Check that the oldest version of runtime dependencies is used

Add a script that automatically checks the lockfile has recorded the oldest compatible version of a runtime dependency that is supported. We want to depend on the oldest version to make sure we don't start using any functionality introduced in a newer version, thus breaking our users. This script is based on the file `script/check-runtime-deps.js` from the GitHub repo ericcornelissen/shescape at commit `0e75ae3`. Signed-off-by: Eric Cornelissen <[email protected]>
ericcornelissen · Nov 9, 2024 · 89c2496 · 89c2496
1 parent fc2398c
commit 89c2496
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 1 deletion.
diff --git a/check-runtime-deps.js b/check-runtime-deps.js
@@ -0,0 +1,62 @@
+// MIT No Attribution
+//
+// Copyright 2024 Eric Cornelissen
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this
+// software and associated documentation files (the "Software"), to deal in the Software
+// without restriction, including without limitation the rights to use, copy, modify,
+// merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+// PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+import cp from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import process from "node:process";
+
+const manifestPath = path.resolve(".", "package.json");
+const rawManifest = fs.readFileSync(manifestPath).toString();
+const manifest = JSON.parse(rawManifest);
+const runtimeDeps = manifest.dependencies;
+
+const violations = Object.entries(runtimeDeps)
+	.map(([dependency, supported]) => ({
+		dependency,
+		installed: getInstalledVersion(dependency),
+		supported,
+	}))
+	.filter(({ installed, supported }) => !supported.endsWith(installed));
+
+if (violations.length > 0) {
+	violations.forEach(({ dependency, installed, supported }) => {
+		console.log("Dependency:", dependency);
+		console.log("  supported:", supported);
+		console.log("  installed:", installed);
+	});
+
+	console.log("");
+	console.log(
+		violations.length,
+		"violation(s) found.",
+		"Update either the version range or installed version of each violation.",
+	);
+
+	process.exit(1);
+} else {
+	console.log("No problems detected");
+}
+
+// -----------------------------------------------------------------------------
+
+function getInstalledVersion(dependency) {
+	const stdout = cp.execSync(`npm ls --json  --depth 0  ${dependency}`);
+	const dependenciesInfo = JSON.parse(stdout);
+	const installed = dependenciesInfo.dependencies[dependency].version;
+	return installed;
+}
diff --git a/package.json b/package.json
@@ -30,7 +30,7 @@
     "licenses": "licensee --errors-only",
     "test": "node --test 'src/*.test.js'",
     "verify": "npm run test && npm run vet && npm run licenses && npm run dogfeed",
-    "vet": "lockfile-lint && ls-engines && publint --strict"
+    "vet": "lockfile-lint && ls-engines && publint --strict && node check-runtime-deps.js"
   },
   "dependencies": {
     "chalk": "^5.0.0",