You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Bun toolkit has it's own lockfile, bun.lockb, that Phylum does not support. However, Bun offers an option to generate a Yarn lockfile, which Phylum does support. The Bun-generated Yarn lockfile fails to be parsed by Phylum and it would be great if it could.
This is not a bug, necessarily, since Phylum does not currently claim to support bun or it's Yarn lockfile output.
How to reproduce
Here is a simple yarn-bun.lock lockfile that can be used to illustrate the issue:
Details (click to expand...)
❯ phylum --version
phylum v6.6.6
❯ cat yarn-bun.lock
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
# bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
"@aashutoshrathi/word-wrap@^1.2.3":
version "1.2.6"
resolved "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz"
integrity sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==
❯ phylum parse -t yarn yarn-bun.lock
Generating lockfile for manifest "yarn-bun.lock" using Yarn…
❗ Error: Failed to parse lockfile
Caused by:
0: Failed to parse yarn lockfile
1: 0: at line 3, in TakeUntil:
# bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
^
1: at line 3, in name:
# bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
^
2: at line 3, in entry:
# bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
^
3: at line 3, in Many1:
# bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
^
❗ Error: Could not parse dependency file "yarn-bun.lock" as "yarn" type
Caused by:
Dependency file parsing failed
Workaround
Removing the third line from the "header" allows for parsing again. This is the line starting with # bun ./bun.lockb --hash:
Details (click to expand...)
❯ cat yarn-bun.lock
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
"@aashutoshrathi/word-wrap@^1.2.3":
version "1.2.6"
resolved "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz"
integrity sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==
❯ phylum parse -t yarn yarn-bun.lock
[
{
"name": "@aashutoshrathi/word-wrap",
"version": "1.2.6",
"type": "npm",
"lockfile": "yarn-bun.lock"
}
]
Acceptance Criteria
Yarn lockfiles generated with bun can be parsed/analyzed by Phylum
Documentation is updated to make this claim and/or educate users on this option for using bun
Additional Info
It appears the bun generated Yarn lockfile is in the legacy v1 format, but with the addition of a single line to the "header" which appears to reference the bun.lockb lockfile that was used to generate the Yarn lockfile.
The bun JavaScript package manager has the option to generate yarn
lockfiles, however lockfiles generated by bun contain an additional
header line which caused our existing parser to fail.
To allow our parser to support bun's yarn lockfile format, we now ignore
all lines starting with `#`.
This also fixes an issue with parsing malformed yarn lockfiles, where
all parsing failures were accepted as long as the first specified
package didn't fail parsing, due to the way `many1` works.
Closes#1491.
Overview
The Bun toolkit has it's own lockfile,
bun.lockb
, that Phylum does not support. However, Bun offers an option to generate a Yarn lockfile, which Phylum does support. The Bun-generated Yarn lockfile fails to be parsed by Phylum and it would be great if it could.This is not a bug, necessarily, since Phylum does not currently claim to support
bun
or it's Yarn lockfile output.How to reproduce
Here is a simple
yarn-bun.lock
lockfile that can be used to illustrate the issue:Details (click to expand...)
Workaround
Removing the third line from the "header" allows for parsing again. This is the line starting with
# bun ./bun.lockb --hash:
Details (click to expand...)
Acceptance Criteria
bun
can be parsed/analyzed by Phylumbun
Additional Info
It appears the
bun
generated Yarn lockfile is in the legacy v1 format, but with the addition of a single line to the "header" which appears to reference thebun.lockb
lockfile that was used to generate the Yarn lockfile.References
bun
lockfile documentationbun
documentationbun
main pageThe text was updated successfully, but these errors were encountered: