diff --git a/packages/mono-pub/package.json b/packages/mono-pub/package.json index bd258ba..cf8f1bd 100644 --- a/packages/mono-pub/package.json +++ b/packages/mono-pub/package.json @@ -66,7 +66,7 @@ "typescript": "^5.0.4" }, "dependencies": { - "glob": "^10.2.2", + "globby": "^11.1.0", "lodash": "^4.17.21", "signale": "^1.4.0" }, diff --git a/packages/mono-pub/src/utils/path.spec.ts b/packages/mono-pub/src/utils/path.spec.ts index 4a5b2f4..8e0d6a0 100644 --- a/packages/mono-pub/src/utils/path.spec.ts +++ b/packages/mono-pub/src/utils/path.spec.ts @@ -36,6 +36,11 @@ describe('getAllPackages', () => { expect(packages).toHaveLength(3) expect(packages).toEqual(expectContainingPackages(['pkg1', 'pkg3', 'lib1'], 'filtering')) }) + it('Should work with negative globs', async () => { + const packages = await getAllPackages(['packages/*', '!packages/pkg3'], cwd) + expect(packages).toHaveLength(1) + expect(packages).toEqual(expectContainingPackages(['pkg1'], 'filtering')) + }) it('Should work with relative and absolute paths to package.json', async () => { const packages = await getAllPackages( ['packages/pkg1/package.json', path.join(cwd, 'libs/lib1/package.json')], diff --git a/packages/mono-pub/src/utils/path.ts b/packages/mono-pub/src/utils/path.ts index 50d2adb..636bf0d 100644 --- a/packages/mono-pub/src/utils/path.ts +++ b/packages/mono-pub/src/utils/path.ts @@ -1,6 +1,6 @@ import path from 'path' import fs, { promises as fsPromises } from 'fs' -import { glob } from 'glob' +import globby from 'globby' import uniq from 'lodash/uniq' import get from 'lodash/get' import type { BasePackageInfo } from '@/types' @@ -21,14 +21,20 @@ async function _scanPackage(filePath: string): Promise { } export async function getAllPackages(paths: Array, cwd: string): Promise> { - const matches = await glob(paths, { cwd, stat: true, withFileTypes: true }) + const matches = await globby(paths, { + cwd, + expandDirectories: false, + onlyFiles: false, + absolute: true, + objectMode: true, + }) const fileNames: Array = [] for (const match of matches) { - if (match.isFile() && match.name === 'package.json') { - fileNames.push(match.fullpath()) - } else if (match.isDirectory()) { - const fullPath = match.fullpath() + if (match.dirent.isFile() && path.basename(match.name) === 'package.json') { + fileNames.push(match.path) + } else if (match.dirent.isDirectory()) { + const fullPath = match.path // NOTE: Repo traversal is a part of package logic // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal const pkgPath = path.join(fullPath, 'package.json') diff --git a/yarn.lock b/yarn.lock index 65fc4ad..d1129b9 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2031,6 +2031,13 @@ __metadata: languageName: node linkType: hard +"array-union@npm:^2.1.0": + version: 2.1.0 + resolution: "array-union@npm:2.1.0" + checksum: 5bee12395cba82da674931df6d0fea23c4aa4660cb3b338ced9f828782a65caa232573e6bf3968f23e0c5eb301764a382cef2f128b170a9dc59de0e36c39f98d + languageName: node + linkType: hard + "array.prototype.findlastindex@npm:^1.2.5": version: 1.2.5 resolution: "array.prototype.findlastindex@npm:1.2.5" @@ -2219,6 +2226,15 @@ __metadata: languageName: node linkType: hard +"braces@npm:^3.0.3": + version: 3.0.3 + resolution: "braces@npm:3.0.3" + dependencies: + fill-range: ^7.1.1 + checksum: b95aa0b3bd909f6cd1720ffcf031aeaf46154dd88b4da01f9a1d3f7ea866a79eba76a6d01cbc3c422b2ee5cdc39a4f02491058d5df0d7bf6e6a162a832df1f69 + languageName: node + linkType: hard + "browserslist@npm:^4.21.3": version: 4.21.5 resolution: "browserslist@npm:4.21.5" @@ -2735,6 +2751,15 @@ __metadata: languageName: node linkType: hard +"dir-glob@npm:^3.0.1": + version: 3.0.1 + resolution: "dir-glob@npm:3.0.1" + dependencies: + path-type: ^4.0.0 + checksum: fa05e18324510d7283f55862f3161c6759a3f2f8dbce491a2fc14c8324c498286c54282c1f0e933cb930da8419b30679389499b919122952a4f8592362ef4615 + languageName: node + linkType: hard + "doctrine@npm:^2.1.0": version: 2.1.0 resolution: "doctrine@npm:2.1.0" @@ -3323,6 +3348,19 @@ __metadata: languageName: node linkType: hard +"fast-glob@npm:^3.2.9": + version: 3.3.3 + resolution: "fast-glob@npm:3.3.3" + dependencies: + "@nodelib/fs.stat": ^2.0.2 + "@nodelib/fs.walk": ^1.2.3 + glob-parent: ^5.1.2 + merge2: ^1.3.0 + micromatch: ^4.0.8 + checksum: 0704d7b85c0305fd2cef37777337dfa26230fdd072dce9fb5c82a4b03156f3ffb8ed3e636033e65d45d2a5805a4e475825369a27404c0307f2db0c8eb3366fbd + languageName: node + linkType: hard + "fast-glob@npm:^3.3.1, fast-glob@npm:^3.3.2": version: 3.3.2 resolution: "fast-glob@npm:3.3.2" @@ -3407,6 +3445,15 @@ __metadata: languageName: node linkType: hard +"fill-range@npm:^7.1.1": + version: 7.1.1 + resolution: "fill-range@npm:7.1.1" + dependencies: + to-regex-range: ^5.0.1 + checksum: b4abfbca3839a3d55e4ae5ec62e131e2e356bf4859ce8480c64c4876100f4df292a63e5bb1618e1d7460282ca2b305653064f01654474aa35c68000980f17798 + languageName: node + linkType: hard + "find-up@npm:^2.0.0": version: 2.1.0 resolution: "find-up@npm:2.1.0" @@ -3652,21 +3699,6 @@ __metadata: languageName: node linkType: hard -"glob@npm:^10.2.2": - version: 10.2.2 - resolution: "glob@npm:10.2.2" - dependencies: - foreground-child: ^3.1.0 - jackspeak: ^2.0.3 - minimatch: ^9.0.0 - minipass: ^5.0.0 - path-scurry: ^1.7.0 - bin: - glob: dist/cjs/src/bin.js - checksum: 33cbbbea74deb605107715f2ee51937953271ff2f6ce712b57d95a714e2f1bf272fa2c2b0c5101097bf98d3e5d40856941af498b05bce07567aca1a6e3cc7ae9 - languageName: node - linkType: hard - "glob@npm:^10.3.10": version: 10.4.5 resolution: "glob@npm:10.4.5" @@ -3734,6 +3766,20 @@ __metadata: languageName: node linkType: hard +"globby@npm:^11.1.0": + version: 11.1.0 + resolution: "globby@npm:11.1.0" + dependencies: + array-union: ^2.1.0 + dir-glob: ^3.0.1 + fast-glob: ^3.2.9 + ignore: ^5.2.0 + merge2: ^1.4.1 + slash: ^3.0.0 + checksum: b4be8885e0cfa018fc783792942d53926c35c50b3aefd3fdcfb9d22c627639dc26bd2327a40a0b74b074100ce95bb7187bfeae2f236856aa3de183af7a02aea6 + languageName: node + linkType: hard + "gopd@npm:^1.0.1, gopd@npm:^1.1.0, gopd@npm:^1.2.0": version: 1.2.0 resolution: "gopd@npm:1.2.0" @@ -4382,19 +4428,6 @@ __metadata: languageName: node linkType: hard -"jackspeak@npm:^2.0.3": - version: 2.1.1 - resolution: "jackspeak@npm:2.1.1" - dependencies: - "@pkgjs/parseargs": ^0.11.0 - cliui: ^8.0.1 - dependenciesMeta: - "@pkgjs/parseargs": - optional: true - checksum: ddd1a41c613dd12ec1a3568dd014e42d166f7f007e0d6ea3bf1d1d0f5480147c17ff27606e9131aa23489849e67bd6abf0b8cff90b17fa65271a35cbf74b2b1e - languageName: node - linkType: hard - "jackspeak@npm:^3.1.2": version: 3.4.3 resolution: "jackspeak@npm:3.4.3" @@ -5140,13 +5173,6 @@ __metadata: languageName: node linkType: hard -"lru-cache@npm:^9.0.0": - version: 9.1.1 - resolution: "lru-cache@npm:9.1.1" - checksum: 4d703bb9b66216bbee55ead82a9682820a2b6acbdfca491b235390b1ef1056000a032d56dfb373fdf9ad4492f1fa9d04cc9a05a77f25bd7ce6901d21ad9b68b7 - languageName: node - linkType: hard - "make-dir@npm:^3.0.0": version: 3.1.0 resolution: "make-dir@npm:3.1.0" @@ -5236,7 +5262,7 @@ __metadata: languageName: node linkType: hard -"merge2@npm:^1.3.0": +"merge2@npm:^1.3.0, merge2@npm:^1.4.1": version: 1.4.1 resolution: "merge2@npm:1.4.1" checksum: 7268db63ed5169466540b6fb947aec313200bcf6d40c5ab722c22e242f651994619bcd85601602972d3c85bd2cc45a358a4c61937e9f11a061919a1da569b0c2 @@ -5253,6 +5279,16 @@ __metadata: languageName: node linkType: hard +"micromatch@npm:^4.0.8": + version: 4.0.8 + resolution: "micromatch@npm:4.0.8" + dependencies: + braces: ^3.0.3 + picomatch: ^2.3.1 + checksum: 79920eb634e6f400b464a954fcfa589c4e7c7143209488e44baf627f9affc8b1e306f41f4f0deedde97e69cb725920879462d3e750ab3bd3c1aed675bb3a8966 + languageName: node + linkType: hard + "mimic-fn@npm:^2.1.0": version: 2.1.0 resolution: "mimic-fn@npm:2.1.0" @@ -5285,15 +5321,6 @@ __metadata: languageName: node linkType: hard -"minimatch@npm:^9.0.0": - version: 9.0.0 - resolution: "minimatch@npm:9.0.0" - dependencies: - brace-expansion: ^2.0.1 - checksum: 7bd57899edd1d1b0560f50b5b2d1ea4ad2a366c5a2c8e0a943372cf2f200b64c256bae45a87a80915adbce27fa36526264296ace0da57b600481fe5ea3e372e5 - languageName: node - linkType: hard - "minimatch@npm:^9.0.4": version: 9.0.5 resolution: "minimatch@npm:9.0.5" @@ -5388,13 +5415,6 @@ __metadata: languageName: node linkType: hard -"minipass@npm:^5.0.0": - version: 5.0.0 - resolution: "minipass@npm:5.0.0" - checksum: 425dab288738853fded43da3314a0b5c035844d6f3097a8e3b5b29b328da8f3c1af6fc70618b32c29ff906284cf6406b6841376f21caaadd0793c1d5a6a620ea - languageName: node - linkType: hard - "minipass@npm:^5.0.0 || ^6.0.2 || ^7.0.0, minipass@npm:^7.1.2": version: 7.1.2 resolution: "minipass@npm:7.1.2" @@ -5431,7 +5451,7 @@ __metadata: "@types/signale": ^1.4.4 eslint: ^9.16.0 fix-tsup-cjs: ^1.2.0 - glob: ^10.2.2 + globby: ^11.1.0 lodash: ^4.17.21 signale: ^1.4.0 tmp: ^0.2.1 @@ -5874,13 +5894,10 @@ __metadata: languageName: node linkType: hard -"path-scurry@npm:^1.7.0": - version: 1.7.0 - resolution: "path-scurry@npm:1.7.0" - dependencies: - lru-cache: ^9.0.0 - minipass: ^5.0.0 - checksum: 4e86df0fa6848cef1ba672d4a332b8dbd0297c42d5123bcc419d714c34b25ee6775b0d2e66dd5e698a38e9bcd808f8fc47333e3a3357307cada98e16bfae8b98 +"path-type@npm:^4.0.0": + version: 4.0.0 + resolution: "path-type@npm:4.0.0" + checksum: 5b1e2daa247062061325b8fdbfd1fb56dde0a448fb1455453276ea18c60685bdad23a445dc148cf87bc216be1573357509b7d4060494a6fd768c7efad833ee45 languageName: node linkType: hard