Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: handle empty bin strings #6515

Merged
merged 4 commits into from
Oct 9, 2018
Merged

Fix: handle empty bin strings #6515

merged 4 commits into from
Oct 9, 2018

Conversation

rhburrows
Copy link
Contributor

Summary

This is a followup PR for #6512. It prevents yarn from creating a link to a dependency's root directory within the .bin/ directory if the dependency has an empty string for "bin" in its package.json.

Test plan

After the change:

rhburrows$ yarn-local add file-loader --cache-folder ./cache
yarn add v1.13.0-0
info No lockfile found.
... OUTPUT ...
✨  Done in 1.17s.
rhburrows$ ls -al node_modules/.bin/
total 0
drwxr-xr-x   3 rhburrows  staff   96 Oct  7 16:59 .
drwxr-xr-x  18 rhburrows  staff  576 Oct  7 16:59 ..
lrwxr-xr-x   1 rhburrows  staff   19 Oct  7 16:59 json5 -> ../json5/lib/cli.js

@rhburrows
Fix: handle empty bin strings
88759f1 
When the package.json of a dependency sets `bin` to an empty string,
do not normalize it. This prevents creating a symlink to the
dependency's root directory within the `.bin` directory if bin-links
are enabled
Gudahtt
Gudahtt requested changes Oct 8, 2018
View reviewed changes
Copy link
Member

@Gudahtt Gudahtt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks!

Could you add an entry in CHANGELOG.md describing this change as well?

rally25rs
rally25rs requested changes Oct 8, 2018
View reviewed changes
Copy link
Contributor

@rally25rs rally25rs left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there should be a test added to __tests__/commands/install/bin-links.js which tests the actual existence of the links. The test that was added originally in this PR doesn't really test that a bin link was not created.

edit

I don't think I can make a push to your branch / this PR, but here is a diff of the test that I would recommend adding:

diff --git a/__tests__/commands/install/bin-links.js b/__tests__/commands/install/bin-links.js
index 851b72f37..7fe74d2fd 100644
--- a/__tests__/commands/install/bin-links.js
+++ b/__tests__/commands/install/bin-links.js
@@ -175,6 +175,15 @@ test('can use link protocol to install a package that would not be found via nod
   });
 });

+test('empty bin string does not create a link', (): Promise<void> => {
+  return runInstall({binLinks: true}, 'install-empty-bin', async config => {
+    const binScripts = await fs.walk(path.join(config.cwd, 'node_modules', '.bin'));
+    expect(binScripts).toHaveLength(1);
+
+    expect(await linkAt(config, 'node_modules', '.bin', 'depB')).toEqual('../depB/depb.js');
+  });
+});
+
 describe('with nohoist', () => {
   // address https://github.com/yarnpkg/yarn/issues/5487
   test('nohoist bin should be linked to its own local module', (): Promise<void> => {
diff --git a/__tests__/fixtures/install/install-empty-bin/depA/package.json b/__tests__/fixtures/install/install-empty-bin/depA/package.json
new file mode 100644
index 000000000..f333589ee
--- /dev/null
+++ b/__tests__/fixtures/install/install-empty-bin/depA/package.json
@@ -0,0 +1,5 @@
+{
+  "name": "depA",
+  "version": "0.0.0",
+  "bin": ""
+}
diff --git a/__tests__/fixtures/install/install-empty-bin/depB/depb.js b/__tests__/fixtures/install/install-empty-bin/depB/depb.js
new file mode 100644
index 000000000..95230d617
--- /dev/null
+++ b/__tests__/fixtures/install/install-empty-bin/depB/depb.js
@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+console.log('depB');
diff --git a/__tests__/fixtures/install/install-empty-bin/depB/package.json b/__tests__/fixtures/install/install-empty-bin/depB/package.json
new file mode 100644
index 000000000..c2832b922
--- /dev/null
+++ b/__tests__/fixtures/install/install-empty-bin/depB/package.json
@@ -0,0 +1,5 @@
+{
+  "name": "depB",
+  "version": "0.0.0",
+  "bin": "./depb.js"
+}
diff --git a/__tests__/fixtures/install/install-empty-bin/package.json b/__tests__/fixtures/install/install-empty-bin/package.json
new file mode 100644
index 000000000..7e59f4f34
--- /dev/null
+++ b/__tests__/fixtures/install/install-empty-bin/package.json
@@ -0,0 +1,9 @@
+{
+  "name": "test",
+  "version": "0.0.0",
+  "bin": "",
+  "dependencies": {
+    "depA": "file:depA",
+    "depB": "file:depB"
+  }
+}

