Cleanup optimize command

Author: jdalton

src/commands/fix/run-fix.ts

@@ -18,7 +18,7 @@ import {
   getPackagesAlerts,
   updateNode
 } from '../../shadow/arborist/lib/arborist/reify'
-// import { detect } from '../../utils/package-manager-detector'
+// import { detect } from '../../utils/package-environment-detector'
 
 import type { SafeNode } from '../../shadow/arborist/lib/node'
 

src/commands/optimize/apply-optimization.ts

@@ -4,109 +4,82 @@ import npa from 'npm-package-arg'
 import semver from 'semver'
 import { glob as tinyGlob } from 'tinyglobby'
 
-import { type ManifestEntry } from '@socketsecurity/registry'
+import { getManifestData } from '@socketsecurity/registry'
 import { hasOwn, toSortedObject } from '@socketsecurity/registry/lib/objects'
 import {
   fetchPackageManifest,
   readPackageJson
 } from '@socketsecurity/registry/lib/packages'
-import { type EditablePackageJson } from '@socketsecurity/registry/lib/packages'
 import { pEach } from '@socketsecurity/registry/lib/promises'
 import { Spinner } from '@socketsecurity/registry/lib/spinner'
 import { pluralize } from '@socketsecurity/registry/lib/words'
 
 import { depsIncludesByAgent } from './deps-includes-by-agent'
-import { detectAndValidatePackageManager } from './detect-and-validate-package-manager'
+import { detectAndValidatePackageEnvironment } from './detect-and-validate-package-environment'
 import { getDependencyEntries } from './get-dependency-entries'
-import { getOverridesDataByAgent } from './get-overrides-by-agent'
+import { overridesDataByAgent } from './get-overrides-by-agent'
 import { getWorkspaceGlobs } from './get-workspace-globs'
-import {
-  AgentLockIncludesFn,
-  lockIncludesByAgent
-} from './lock-includes-by-agent'
+import { lockIncludesByAgent } from './lock-includes-by-agent'
 import { lsByAgent } from './ls-by-agent'
 import { updateManifestByAgent } from './update-manifest-by-agent'
 import { updatePackageLockJson } from './update-package-lock-json'
 import constants from '../../constants'
 
+import type { AgentLockIncludesFn } from './lock-includes-by-agent'
 import type {
   Agent,
+  PackageEnvironmentDetails,
   StringKeyValueObject
-} from '../../utils/package-manager-detector'
-
-type PackageJson = Awaited<ReturnType<typeof readPackageJson>>
+} from '../../utils/package-environment-detector'
 
-type AddOverridesConfig = {
-  agent: Agent
-  agentExecPath: string
-  lockBasename: string
-  lockSrc: string
-  manifestEntries: ManifestEntry[]
-  npmExecPath: string
-  pkgJson?: EditablePackageJson | undefined
-  pkgPath: string
+type AddOverridesOptions = {
+  logger?: Console | undefined
   pin?: boolean | undefined
   prod?: boolean | undefined
-  rootPath: string
+  spinner?: Spinner | undefined
+  state?: AddOverridesState | undefined
 }
-
 type AddOverridesState = {
   added: Set<string>
   addedInWorkspaces: Set<string>
-  spinner: Spinner
   updated: Set<string>
   updatedInWorkspaces: Set<string>
   warnedPnpmWorkspaceRequiresNpm: boolean
 }
-
+type GetOverridesResult = { type: Agent; overrides: Overrides }
 type NpmOverrides = { [key: string]: string | StringKeyValueObject }
+type PackageJson = Awaited<ReturnType<typeof readPackageJson>>
 type PnpmOrYarnOverrides = { [key: string]: string }
 type Overrides = NpmOverrides | PnpmOrYarnOverrides
-type GetOverridesResult = { type: Agent; overrides: Overrides }
 
 const { NPM, PNPM, YARN_CLASSIC } = constants
 
 const COMMAND_TITLE = 'Socket Optimize'
 
+const manifestNpmOverrides = getManifestData(NPM)
+
 export async function applyOptimization(
   cwd: string,
   pin: boolean,
   prod: boolean
 ) {
-  const pkgMgrData = await detectAndValidatePackageManager(cwd, prod)
-  if (!pkgMgrData) return
-
-  const {
-    agent,
-    agentExecPath,
-    lockBasename,
-    lockName,
-    lockSrc,
-    manifestEntries,
-    npmExecPath,
-    pkgJson,
-    pkgPath
-  } = pkgMgrData
-
+  const logger = console
+  const pkgEnvDetails = await detectAndValidatePackageEnvironment(cwd, {
+    logger,
+    prod
+  })
+  if (!pkgEnvDetails) {
+    return
+  }
   const spinner = new Spinner({ text: 'Socket optimizing...' })
   spinner.start()
 
