file-pattern '/\.[tj]s$/'`
+22 error Exit status 1
+23 error Failed at the snyk@ tap script 'tap test/cli.acceptance.test.js  -Rspec --timeout=180 --node-path ts-node --test-file-pattern '/\.[tj]s$/''.
+23 error Make sure you have the latest version of node.js and npm installed.
+23 error If you do, this is most likely a problem with the snyk package,
+23 error not with npm itself.
+23 error Tell the author that this fails on your system:
+23 error     tap test/cli.acceptance.test.js  -Rspec --timeout=180 --node-path ts-node --test-file-pattern '/\.[tj]s$/'
+23 error You can get information on how to open an issue for this project with:
+23 error     npm bugs snyk
+23 error Or if that isn't available, you can get their info via:
+23 error     npm owner ls snyk
+23 error There is likely additional logging output above.
+24 verbose exit [ 1, true ]
diff --git a/src/cli/commands/protect/index.js b/src/cli/commands/protect/index.js
@@ -2,7 +2,7 @@ var debug = require('debug')('snyk');
 var snyk = require('../../../lib/');
 var protect = require('../../../lib/protect');
 var analytics = require('../../../lib/analytics');
-var detectPackageManager = require('../../../lib/detect').detectPackageManager;
+var detect = require('../../../lib/detect');
 var unsupportedPackageManagers = {
   rubygems: 'RubyGems',
   maven: 'Maven',
@@ -16,16 +16,21 @@ var unsupportedPackageManagers = {
 };
 
 
-function protectFunc(options) {
-  if (!options) {
-    options = {};
-  }
-
+function protectFunc(options = {}) {
   options.loose = true; // replace missing policies with empty ones
   options.vulnEndpoint = '/vuln/npm/patches';
+  // TODO: fix this by providing better patch support for yarn
+  // yarn hoists packages up a tree so we can't assume their location
+  // on disk without traversing node_modules
+  // currently the npm@2 nd npm@3 plugin resolve-deps can do this
+  // but not the latest node-lockfile-parser
+  // HACK: if yarn set traverseNodeModules option to
+  // bypass lockfile test for wizard
+  options.traverseNodeModules = true;
+
 
   try {
-    var packageManager = detectPackageManager(process.cwd(), options);
+    var packageManager = detect.detectPackageManager(process.cwd(), options);
     var unsupported = unsupportedPackageManagers[packageManager];
     if (unsupported) {
       throw new Error(