1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-22 09:23:21 +01:00

Switch from npm to yarn (#6843)

As a solution to the constant lockfile churn issues we've had with
`npm`, the project now uses `yarn` to manage dependencies.

The `package-lock.json` file has been replaced with `yarn.lock`, which
was created using `yarn import`. It should approximate the contents of
`package-lock.json` fairly well, though there may be some changes due to
deduplication. The codeowners file has been updated to reference this
new lockfile.

All documentation and npm scripts have been updated to reference `yarn`
rather than `npm`. Note that running scripts using `npm run` still works
fine, but it seemed better to switch those to `yarn` as well to avoid
confusion.

The `npm-audit` Bash script has been replaced with `yarn-audit`. The
output of `yarn audit` is a bit different than `npm audit` in that it
returns a bitmask to describe which severity issues were found. This
made it simpler to check the results directly from the Bash script, so
the associated `npm-audit-check.js` script was no longer required. The
output should be exactly the same, and the information is still sourced
from the same place (the npm registry).

The new `yarn-audit` script does have an external dependency: `jq`.
However, `jq` is already assumed to be present by another CI script, and
is present on all CI images we use. `jq` was not added to `package.json`
as a dependency because there is no official package on the npm
registry, just wrapper scripts. We don't need it anywhere exept on CI
anyway.

The section in `CONTRIBUTING` about how to develop inside the
`node_modules` folder was removed, as the advice was a bit dated, and
wasn't specific to this project anyway.
This commit is contained in:
Mark Stacey 2019-07-30 15:36:23 -03:00 committed by GitHub
parent 618c1caf40
commit 1fd3dc9ecf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 23322 additions and 56044 deletions

View File

@ -9,11 +9,11 @@ workflows:
branches:
only:
- /^Version-v(\d+)[.](\d+)[.](\d+)/
- prep-deps-npm
- prep-deps
- test-deps
- prep-build:
requires:
- prep-deps-npm
- prep-deps
- create_github_release:
requires:
- prep-build
@ -23,33 +23,33 @@ workflows:
- develop
# - prep-docs:
# requires:
# - prep-deps-npm
# - prep-deps
- prep-scss:
requires:
- prep-deps-npm
- prep-deps
- test-lint:
requires:
- prep-deps-npm
- prep-deps
- test-e2e-chrome:
requires:
- prep-deps-npm
- prep-deps
- test-e2e-firefox:
requires:
- prep-deps-npm
- prep-deps
- test-unit:
requires:
- prep-deps-npm
- prep-deps
- test-mozilla-lint:
requires:
- prep-deps-npm
- prep-deps
- prep-build
- test-integration-flat-chrome:
requires:
- prep-deps-npm
- prep-deps
- prep-scss
- test-integration-flat-firefox:
requires:
- prep-deps-npm
- prep-deps
- prep-scss
- all-tests-pass:
requires:
@ -62,7 +62,7 @@ workflows:
- test-integration-flat-firefox
- job-publish-prerelease:
requires:
- prep-deps-npm
- prep-deps
- prep-build
- all-tests-pass
- job-publish-release:
@ -70,7 +70,7 @@ workflows:
branches:
only: master
requires:
- prep-deps-npm
- prep-deps
- prep-build
# - prep-docs
- all-tests-pass
@ -88,18 +88,15 @@ jobs:
.circleci/scripts/release-bump-manifest-version
.circleci/scripts/release-create-release-pr
prep-deps-npm:
prep-deps:
docker:
- image: circleci/node:10.16-browsers
steps:
- checkout
- run:
name: Update npm
command: sudo npm install -g npm@6.10.2
- run:
name: Install deps via npm
name: Install deps
command: |
npm ci
yarn --frozen-lockfile
- persist_to_workspace:
root: .
paths:
@ -114,7 +111,7 @@ jobs:
at: .
- run:
name: build:dist
command: npm run dist
command: yarn dist
- run:
name: build:debug
command: find dist/ -type f -exec md5sum {} \; | sort -k 2
@ -133,7 +130,7 @@ jobs:
at: .
- run:
name: build:dist
command: npm run doc
command: yarn doc
- persist_to_workspace:
root: .
paths:
@ -152,7 +149,7 @@ jobs:
command: find ui/app/css -type f -exec md5sum {} \; | sort -k 2 > scss_checksum
- run:
name: Build for integration tests
command: npm run test:integration:build
command: yarn test:integration:build
- persist_to_workspace:
root: .
paths:
@ -167,7 +164,7 @@ jobs:
at: .
- run:
name: Test
command: npm run lint
command: yarn lint
test-deps:
docker:
@ -177,11 +174,8 @@ jobs:
- attach_workspace:
at: .
- run:
name: Update npm
command: sudo npm install -g npm@6.10.2
- run:
name: npm audit
command: .circleci/scripts/npm-audit
name: yarn audit
command: .circleci/scripts/yarn-audit
test-e2e-chrome:
docker:
@ -192,7 +186,7 @@ jobs:
at: .
- run:
name: test:e2e:chrome
command: npm run build:test && npm run test:e2e:chrome
command: yarn build:test && yarn test:e2e:chrome
no_output_timeout: 20m
- store_artifacts:
path: test-artifacts
@ -210,7 +204,7 @@ jobs:
at: .
- run:
name: test:e2e:firefox
command: npm run build:test && npm run test:e2e:chrome
command: yarn build:test && yarn test:e2e:chrome
no_output_timeout: 20m
- store_artifacts:
path: test-artifacts
@ -245,13 +239,13 @@ jobs:
at: .
- run:
name: sentry sourcemaps upload
command: npm run sentry:publish
command: yarn sentry:publish
# - run:
# name: github gh-pages docs publish
# command: >
# git config --global user.name "metamaskbot" &&
# git config --global user.email "admin@metamask.io" &&
# npm run publish-docs
# yarn publish-docs
test-unit:
docker:
@ -262,7 +256,7 @@ jobs:
at: .
- run:
name: test:coverage
command: npm run test:coverage
command: yarn test:coverage
test-mozilla-lint:
docker:
- image: circleci/node:10.16-browsers
@ -272,7 +266,7 @@ jobs:
at: .
- run:
name: test:mozilla-lint
command: NODE_OPTIONS=--max_old_space_size=3072 npm run mozilla-lint
command: NODE_OPTIONS=--max_old_space_size=3072 yarn mozilla-lint
test-integration-flat-firefox:
docker:
@ -286,7 +280,7 @@ jobs:
command: ./.circleci/scripts/firefox-install
- run:
name: test:integration:flat
command: npm run test:flat
command: yarn test:flat
test-integration-flat-chrome:
environment:
@ -299,7 +293,7 @@ jobs:
at: .
- run:
name: test:integration:flat
command: npm run test:flat
command: yarn test:flat
all-tests-pass:
docker:

