Adding audit script and commiting all of the audits that it made, updating all yarn locks.

2021-11-17 18:04:16 +00:00 · 2021-11-17 18:04:16 +00:00 · 4993329ceb
parent 32f4a87f95
commit 4993329ceb
12 changed files with 9159 additions and 10156 deletions
--- a/package.json
+++ b/package.json
@ -59,6 +59,7 @@
    "mode:self": "yarn env:selfhost:enable && yarn env:multi:disable && yarn env:account:disable",
    "mode:cloud": "yarn env:selfhost:disable && yarn env:multi:enable && yarn env:account:disable",
    "mode:account": "yarn mode:cloud && yarn env:account:enable",
+    "security:audit": "node scripts/audit.js",
    "postinstall": "husky install"
  }
 }
--- a/packages/auth/yarn.lock
+++ b/packages/auth/yarn.lock
--- a/packages/bbui/yarn.lock
+++ b/packages/bbui/yarn.lock
--- a/packages/builder/vite.config.js
+++ b/packages/builder/vite.config.js
@ -1,4 +1,4 @@
-import svelte from "@sveltejs/vite-plugin-svelte"
+import { svelte } from "@sveltejs/vite-plugin-svelte"
 import replace from "@rollup/plugin-replace"

 import path from "path"
--- a/packages/builder/yarn.lock
+++ b/packages/builder/yarn.lock
--- a/packages/cli/yarn.lock
+++ b/packages/cli/yarn.lock
--- a/packages/client/yarn.lock
+++ b/packages/client/yarn.lock
--- a/packages/server/yarn.lock
+++ b/packages/server/yarn.lock
--- a/packages/string-templates/yarn.lock
+++ b/packages/string-templates/yarn.lock
--- a/packages/worker/yarn.lock
+++ b/packages/worker/yarn.lock
--- a/scripts/audit.js
+++ b/scripts/audit.js
@ -0,0 +1,50 @@
+const fs = require("fs")
+const { join } = require("path")
+const { spawnSync } =require("child_process")
+
+const PACKAGES_PATH = join(__dirname, "..", "packages")
+
+function getPackages() {
+  return fs.readdirSync(PACKAGES_PATH)
+}
+
+function deleteFile(path) {
+  try {
+    fs.unlinkSync(path)
+  } catch (err) {
+    // don't error, it just doesn't exist
+  }
+}
+
+function removeModules(path) {
+  if (fs.existsSync(path)) {
+    fs.rmdirSync(path, { recursive: true })
+  }
+}
+
+function executeInPackage(packageName) {
+  const dir = join(PACKAGES_PATH, packageName)
+  if (!fs.existsSync(join(dir, "package.json"))) {
+    console.error(`SKIPPING ${packageName} directory, no package.json`)
+    return
+  }
+  const packageLockLoc = join(dir, "package-lock.json")
+  const modulesLoc = join(dir, "node_modules")
+  deleteFile(join(dir, "yarn.lock"))
+  deleteFile(packageLockLoc)
+  removeModules(modulesLoc)
+  const opts = { cwd: dir, stdio: "inherit", shell: true }
+  spawnSync("npm", ["i", "--package-lock-only"], opts)
+  spawnSync("npm", ["audit", "fix"], opts)
+  spawnSync("yarn", ["import"], opts)
+  deleteFile(packageLockLoc)
+  removeModules(modulesLoc)
+}
+
+const packages = getPackages()
+for (let pkg of packages) {
+  executeInPackage(pkg)
+}
+
+spawnSync("yarn", ["bootstrap"], { cwd: join(__dirname, ".."), stdio: "inherit", shell: true })
+
--- a/yarn.lock
+++ b/yarn.lock