BREAKING: Build packages with `tsup` #3998

Mrtenz · 2024-02-29T12:48:44Z

Explanation

This changes the build system to build all packages with tsup, instead of tsc. tsc is still used for generating the declaration files and type checking, and tsup is used for building the .js and (new) .mjs files. The benefit of this is that we now have a ESM build as well as a CJS build.

References

See MetaMask/utils#144.

Changelog

`@metamask/accounts-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/address-book-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/announcement-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/approval-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/assets-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/base-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/build-utils`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/composable-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/controller-utils`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/ens-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/eth-json-rpc-provider`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/gas-fee-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/json-rpc-engine`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/json-rpc-middleware-stream`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/keyring-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/logging-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/message-manager`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/name-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/network-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/notification-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/permission-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/permission-log-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/phishing-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/polling-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/preferences-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/queued-request-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/rate-limit-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/selected-network-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/signature-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/transaction-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

`@metamask/user-operation-controller`

BREAKING: Add ESM build.
- It's no longer possible to import files from ./dist directly.

Checklist

I've updated the test suite for new or updated code as appropriate
I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
I've highlighted breaking changes using the "BREAKING" category above as appropriate

socket-security · 2024-02-29T12:50:34Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@esbuild/[email protected]	None	`0`	10.4 MB	evanw
npm/@esbuild/[email protected]	None	`0`	11.5 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.83 MB	evanw
npm/@esbuild/[email protected]	None	`0`	11.5 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.76 MB	evanw
npm/@esbuild/[email protected]	None	`0`	10.2 MB	evanw
npm/@esbuild/[email protected]	None	`0`	8.85 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.61 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.18 MB	evanw
npm/@esbuild/[email protected]	None	`0`	8.85 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.14 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.37 MB	evanw
npm/@esbuild/[email protected]	None	`0`	10.4 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.18 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.11 MB	evanw
npm/@esbuild/[email protected]	None	`0`	10 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.6 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.59 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.62 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.59 MB	evanw
npm/@esbuild/[email protected]	None	`0`	8.98 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.45 MB	evanw
npm/@esbuild/[email protected]	None	`0`	9.81 MB	evanw
npm/@rollup/[email protected]	None	`0`	1.63 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.49 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.43 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.58 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.44 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.49 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.37 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.52 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.72 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.7 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.96 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	2.63 MB	lukastaegert
npm/@rollup/[email protected]	None	`0`	3.47 MB	lukastaegert
npm/[email protected]	None	`0`	22.2 kB	kevinbeaty
npm/[email protected]	None	`0`	5.36 kB	sindresorhus
npm/[email protected]	environment, filesystem, unsafe Transitive: network, shell	`+25`	224 MB	egoist
npm/[email protected]	None	`0`	81.8 kB	egoist
npm/[email protected]	environment, filesystem	`+14`	531 kB	paulmillr
npm/[email protected]	environment, filesystem, network, shell	`+23`	224 MB	evanw
npm/[email protected]	None	`+1`	8.43 kB	sindresorhus
npm/[email protected]	environment, filesystem	`0`	14 kB	egoist
npm/[email protected]	filesystem	`0`	17.7 kB	antonk52
npm/[email protected]	None	`0`	17.1 kB	egoist
npm/[email protected]	None	`0`	75.8 kB	jdalton
npm/[email protected]	filesystem, network, shell	`+4`	52 kB	jongleberry
npm/[email protected]	None	`0`	5.49 kB	sindresorhus
npm/[email protected]	environment, unsafe Transitive: filesystem	`+25`	71.9 MB	ai
npm/[email protected]	None	`+15`	33.6 MB
npm/[email protected]	Transitive: environment, filesystem, network, shell, unsafe	`+41`	3.8 MB	alangpierce
npm/[email protected]	None	`+2`	36.7 kB	dead_horse
npm/[email protected]	None	`+1`	30.1 kB	dead_horse
npm/[email protected]	shell	`0`	7.82 kB	wmhilton
npm/[email protected]	None	`0`	68 kB	dsagal2
npm/[email protected]	environment, eval, filesystem Transitive: network, shell, unsafe	`+158`	335 MB	egoist

View full report↗︎

socket-security · 2024-02-29T12:50:37Z

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Mrtenz · 2024-02-29T12:50:47Z

.yarn/patches/tsup-npm-8.0.2-86e40f68a7.patch

+       const { transform: transform3 } = await Promise.resolve().then(() => require("sucrase"));
+       const result = transform3(code, {
+        // https://github.com/egoist/tsup/issues/1087
+        disableESTransforms: true,


tsup uses sucrase to transpile ESM to CJS (unless tree shaking is enabled, but that breaks source maps), and sucrase enables all polyfills by default. Our environment supports all the features, so we don't need these polyfills. This also improves static analysis in LavaMoat.

Mrtenz · 2024-02-29T12:51:49Z

constraints.pro

+% Published packages must not have side effects.
+gen_enforced_field(WorkspaceCwd, 'sideEffects', false) :-
+  \+ workspace_field(WorkspaceCwd, 'private', true).


I haven't checked every single package for side effects, but it looks like there aren't any. Setting sideEffects: false improves tree shaking in tools like Webpack.

Mrtenz · 2024-02-29T12:56:53Z

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]

These are expected to have shell / network access.