View File

@ -1,12 +0,0 @@
#!/usr/bin/env bash
set -e
set -u
set -o pipefail
if ! npm audit --production
then
! npm audit --production --json > audit.json
printf '%s\n' ''
node .circleci/scripts/npm-audit-check.js
fi

View File

@ -1,24 +0,0 @@
const path = require('path')
const audit = require(path.join(__dirname, '..', '..', 'audit.json'))
const error = audit.error
const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k])
if (error) {
process.exit(1)
}
let count = 0
for (const advisory of advisories) {
if (advisory.severity === 'low') {
continue
}
count += advisory.findings.length
}
if (count > 0) {
console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`)
process.exit(1)
} else {
console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`)
}

20
.circleci/scripts/yarn-audit Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -u
set -o pipefail
yarn audit --level moderate --groups dependencies
audit_status="$?"
# Use a bitmask to ignore INFO and LOW severity audit results
# See here: https://yarnpkg.com/lang/en/docs/cli/audit/
audit_status="$(( audit_status & 11100 ))"
if [[ "$audit_status" != 0 ]]
then
count="$(yarn audit --level moderate --groups dependencies --json | tail -1 | jq '.data.vulnerabilities.moderate + .data.vulnerabilities.high + .data.vulnerabilities.critical')"
printf "Audit shows %s moderate or high severity advisories _in the production dependencies_\n" "$count"
exit 1
else
printf "Audit shows _zero_ moderate or high severity advisories _in the production dependencies_\n"
fi

3
.github/CODEOWNERS vendored
View File

@ -1,7 +1,8 @@
# Lines starting with '#' are comments.
# Each line is a file pattern followed by one or more owners.
package*.json @whymarrh
package.json @whymarrh
yarn.lock @whymarrh
ui/ @danjm @whymarrh @Gudahtt
app/scripts/controllers/transactions @frankiebee

3
.gitignore vendored
View File

@ -1,6 +1,7 @@
npm-debug.log
yarn-error.log
node_modules
yarn.lock
package-lock.json
audit.json

View File

@ -1,8 +1,8 @@
# Storybook
We're currently using [Storybook](https://storybook.js.org/) as part of our design system. To run Storybook and test some of our UI components, clone the repo and run the following:
```
npm install
npm run storybook
yarn
yarn storybook
```
You should then see:
> info Storybook started on => http://localhost:6006/