This creates a root package install-empty-bin that has an empty bin, and adds a dependency depA that also has an empty bin, and verifies that neither is created.

@rhburrows
Copy link
Contributor Author

Thanks! I wasn't sure if there was a better way to test the change and your patch does a much better job verifying the intent of this PR.

I applied your patch to the branch.

Gudahtt
Gudahtt requested changes Oct 8, 2018
View reviewed changes
__tests__/commands/install/bin-links.js Outdated
test('empty bin string does not create a link', (): Promise<void> => {
return runInstall({binLinks: true}, 'install-empty-bin', async config => {
const binScripts = await fs.walk(path.join(config.cwd, 'node_modules', '.bin'));
expect(binScripts).toHaveLength(1);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should have length 2 on Windows, as two files are created per binary on Windows (one Bash script for linux-like environments like Cygwin, and one .cmd Batch script). This is why the appveyor tests are failing.

@Gudahtt
Copy link
Member

Gudahtt commented Oct 9, 2018

Great, that seemed to work. The remaining failing test is unrelated to this PR; that test is known to be flaky and will occasionally timeout.

@rally25rs
Copy link
Contributor

I kicked off a new appveyor build. Hopefully it passes this time...

@Gudahtt Gudahtt merged commit 743c145 into yarnpkg:master Oct 9, 2018
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Nov 22, 2018
@kleink
yarn: Update to 1.12.3.
b5e8a0a 
Changelog tracks back up to 1.12.0 only.

## 1.12.3

**Important:** This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the [Offline Mirror](https://yarnpkg.com/blog/2016/11/24/offline-mirror/) feature. After that everything will be back to normal.

- Fixes an issue with `yarn audit` when using workspaces

  [6625](yarnpkg/yarn#6639) - [**Jeff Valore**](https://twitter.com/codingwithspike)

- Uses `NODE_OPTIONS` to instruct Node to load the PnP hook, instead of raw CLI arguments

  **Caveat:** This change might cause issues for PnP users having a space inside their cwd (cf [nodejs/node24065](nodejs/node#24065))

  [6479](yarnpkg/yarn#6629) - [**Maël Nison**](https://twitter.com/arcanis)

- Fixes Gulp when used with Plug'n'Play

  [6623](yarnpkg/yarn#6623) - [**Maël Nison**](https://twitter.com/arcanis)

- Fixes an issue with `yarn audit` when the root package was missing a name

  [6611](yarnpkg/yarn#6611) - [**Jack Zhao**](https://github.com/bugzpodder)

- Fixes an issue with `yarn audit` when a package was depending on an empty range

  [6611](yarnpkg/yarn#6611) - [**Jack Zhao**](https://github.com/bugzpodder)

- Fixes an issue with how symlinks are setup into the cache on Windows

  [6621](yarnpkg/yarn#6621) - [**Yoad Snapir**](https://github.com/yoadsn)

- Upgrades `inquirer`, fixing `upgrade-interactive` for users using both Node 10 and Windows

  [6635](yarnpkg/yarn#6635) - [**Philipp Feigl**](https://github.com/pfeigl)

- Exposes the path to the PnP file using `require.resolve('pnpapi')`

  [6643](yarnpkg/yarn#6643) - [**Maël Nison**](https://twitter.com/arcanis)

## 1.12.2

This release doesn't actually exists and was caused by a quirk in our systems.