@SocketSecurity ignore npm/[email protected]

New author is ok.

packages/permission-controller/tsconfig.build.json

packages/base-controller/package.json

Mrtenz · 2024-03-06T13:03:21Z

@metamaskbot publish-preview

mcmire

Looks good!

mcmire · 2024-03-07T21:28:26Z

I am not sure why the check failed, but once this branch is updated against main, it should re-run that check. ~~I will re-run it now.~~

Mrtenz commented Feb 29, 2024

View reviewed changes

Mrtenz marked this pull request as ready for review February 29, 2024 13:05

Mrtenz requested review from a team as code owners February 29, 2024 13:05

FrederikBolding reviewed Feb 29, 2024

View reviewed changes

packages/permission-controller/tsconfig.build.json Outdated Show resolved Hide resolved

FrederikBolding previously approved these changes Feb 29, 2024

View reviewed changes

Mrtenz added the DO-NOT-MERGE label Feb 29, 2024

mcmire added the base-controller-breaking-changes label Feb 29, 2024

mcmire mentioned this pull request Mar 1, 2024

[token-detection-controller] Refactor detectTokens method #3938

Merged

3 tasks

mcmire reviewed Mar 4, 2024

View reviewed changes

packages/base-controller/package.json Outdated Show resolved Hide resolved

Mrtenz dismissed FrederikBolding’s stale review via 1c6b9a1 March 6, 2024 13:01

Mrtenz force-pushed the mrtenz/tsup branch from 7926e5e to 1c6b9a1 Compare March 6, 2024 13:01

Mrtenz force-pushed the mrtenz/tsup branch from 0340690 to be5b7e4 Compare March 7, 2024 15:20

mcmire removed the DO-NOT-MERGE label Mar 7, 2024

mcmire approved these changes Mar 7, 2024

View reviewed changes

Mrtenz added 5 commits March 7, 2024 22:27

Build packages with tsup

7655ee4

Update coverage for keyring-controller

9917971

Update coverage for assets-controllers

3ba6a6d

Fix outDir

c18a9ff

Base controller has side effects

f861204

Mrtenz force-pushed the mrtenz/tsup branch from be5b7e4 to f861204 Compare March 7, 2024 21:27

FrederikBolding approved these changes Mar 7, 2024

View reviewed changes

Mrtenz merged commit 87a661d into main Mar 7, 2024
139 checks passed

Mrtenz deleted the mrtenz/tsup branch March 7, 2024 21:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BREAKING: Build packages with `tsup` #3998

BREAKING: Build packages with `tsup` #3998

Mrtenz commented Feb 29, 2024

socket-security bot commented Feb 29, 2024 •

edited

Loading

socket-security bot commented Feb 29, 2024 •

edited

Loading

Mrtenz Feb 29, 2024

Mrtenz Feb 29, 2024

Mrtenz commented Feb 29, 2024

Mrtenz commented Mar 6, 2024

mcmire left a comment

mcmire commented Mar 7, 2024 •

edited

Loading

BREAKING: Build packages with tsup #3998

BREAKING: Build packages with tsup #3998

Conversation

Mrtenz commented Feb 29, 2024

Explanation

References

Changelog

@metamask/accounts-controller

@metamask/address-book-controller

@metamask/announcement-controller

@metamask/approval-controller

@metamask/assets-controller

@metamask/base-controller

@metamask/build-utils

@metamask/composable-controller

@metamask/controller-utils

@metamask/ens-controller

@metamask/eth-json-rpc-provider

@metamask/gas-fee-controller

@metamask/json-rpc-engine

@metamask/json-rpc-middleware-stream

@metamask/keyring-controller

@metamask/logging-controller

@metamask/message-manager

@metamask/name-controller

@metamask/network-controller

@metamask/notification-controller

@metamask/permission-controller

@metamask/permission-log-controller

@metamask/phishing-controller

@metamask/polling-controller

@metamask/preferences-controller

@metamask/queued-request-controller

@metamask/rate-limit-controller

@metamask/selected-network-controller

@metamask/signature-controller

@metamask/transaction-controller

@metamask/user-operation-controller

Checklist

socket-security bot commented Feb 29, 2024 • edited Loading

socket-security bot commented Feb 29, 2024 • edited Loading

Next steps

Mrtenz Feb 29, 2024

Choose a reason for hiding this comment

Mrtenz Feb 29, 2024

Choose a reason for hiding this comment

Mrtenz commented Feb 29, 2024

Mrtenz commented Mar 6, 2024

mcmire left a comment

Choose a reason for hiding this comment

mcmire commented Mar 7, 2024 • edited Loading

BREAKING: Build packages with `tsup` #3998

BREAKING: Build packages with `tsup` #3998

`@metamask/accounts-controller`

`@metamask/address-book-controller`

`@metamask/announcement-controller`

`@metamask/approval-controller`

`@metamask/assets-controller`

`@metamask/base-controller`

`@metamask/build-utils`

`@metamask/composable-controller`

`@metamask/controller-utils`

`@metamask/ens-controller`

`@metamask/eth-json-rpc-provider`

`@metamask/gas-fee-controller`

`@metamask/json-rpc-engine`

`@metamask/json-rpc-middleware-stream`

`@metamask/keyring-controller`

`@metamask/logging-controller`

`@metamask/message-manager`

`@metamask/name-controller`

`@metamask/network-controller`

`@metamask/notification-controller`

`@metamask/permission-controller`

`@metamask/permission-log-controller`

`@metamask/phishing-controller`

`@metamask/polling-controller`

`@metamask/preferences-controller`

`@metamask/queued-request-controller`

`@metamask/rate-limit-controller`

`@metamask/selected-network-controller`

`@metamask/signature-controller`

`@metamask/transaction-controller`

`@metamask/user-operation-controller`

socket-security bot commented Feb 29, 2024 •

edited

Loading

socket-security bot commented Feb 29, 2024 •

edited

Loading

mcmire commented Mar 7, 2024 •

edited

Loading