View File

@ -22,30 +22,3 @@ When you're done with your project / bugfix / feature and ready to submit a PR,
- [ ] **Get reviewed by a core contributor**: Make sure you get a `:thumbsup`, `:+1`, or `LGTM` from a user with a `Member` badge before merging.
And that's it! Thanks for helping out.
### Developing inside a node_modules folder
First make sure you are comfortable with [how require works](https://github.com/maxogden/art-of-node#how-require-works) in node.
We recommend creating a folder somewhere manually called `node_modules`. For example in `~/code/node_modules`. Clone all of your git copies of modules that you want to work on into here, so for example:
- `~/code/node_modules/dat`
- `~/code/node_modules/hyperdrive`
When you run `npm install` inside of `~/code/node_modules/dat`, dat will get its own copy of `hyperdrive` (one if its dependencies) inside `~/code/node_modules/dat/node_modules`. However, if you encounter a bug in hyperdrive that you need to fix, but you want to test your fix in dat, you want dat to use your git copy of hyperdrive at `~/code/node_modules/hyperdrive` and not the npm copy of hyperdrive at `~/code/node_modules/dat/node_modules/hyperdrive`.
How do you get dat to use the git copy of hyperdrive? Just delete the npm copy!
```
rm -rf ~/code/node_modules/dat/node_modules/hyperdrive
```
Now when you run dat, and it tries to `require('hyperdrive')` it first looks in its own `node_modules` folder at `~/code/node_modules/dat/node_modules` but doesnt find hyperdrive. So it goes up to `~/code/node_modules` and finds `hyperdrive` there and uses that one, your git copy.
If you want to switch back to an npm copy, just run `npm install` inside `~/code/node_modules/dat/` and npm will download any missing modules into `~/code/node_modules/dat/node_modules` but wont touch anything in `~/code/node_modules`.
This might seem a bit complicated at first, but is simple once you get the hang of it. Here are some rules to help you get started:
- Never make any meaningful edits to code inside an "npm-managed" node_modules folder (such as `~/code/node_modules/dat/node_modules`), because when you run `npm install` inside those folders it could inadvertently delete all of your edits when installing an updated copy of a module. This has happened to me many times, so I just always use my git copy and delete the npm copy (as described above) to make edits to a module.
- You should never need to run any npm commands in terminal when at your "manually managed"" node_modules folder at `~/code/node_modules`. Never running npm commands at that folder also prevents npm from accidentally erasing your git copies of modules
- The location of your "manually managed" node_modules folder should be somewhere isolated from your normal require path. E.g. if you put it at `~/node_modules`, then when you run `npm install dat` at `~/Desktop` npm might decide to erase your git copy of dat at `~/node_modules/dat` and replace it with a copy from npm, which could make you lose work. Putting your manually managed `node_modules` folder in a sub-folder like `~/code` gets it "out of the way" and prevents accidents like that from happening.

View File

@ -11,16 +11,14 @@ To learn how to contribute to the MetaMask project itself, visit our [Internal D
## Building locally
- Install [Node.js](https://nodejs.org) version 10 and the latest available npm@6
- Install [Node.js](https://nodejs.org) version 10
- If you are using [nvm](https://github.com/creationix/nvm#installation) (recommended) running `nvm use` will automatically choose the right node version for you.
- If you install Node.js manually, ensure you're using npm@6
- Install npm@6 using `npm install -g npm@6`
- Install dependencies: `npm ci`
- If you have issues with node-sass compilation, try `npm rebuild node-sass`
- Build the project to the `./dist/` folder with `npm run dist`.
- Optionally, to start a development build (e.g. with logging and file watching) run `npm start` instead.
- Install [Yarn](https://yarnpkg.com/en/docs/install)
- Install dependencies: `yarn`
- Build the project to the `./dist/` folder with `yarn dist`.
- Optionally, to start a development build (e.g. with logging and file watching) run `yarn start` instead.
- To start the [React DevTools](https://github.com/facebook/react-devtools) and [Redux DevTools Extension](http://extension.remotedev.io)
alongside the app, use `npm run start:dev`.
alongside the app, use `yarn start:dev`.
- React DevTools will open in a separate window; no browser extension is required
- Redux DevTools will need to be installed as a browser extension. Open the Redux Remote Devtools to access Redux state logs. This can be done by either right clicking within the web browser to bring up the context menu, expanding the Redux DevTools panel and clicking Open Remote DevTools OR clicking the Redux DevTools extension icon and clicking Open Remote DevTools.
- You will also need to check the "Use custom (local) server" checkbox in the Remote DevTools Settings, using the default server configuration (host `localhost`, port `8000`, secure connection checkbox unchecked)
@ -31,15 +29,15 @@ Uncompressed builds can be found in `/dist`, compressed builds can be found in `
You can read [our internal docs here](https://metamask.github.io/metamask-extension/).
You can re-generate the docs locally by running `npm run doc`, and contributors can update the hosted docs by running `npm run publish-docs`.
You can re-generate the docs locally by running `yarn doc`, and contributors can update the hosted docs by running `yarn publish-docs`.
### Running Tests
Run tests with `npm test`.
Run tests with `yarn test`.
You can also test with a continuously watching process, via `npm run watch`.
You can also test with a continuously watching process, via `yarn watch`.
You can run the linter by itself with `npm run lint`.
You can run the linter by itself with `yarn lint`.
## Architecture
@ -48,14 +46,14 @@ You can run the linter by itself with `npm run lint`.
## Development
```bash
npm install
npm start
yarn
yarn start
```
## Build for Publishing
```bash
npm run dist
yarn dist
```
#### Writing Browser Tests