-  const state = await addOverrides(
-    {
-      agent,
-      agentExecPath,
-      lockBasename,
-      lockSrc,
-      manifestEntries,
-      npmExecPath,
-      pin,
-      pkgJson,
-      pkgPath,
-      prod,
-      rootPath: pkgPath
-    },
-    createAddOverridesState(spinner)
-  )
+  const state = await addOverrides(pkgEnvDetails.pkgPath, pkgEnvDetails, {
+    logger,
+    pin,
+    prod,
+    spinner
+  })
 
   spinner.stop()
 
@@ -115,23 +88,23 @@ export async function applyOptimization(
   const pkgJsonChanged = addedCount > 0 || updatedCount > 0
   if (pkgJsonChanged) {
     if (updatedCount > 0) {
-      console.log(
+      logger?.log(
         `${createActionMessage('Updated', updatedCount, state.updatedInWorkspaces.size)}${addedCount ? '.' : '🚀'}`
       )
     }
     if (addedCount > 0) {
-      console.log(
+      logger?.log(
         `${createActionMessage('Added', addedCount, state.addedInWorkspaces.size)} 🚀`
       )
     }
   } else {
-    console.log('Congratulations! Already Socket.dev optimized 🎉')
+    logger?.log('Congratulations! Already Socket.dev optimized 🎉')
   }
 
-  if (agent === NPM || pkgJsonChanged) {
+  if (pkgEnvDetails.agent === NPM || pkgJsonChanged) {
     // Always update package-lock.json until the npm overrides PR lands:
     // https://github.com/npm/cli/pull/8089
-    await updatePackageLockJson(lockName, agentExecPath, agent, spinner)
+    await updatePackageLockJson(pkgEnvDetails, { logger, spinner })
   }
 }
 
@@ -143,37 +116,36 @@ function createActionMessage(
   return `${verb} ${overrideCount} Socket.dev optimized ${pluralize('override', overrideCount)}${workspaceCount ? ` in ${workspaceCount} ${pluralize('workspace', workspaceCount)}` : ''}`
 }
 
-function createAddOverridesState(spinner: Spinner): AddOverridesState {
-  return {
-    added: new Set(),
-    addedInWorkspaces: new Set(),
-    spinner,
-    updated: new Set(),
-    updatedInWorkspaces: new Set(),
-    warnedPnpmWorkspaceRequiresNpm: false
-  }
-}
-
 async function addOverrides(
-  {
+  pkgPath: string,
+  pkgEnvDetails: PackageEnvironmentDetails,
+  options?: AddOverridesOptions | undefined
+): Promise<AddOverridesState> {
+  const {
     agent,
     agentExecPath,
-    lockBasename,
+    lockName,
     lockSrc,
-    manifestEntries,
     npmExecPath,
+    pkgPath: rootPath
+  } = pkgEnvDetails
+  const {
+    logger,
     pin,
-    pkgJson: editablePkgJson,
-    pkgPath,
     prod,
-    rootPath
-  }: AddOverridesConfig,
-  state: AddOverridesState
-): Promise<AddOverridesState> {
+    spinner,
+    state = {
+      added: new Set(),
+      addedInWorkspaces: new Set(),
+      updated: new Set(),
+      updatedInWorkspaces: new Set(),
+      warnedPnpmWorkspaceRequiresNpm: false
+    }
+  } = <AddOverridesOptions>{ __proto__: null, ...options }
+  let { pkgJson: editablePkgJson } = pkgEnvDetails
   if (editablePkgJson === undefined) {
     editablePkgJson = await readPackageJson(pkgPath, { editable: true })
   }
-  const { spinner } = state
   const { content: pkgJson } = editablePkgJson
   const isRoot = pkgPath === rootPath
   const isLockScanned = isRoot && !prod
@@ -187,35 +159,42 @@ async function addOverrides(
     !state.warnedPnpmWorkspaceRequiresNpm
   ) {
     state.warnedPnpmWorkspaceRequiresNpm = true
-    console.warn(
+    logger?.warn(
       `⚠️ ${COMMAND_TITLE}: pnpm workspace support requires \`npm ls\`, falling back to \`pnpm list\``
     )
   }
   const thingToScan = isLockScanned
     ? lockSrc
-    : await lsByAgent[agent](agentExecPath, pkgPath, { npmExecPath })
+    : await lsByAgent[agent]!(agentExecPath, pkgPath, { npmExecPath })
   // The AgentDepsIncludesFn and AgentLockIncludesFn types overlap in their
   // first two parameters. AgentLockIncludesFn accepts an optional third
   // parameter which AgentDepsIncludesFn will ignore so we cast thingScanner
   // as an AgentLockIncludesFn type.
   const thingScanner = <AgentLockIncludesFn>(
-    (isLockScanned ? lockIncludesByAgent[agent] : depsIncludesByAgent[agent])
+    (isLockScanned
+      ? lockIncludesByAgent.get(agent)
+      : depsIncludesByAgent.get(agent))
   )
   const depEntries = getDependencyEntries(pkgJson)
 
