Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow parsing Yarn lockfiles generated by bun #1491

Closed
1 of 2 tasks
maxrake opened this issue Sep 10, 2024 · 0 comments · Fixed by #1494
Closed
1 of 2 tasks

Allow parsing Yarn lockfiles generated by bun #1491

maxrake opened this issue Sep 10, 2024 · 0 comments · Fixed by #1494
Assignees
@cd-work
Labels
enhancement New feature or request needs triage Needs to be reviewed or assigned

Comments

@maxrake
Copy link
Contributor

maxrake commented Sep 10, 2024
edited
Loading

Overview

The Bun toolkit has it's own lockfile, bun.lockb, that Phylum does not support. However, Bun offers an option to generate a Yarn lockfile, which Phylum does support. The Bun-generated Yarn lockfile fails to be parsed by Phylum and it would be great if it could.

This is not a bug, necessarily, since Phylum does not currently claim to support bun or it's Yarn lockfile output.

How to reproduce

Here is a simple yarn-bun.lock lockfile that can be used to illustrate the issue:

Details (click to expand...) 

❯ phylum --version
phylum v6.6.6

❯ cat yarn-bun.lock
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
# bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008


"@aashutoshrathi/word-wrap@^1.2.3":
  version "1.2.6"
  resolved "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz"
  integrity sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==


❯ phylum parse -t yarn yarn-bun.lock
Generating lockfile for manifest "yarn-bun.lock" using Yarn…
❗ Error: Failed to parse lockfile

Caused by:
    0: Failed to parse yarn lockfile
    1: 0: at line 3, in TakeUntil:
       # bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
       ^

       1: at line 3, in name:
       # bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
       ^

       2: at line 3, in entry:
       # bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
       ^

       3: at line 3, in Many1:
       # bun ./bun.lockb --hash: F7B8FCD3BF239CDC-d0456036d0c49935-8CE7F7B066308833-a6ad583c4212f008
       ^



❗ Error: Could not parse dependency file "yarn-bun.lock" as "yarn" type

Caused by:
    Dependency file parsing failed

Workaround

Removing the third line from the "header" allows for parsing again. This is the line starting with # bun ./bun.lockb --hash:

Details (click to expand...) 

❯ cat yarn-bun.lock
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


"@aashutoshrathi/word-wrap@^1.2.3":
  version "1.2.6"
  resolved "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz"
  integrity sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==


❯ phylum parse -t yarn yarn-bun.lock
[
  {
    "name": "@aashutoshrathi/word-wrap",
    "version": "1.2.6",
    "type": "npm",
    "lockfile": "yarn-bun.lock"
  }
]

Acceptance Criteria

  • Yarn lockfiles generated with bun can be parsed/analyzed by Phylum
  • Documentation is updated to make this claim and/or educate users on this option for using bun

Additional Info

It appears the bun generated Yarn lockfile is in the legacy v1 format, but with the addition of a single line to the "header" which appears to reference the bun.lockb lockfile that was used to generate the Yarn lockfile.

References
@maxrake maxrake added enhancement New feature or request needs triage Needs to be reviewed or assigned labels Sep 10, 2024
@cd-work cd-work self-assigned this Sep 10, 2024
cd-work added a commit that referenced this issue Sep 10, 2024
@cd-work
Add support for bun-generated yarn lockfiles
e89c8e4 
The bun JavaScript package manager has the option to generate yarn
lockfiles, however lockfiles generated by bun contain an additional
header line which caused our existing parser to fail.

To allow our parser to support bun's yarn lockfile format, we now ignore
all lines starting with `#`.

This also fixes an issue with parsing malformed yarn lockfiles, where
all parsing failures were accepted as long as the first specified
package didn't fail parsing, due to the way `many1` works.

Closes #1491.
@cd-work cd-work mentioned this issue Sep 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cd-work cd-work

Labels
enhancement New feature or request needs triage Needs to be reviewed or assigned
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for bun-generated yarn lockfiles phylum-dev/cli
2 participants
@maxrake @cd-work