View File

@ -5,7 +5,7 @@ echo "Rolling back to version $1"
# Checkout branch to increment version
git checkout -b version-increment-$1
npm run version:bump patch
yarn version:bump patch
# Store the new version name
NEW_VERSION=$(cat app/manifest.json | jq -r .version)

View File

@ -1,7 +1,7 @@
# How to Bump MetaMask's Version Automatically
```
npm run version:bump patch
yarn version:bump patch
```
MetaMask publishes using a loose [semver](https://semver.org/) interpretation. We divide the three segments of our version into three types of version bump:
@ -20,7 +20,7 @@ Means a fix for a bug, or correcting something that should have been assumed to
# Bumping the version
`npm run version:bump $BUMP_TYPE` where `$BUMP_TYPE` is one of `major`, `minor`, or `patch`.
`yarn version:bump $BUMP_TYPE` where `$BUMP_TYPE` is one of `major`, `minor`, or `patch`.
This will increment the version in the `app/manifest.json` and `CHANGELOG.md` files according to our current protocol, where the manifest's version is updated, and any line items currently under the changelog's "master" section are now under the new dated version section.

View File

@ -3,7 +3,7 @@
To enjoy the live-reloading that `gulp dev` offers while working on the dependencies:
1. Clone the dependency locally.
2. `npm install` in its folder.
3. Run `npm link` in its folder.
4. Run `npm link $DEP_NAME` in this project folder.
5. Next time you `npm start` it will watch the dependency for changes as well!
2. `npm install` or `yarn install` in its folder.
3. Run `yarn link` in its folder.
4. Run `yarn link $DEP_NAME` in this project folder.
5. Next time you `yarn start` it will watch the dependency for changes as well!

View File

@ -41,7 +41,7 @@ With each pull request, the @MetaMaskBot will comment with a build of that new p
3. Publish to [firefox addon marketplace](http://addons.mozilla.org/en-us/firefox/addon/ether-metamask).
4. Publish to [Opera store](https://addons.opera.com/en/extensions/details/metamask/).
5. Post on [Github releases](https://github.com/MetaMask/metamask-extension/releases) page.
6. Run the `npm run announce` script, and post that announcement in our public places.
6. Run the `yarn announce` script, and post that announcement in our public places.
## Hotfix Differences