   const overridesDataObjects = <GetOverridesResult[]>[]
   if (pkgJson['private'] || isWorkspace) {
-    overridesDataObjects.push(getOverridesDataByAgent[agent](pkgJson))
+    overridesDataObjects.push(overridesDataByAgent.get(agent)!(pkgJson))
   } else {
     overridesDataObjects.push(
-      getOverridesDataByAgent[NPM](pkgJson),
-      getOverridesDataByAgent[YARN_CLASSIC](pkgJson)
+      overridesDataByAgent.get(NPM)!(pkgJson),
+      overridesDataByAgent.get(YARN_CLASSIC)!(pkgJson)
     )
   }
   if (spinner) {
     spinner.text = `Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`
   }
   const depAliasMap = new Map<string, string>()
+
+  const nodeRange = `>=${pkgEnvDetails.minimumNodeVersion}`
+  const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
+    semver.satisfies(semver.coerce(data.engines.node)!, nodeRange)
+  )
   // Chunk package names to process them in parallel 3 at a time.
   await pEach(manifestEntries, 3, async ({ 1: data }) => {
     const { name: sockRegPkgName, package: origPkgName, version } = data
@@ -258,7 +237,7 @@ async function addOverrides(
         const overrideExists = hasOwn(overrides, origPkgName)
         if (
           overrideExists ||
-          thingScanner(thingToScan, origPkgName, lockBasename)
+          thingScanner(thingToScan, origPkgName, lockName)
         ) {
           const oldSpec = overrideExists ? overrides[origPkgName]! : undefined
           const origDepAlias = depAliasMap.get(origPkgName)
@@ -313,19 +292,14 @@ async function addOverrides(
     // Chunk package names to process them in parallel 3 at a time.
     await pEach(workspacePkgJsonPaths, 3, async workspacePkgJsonPath => {
       const otherState = await addOverrides(
+        path.dirname(workspacePkgJsonPath),
+        pkgEnvDetails,
         {
-          agent,
-          agentExecPath,
-          lockBasename,
-          lockSrc,
-          manifestEntries,
-          npmExecPath,
+          logger,
           pin,
-          pkgPath: path.dirname(workspacePkgJsonPath),
           prod,
-          rootPath
-        },
-        createAddOverridesState(spinner)
+          spinner
+        }
       )
       for (const key of [
         'added',
@@ -351,7 +325,10 @@ async function addOverrides(
   if (state.added.size > 0 || state.updated.size > 0) {
     editablePkgJson.update(<PackageJson>Object.fromEntries(depEntries))
     for (const { overrides, type } of overridesDataObjects) {
-      updateManifestByAgent[type](editablePkgJson, toSortedObject(overrides))
+      updateManifestByAgent.get(type)!(
+        editablePkgJson,
+        toSortedObject(overrides)
+      )
     }
     await editablePkgJson.save()
   }

src/commands/optimize/cmd-optimize.ts

@@ -57,7 +57,9 @@ async function run(
 
   const cwd = process.cwd()
 
-  if (cli.flags['dryRun']) return console.log('[DryRun] Bailing now')
+  if (cli.flags['dryRun']) {
+    return console.log('[DryRun] Bailing now')
+  }
 
   await applyOptimization(
     cwd,

src/commands/optimize/deps-includes-by-agent.ts

@@ -1,6 +1,6 @@
 import constants from '../../constants'
 
-import type { Agent } from '../../utils/package-manager-detector'
+import type { Agent } from '../../utils/package-environment-detector'
 
 type AgentDepsIncludesFn = (stdout: string, name: string) => boolean
 
@@ -14,14 +14,11 @@ function matchQueryStdout(stdout: string, name: string) {
   return stdout.includes(`"${name}"`)
 }
 
-export const depsIncludesByAgent: Record<Agent, AgentDepsIncludesFn> = {
-  // @ts-ignore
-  __proto__: null,
-
-  [BUN]: matchHumanStdout,
-  [NPM]: matchQueryStdout,
-  [PNPM]: matchQueryStdout,
-  [VLT]: matchQueryStdout,
-  [YARN_BERRY]: matchHumanStdout,
-  [YARN_CLASSIC]: matchHumanStdout
-}
+export const depsIncludesByAgent = new Map<Agent, AgentDepsIncludesFn>([
+  [BUN, matchHumanStdout],
+  [NPM, matchQueryStdout],
+  [PNPM, matchQueryStdout],
+  [VLT, matchQueryStdout],
+  [YARN_BERRY, matchHumanStdout],
+  [YARN_CLASSIC, matchHumanStdout]
+])