fix(core): use version range check for yarn tarball packages

nrwl · May 25, 2023 · 0dfe6fc · 0dfe6fc · vercel · May 25, 2023
1 parent 339ae95
commit 0dfe6fc
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 7 deletions.
diff --git a/packages/nx/src/plugins/js/lock-file/yarn-parser.spec.ts b/packages/nx/src/plugins/js/lock-file/yarn-parser.spec.ts
@@ -1187,4 +1187,86 @@ __metadata:
       expect(result).toEqual(lockFile);
     });
   });
+
+  describe('invalid resolved', () => {
+    it('should parse yarn.lock with invalid resolved field', () => {
+      const lockFile = `# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+"@octokit/request-error@^2.0.2", "@octokit/request-error@^2.0.5", "@octokit/request-error@^2.1.0", "@octokit/request-error@^3", "@octokit/request-error@^3.0.0", "@octokit/request-error@^3.0.3":
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/@octokit/request-error/-/request-error-3.0.3.tgz#ef3dd08b8e964e53e55d471acfe00baa892b9c69"
+  integrity sha512-crqw3V5Iy2uOU5Np+8M/YexTlT8zxCfI+qu+LxUB7SZpje4Qmx3mub5DfEKSO8Ylyk0aogi6TYdf6kxzh2BguQ==
+  dependencies:
+    "@octokit/types" "^9.0.0"
+    deprecation "^2.0.0"
+    once "^1.4.0"
+
+"@octokit/types@^6.0.1", "@octokit/types@^6.0.3", "@octokit/types@^6.39.0", "@octokit/types@^6.40.0", "@octokit/types@^8.0.0", "@octokit/types@^9", "@octokit/types@^9.0.0":
+  version "9.2.0"
+  resolved "https://registry.yarnpkg.com/@octokit/types/-/types-9.2.0.tgz#0358e3de070b1d43c5a8af63b9951c88a09fc9ed"
+  integrity sha512-xySzJG4noWrIBFyMu4lg4tu9vAgNg9S0aoLRONhAEz6ueyi1evBzb40HitIosaYS4XOexphG305IVcLrIX/30g==
+  dependencies:
+    "@octokit/openapi-types" "^17.1.0"
+
+"@octokit/[email protected]":
+  version "5.8.0"
+  resolved "https://registry.yarnpkg.com/@octokit/webhooks-types/-/webhooks-types-5.8.0.tgz#b76d1a3e3ad82cec5680d3c6c3443a620047a6ef"
+  integrity sha512-8adktjIb76A7viIdayQSFuBEwOzwhDC+9yxZpKNHjfzrlostHCw0/N7JWpWMObfElwvJMk2fY2l1noENCk9wmw==
+
+"@octokit/webhooks@^9.8.4":
+  version "9.26.0"
+  resolved "https://registry.yarnpkg.com/@octokit/webhooks/-/webhooks-9.26.0.tgz#cf453bb313da3b66f1a90c84464d978e1c625cce"
+  integrity sha512-foZlsgrTDwAmD5j2Czn6ji10lbWjGDVsUxTIydjG9KTkAWKJrFapXJgO5SbGxRwfPd3OJdhK3nA2YPqVhxLXqA==
+  dependencies:
+    "@octokit/request-error" "^2.0.2"
+    "@octokit/webhooks-methods" "^2.0.0"
+    "@octokit/webhooks-types" "5.8.0"
+    aggregate-error "^3.1.0"
+      `;
+      const builder = new ProjectGraphBuilder();
+      parseYarnLockfile(lockFile, builder);
+      const graph = builder.getUpdatedProjectGraph();
+      expect(graph.externalNodes).toMatchInlineSnapshot(`
+        {
+          "npm:@octokit/request-error": {
+            "data": {
+              "hash": "sha512-crqw3V5Iy2uOU5Np+8M/YexTlT8zxCfI+qu+LxUB7SZpje4Qmx3mub5DfEKSO8Ylyk0aogi6TYdf6kxzh2BguQ==",
+              "packageName": "@octokit/request-error",
+              "version": "3.0.3",
+            },
+            "name": "npm:@octokit/request-error",
+            "type": "npm",
+          },
+          "npm:@octokit/types": {
+            "data": {
+              "hash": "sha512-xySzJG4noWrIBFyMu4lg4tu9vAgNg9S0aoLRONhAEz6ueyi1evBzb40HitIosaYS4XOexphG305IVcLrIX/30g==",
+              "packageName": "@octokit/types",
+              "version": "9.2.0",
+            },
+            "name": "npm:@octokit/types",
+            "type": "npm",
+          },
+          "npm:@octokit/webhooks": {
+            "data": {
+              "hash": "sha512-foZlsgrTDwAmD5j2Czn6ji10lbWjGDVsUxTIydjG9KTkAWKJrFapXJgO5SbGxRwfPd3OJdhK3nA2YPqVhxLXqA==",
+              "packageName": "@octokit/webhooks",
+              "version": "9.26.0",
+            },
+            "name": "npm:@octokit/webhooks",
+            "type": "npm",
+          },
+          "npm:@octokit/webhooks-types": {
+            "data": {
+              "hash": "sha512-8adktjIb76A7viIdayQSFuBEwOzwhDC+9yxZpKNHjfzrlostHCw0/N7JWpWMObfElwvJMk2fY2l1noENCk9wmw==",
+              "packageName": "@octokit/webhooks-types",
+              "version": "5.8.0",
+            },
+            "name": "npm:@octokit/webhooks-types",
+            "type": "npm",
+          },
+        }
+      `);
+    });
+  });
 });
diff --git a/packages/nx/src/plugins/js/lock-file/yarn-parser.ts b/packages/nx/src/plugins/js/lock-file/yarn-parser.ts
@@ -2,13 +2,13 @@ import { parseSyml, stringifySyml } from '@yarnpkg/parsers';
 import { stringify } from '@yarnpkg/lockfile';
 import { getHoistedPackageVersion } from './utils/package-json';
 import { ProjectGraphBuilder } from '../../../project-graph/project-graph-builder';
-import { satisfies } from 'semver';
+import { satisfies, Range } from 'semver';
 import { NormalizedPackageJson } from './utils/package-json';
 import {
   ProjectGraph,
   ProjectGraphExternalNode,
 } from '../../../config/project-graph';
-import { fileHasher, hashArray } from '../../../hasher/impl';
+import { hashArray } from '../../../hasher/impl';
 import { sortObjectByKeys } from '../../../utils/object-sort';
 
 /**
@@ -141,17 +141,24 @@ function findVersion(
   ) {
     return snapshot.resolution.slice(packageName.length + 1);
   }
-  if (
-    !isBerry &&
-    snapshot.resolved &&
-    !satisfies(snapshot.version, versionRange)
-  ) {
+
+  if (!isBerry && snapshot.resolved && !isValidVersionRange(versionRange)) {
     return snapshot.resolved;
   }
   // otherwise it's a standard version
   return snapshot.version;
 }
 
+// check if value can be parsed as a semver range
+function isValidVersionRange(versionRange: string): boolean {
+  try {
+    new Range(versionRange);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 function getHoistedVersion(packageName: string): string {
   const version = getHoistedPackageVersion(packageName);
   if (version) {