File diff suppressed because it is too large Load Diff

View File

@ -9,26 +9,26 @@
"publish-docs": "gh-pages -d docs/jsdocs",
"start:test": "gulp dev:test",
"build:test": "gulp build:test",
"test": "npm run test:unit && npm run lint",
"test": "yarn test:unit && yarn lint",
"dapp": "static-server test/e2e/contract-test --port 8080",
"dapp-chain": "GANACHE_ARGS='-b 2' concurrently -k -n ganache,dapp -p '[{time}][{name}]' 'npm run ganache:start' 'sleep 5 && static-server test/e2e/contract-test --port 8080'",
"watch:test:unit": "nodemon --exec \"npm run test:unit\" ./test ./app ./ui",
"dapp-chain": "GANACHE_ARGS='-b 2' concurrently -k -n ganache,dapp -p '[{time}][{name}]' 'yarn ganache:start' 'sleep 5 && static-server test/e2e/contract-test --port 8080'",
"watch:test:unit": "nodemon --exec \"yarn test:unit\" ./test ./app ./ui",
"test:unit": "cross-env METAMASK_ENV=test mocha --exit --require test/setup.js --recursive \"test/unit/**/*.js\" \"ui/app/**/*.test.js\"",
"test:single": "cross-env METAMASK_ENV=test mocha --require test/helper.js",
"test:integration": "npm run test:integration:build && npm run test:flat",
"test:integration": "yarn test:integration:build && yarn test:flat",
"test:integration:build": "gulp build:scss",
"test:e2e:chrome": "SELENIUM_BROWSER=chrome test/e2e/run-all.sh",
"test:web3:chrome": "SELENIUM_BROWSER=chrome test/e2e/run-web3.sh",
"test:web3:firefox": "SELENIUM_BROWSER=firefox test/e2e/run-web3.sh",
"test:e2e:firefox": "SELENIUM_BROWSER=firefox test/e2e/run-all.sh",
"test:coverage": "nyc --reporter=text --reporter=html npm run test:unit && npm run test:coveralls-upload",
"test:coverage": "nyc --reporter=text --reporter=html npm run test:unit && yarn test:coveralls-upload",
"test:coveralls-upload": "if [ $COVERALLS_REPO_TOKEN ]; then nyc report --reporter=text-lcov | coveralls; fi",
"test:flat": "npm run test:flat:build && karma start test/flat.conf.js",
"test:flat:build": "npm run test:flat:build:ui && npm run test:flat:build:tests && npm run test:flat:build:locales",
"test:flat": "yarn test:flat:build && karma start test/flat.conf.js",
"test:flat:build": "yarn test:flat:build:ui && yarn test:flat:build:tests && yarn test:flat:build:locales",
"test:flat:build:tests": "node test/integration/index.js",
"test:flat:build:states": "node development/genStates.js",
"test:flat:build:locales": "mkdirp dist/chrome && cp -R app/_locales dist/chrome/_locales",
"test:flat:build:ui": "npm run test:flat:build:states && browserify --transform babelify --transform brfs ./development/mock-dev.js -o ./development/bundle.js",
"test:flat:build:ui": "yarn test:flat:build:states && browserify --transform babelify --transform brfs ./development/mock-dev.js -o ./development/bundle.js",
"ganache:start": "./development/run-ganache",
"sentry:publish": "node ./development/sentry-publish.js",
"lint": "eslint . --ext js,json",
@ -37,7 +37,7 @@
"watch": "cross-env METAMASK_ENV=test mocha --watch --require test/setup.js --reporter min --recursive \"test/unit/**/*.js\" \"ui/app/**/*.test.js\"",
"devtools:react": "react-devtools",
"devtools:redux": "remotedev --hostname=localhost --port=8000",
"start:dev": "concurrently -k -n build,react,redux npm:start npm:devtools:react npm:devtools:redux",
"start:dev": "concurrently -k -n build,react,redux yarn:start yarn:devtools:react yarn:devtools:redux",
"announce": "node development/announcer.js",
"version:bump": "node development/run-version-bump.js",
"storybook": "start-storybook -p 6006 -c .storybook",
@ -272,7 +272,7 @@
"watchify": "^3.11.1"
},
"engines": {
"node": "10.16.0",
"npm": "^6.9.0"
"node": "^10.16.0",
"yarn": "^1.16.0"
}
}

View File

@ -12,16 +12,16 @@ concurrently --kill-others \
--names 'ganache,dapp,e2e' \
--prefix '[{time}][{name}]' \
--success first \
'npm run ganache:start' \
'npm run dapp' \
'yarn ganache:start' \
'yarn dapp' \
'sleep 5 && mocha test/e2e/metamask-ui.spec'
concurrently --kill-others \
--names 'ganache,dapp,e2e' \
--prefix '[{time}][{name}]' \
--success first \
'npm run ganache:start' \
'npm run dapp' \
'yarn ganache:start' \
'yarn dapp' \
'sleep 5 && mocha test/e2e/metamask-responsive-ui.spec'
export GANACHE_ARGS="$GANACHE_ARGS --deterministic --account=0x53CB0AB5226EEBF4D872113D98332C1555DC304443BEE1CF759D15798D3C55A9,25000000000000000000"
@ -29,5 +29,5 @@ concurrently --kill-others \
--names 'ganache,e2e' \
--prefix '[{time}][{name}]' \
--success first \
'npm run ganache:start' \
'yarn ganache:start' \
'sleep 5 && mocha test/e2e/from-import-ui.spec'

23229
yarn.lock Normal file

File diff suppressed because it is too large Load Diff