## 1.12.1

- Ensures the engine check is ran before showing the UI for `upgrade-interactive`

  [6536](yarnpkg/yarn#6536) - [**Orta Therox**](https://github.com/orta)

- Restores Node v4 support by downgrading `cli-table3`

  [6535](yarnpkg/yarn#6535) - [**Mark Stacey**](https://github.com/Gudahtt)

- Prevents infinite loop when parsing corrupted lockfiles with unterminated strings

  [4965](yarnpkg/yarn#4965) - [**Ryan Hendrickson**](https://github.com/rhendric)

- Environment variables now have to **start** with `YARN_` (instead of just contain it) to be considered

  [6518](yarnpkg/yarn#6518) - [**Michael Gmelin**](https://blog.grem.de)

- Fixes the `extensions` option when used by `resolveRequest`

  [6479](yarnpkg/yarn#6479) - [**Maël Nison**](https://twitter.com/arcanis)

- Fixes handling of empty string entries for `bin` in package.json

  [6515](yarnpkg/yarn#6515) - [**Ryan Burrows**](https://github.com/rhburrows)

- Adds support for basic auth for registries with paths, such as artifactory

  [5322](yarnpkg/yarn#5322) - [**Karolis Narkevicius**](https://twitter.com/KidkArolis)

- Adds 2FA (Two Factor Authentication) support to publish & alike

  [6555](yarnpkg/yarn#6555) - [**Krzysztof Zbudniewek**](https://github.com/neonowy)

- Fixes how the `files` property is interpreted to bring it in line with npm

  [6562](yarnpkg/yarn#6562) - [**Bertrand Marron**](https://github.com/tusbar)

- Fixes Yarn invocations on Darwin when the `yarn` binary was symlinked

  [6568](yarnpkg/yarn#6568) - [**Hidde Boomsma**](https://github.com/hboomsma)

- Fixes `require.resolve` when used together with the `paths` option

  [6565](yarnpkg/yarn#6565) - [**Maël Nison**](https://twitter.com/arcanis)

## 1.12.0

- Adds initial support for PnP on Windows

  [6447](yarnpkg/yarn#6447) - [**John-David Dalton**](https://twitter.com/jdalton)

- Adds `yarn audit` (and the `--audit` flag for all installs)

  [6409](yarnpkg/yarn#6409) - [**Jeff Valore**](https://github.com/rally25rs)

- Adds a special logic to PnP for ESLint compatibility (temporary, until [eslint/eslint10125](eslint/eslint#10125) is fixed)

  [6449](yarnpkg/yarn#6449) - [**Maël Nison**](https://twitter.com/arcanis)

- Makes the PnP hook inject a `process.versions.pnp` variable when setup (equals to `VERSIONS.std`)

  [6464](yarnpkg/yarn#6464) - [**Maël Nison**](https://twitter.com/arcanis)

- Disables by default (configurable) the automatic migration of the `integrity` field. **It will be re-enabled in 2.0.**

  [6465](yarnpkg/yarn#6465) - [**Maël Nison**](https://twitter.com/arcanis)

- Fixes the display name of the faulty package when the NPM registry returns corrupted data

  [6455](yarnpkg/yarn#6455) - [**Grey Baker**](https://github.com/greysteil)

- Prevents crashes when running `yarn outdated` and the NPM registry forgets to return the `latest` tag

  [6454](yarnpkg/yarn#6454) - [**mad-mike**](https://github.com/mad-mike)

- Fixes `yarn run` when used together with workspaces and PnP

  [6444](yarnpkg/yarn#6444) - [**Maël Nison**](https://twitter.com/arcanis)

- Fixes an edge case when peer dependencies were resolved multiple levels deep (`webpack-dev-server`)

  [6443](yarnpkg/yarn#6443) - [**Maël Nison**](https://twitter.com/arcanis)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gudahtt Gudahtt Gudahtt approved these changes

@rally25rs rally25rs rally25rs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rhburrows @Gudahtt @rally25rs