Skip to content

feat(mono-pub): replace glob with globby to support negative globs #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SavelevMatthew merged 2 commits into from
Jun 4, 2025
Merged

feat(mono-pub): replace glob with globby to support negative globs #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6fb5768
feat(mono-pub): replace glob with globby to support negative globs
SavelevMatthew Jun 4, 2025
1eeb269
chore(global): sync lockfile
SavelevMatthew Jun 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/mono-pub/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@
"typescript": "^5.0.4"
},
"dependencies": {
"glob": "^10.2.2",
"globby": "^11.1.0",
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Jun 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Verify globby version currency and security.

Please confirm that globby version ^11.1.0 is current and secure, as this dependency change affects the core file matching functionality.

🌐 Web query:

What is the latest version of globby npm package and are there any known security vulnerabilities in version 11.1.0?

💡 Result:

The latest version of the globby npm package is 14.1.0, released approximately a month ago. (npmjs.com)

Regarding version 11.1.0, there are no known security vulnerabilities associated with it. Snyk's vulnerability database indicates that this version has no reported issues. (snyk.io)

However, it's important to note that version 11.1.0 was released in January 2022, and the latest version, 14.1.0, was released in February 2025. Using the most recent version is recommended to benefit from the latest features, improvements, and security patches.

Citations:

Update globby to the latest version

globby ^11.1.0 has no known security vulnerabilities (per Snyk), but it was released in January 2022. The current latest release is 14.1.0 (February 2025) which includes new features, performance improvements, and any recent security patches.

• File: packages/mono-pub/package.json
Line 69

Suggested change:

-   "globby": "^11.1.0",
+   "globby": "^14.1.0",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"globby": "^11.1.0",
"globby": "^14.1.0",
🤖 Prompt for AI Agents 
In packages/mono-pub/package.json at line 69, update the globby dependency
version from "^11.1.0" to "^14.1.0" to use the latest release. This will ensure
the project benefits from the newest features, performance improvements, and
recent security patches. Simply replace the version string while preserving the
caret symbol for compatible updates.

"lodash": "^4.17.21",
"signale": "^1.4.0"
},
Expand Down
5 changes: 5 additions & 0 deletions packages/mono-pub/src/utils/path.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ describe('getAllPackages', () => {
expect(packages).toHaveLength(3)
expect(packages).toEqual(expectContainingPackages(['pkg1', 'pkg3', 'lib1'], 'filtering'))
})
it('Should work with negative globs', async () => {
const packages = await getAllPackages(['packages/*', '!packages/pkg3'], cwd)
expect(packages).toHaveLength(1)
expect(packages).toEqual(expectContainingPackages(['pkg1'], 'filtering'))
})
it('Should work with relative and absolute paths to package.json', async () => {
const packages = await getAllPackages(
['packages/pkg1/package.json', path.join(cwd, 'libs/lib1/package.json')],
Expand Down
18 changes: 12 additions & 6 deletions packages/mono-pub/src/utils/path.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import path from 'path'
import fs, { promises as fsPromises } from 'fs'
import { glob } from 'glob'
import globby from 'globby'
import uniq from 'lodash/uniq'
import get from 'lodash/get'
import type { BasePackageInfo } from '@/types'
Expand All @@ -21,14 +21,20 @@ async function _scanPackage(filePath: string): Promise<PackageScanInfo> {
}

export async function getAllPackages(paths: Array<string>, cwd: string): Promise<Array<BasePackageInfo>> {
const matches = await glob(paths, { cwd, stat: true, withFileTypes: true })
const matches = await globby(paths, {
cwd,
expandDirectories: false,
onlyFiles: false,
absolute: true,
objectMode: true,
})

const fileNames: Array<string> = []
for (const match of matches) {
if (match.isFile() && match.name === 'package.json') {
fileNames.push(match.fullpath())
} else if (match.isDirectory()) {
const fullPath = match.fullpath()
if (match.dirent.isFile() && path.basename(match.name) === 'package.json') {
fileNames.push(match.path)
} else if (match.dirent.isDirectory()) {
const fullPath = match.path
// NOTE: Repo traversal is a part of package logic
// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal
const pkgPath = path.join(fullPath, 'package.json')
Expand Down
137 changes: 77 additions & 60 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2031,6 +2031,13 @@ __metadata:
languageName: node
linkType: hard

"array-union@npm:^2.1.0":
version: 2.1.0
resolution: "array-union@npm:2.1.0"
checksum: 5bee12395cba82da674931df6d0fea23c4aa4660cb3b338ced9f828782a65caa232573e6bf3968f23e0c5eb301764a382cef2f128b170a9dc59de0e36c39f98d
languageName: node
linkType: hard

"array.prototype.findlastindex@npm:^1.2.5":
version: 1.2.5
resolution: "array.prototype.findlastindex@npm:1.2.5"
Expand Down Expand Up @@ -2219,6 +2226,15 @@ __metadata:
languageName: node
linkType: hard

"braces@npm:^3.0.3":
version: 3.0.3
resolution: "braces@npm:3.0.3"
dependencies:
fill-range: ^7.1.1
checksum: b95aa0b3bd909f6cd1720ffcf031aeaf46154dd88b4da01f9a1d3f7ea866a79eba76a6d01cbc3c422b2ee5cdc39a4f02491058d5df0d7bf6e6a162a832df1f69
languageName: node
linkType: hard

"browserslist@npm:^4.21.3":
version: 4.21.5
resolution: "browserslist@npm:4.21.5"
Expand Down Expand Up @@ -2735,6 +2751,15 @@ __metadata:
languageName: node
linkType: hard

"dir-glob@npm:^3.0.1":
version: 3.0.1
resolution: "dir-glob@npm:3.0.1"
dependencies:
path-type: ^4.0.0
checksum: fa05e18324510d7283f55862f3161c6759a3f2f8dbce491a2fc14c8324c498286c54282c1f0e933cb930da8419b30679389499b919122952a4f8592362ef4615
languageName: node
linkType: hard

"doctrine@npm:^2.1.0":
version: 2.1.0
resolution: "doctrine@npm:2.1.0"
Expand Down Expand Up @@ -3323,6 +3348,19 @@ __metadata:
languageName: node
linkType: hard

"fast-glob@npm:^3.2.9":
version: 3.3.3
resolution: "fast-glob@npm:3.3.3"
dependencies:
"@nodelib/fs.stat": ^2.0.2
"@nodelib/fs.walk": ^1.2.3
glob-parent: ^5.1.2
merge2: ^1.3.0
micromatch: ^4.0.8
checksum: 0704d7b85c0305fd2cef37777337dfa26230fdd072dce9fb5c82a4b03156f3ffb8ed3e636033e65d45d2a5805a4e475825369a27404c0307f2db0c8eb3366fbd
languageName: node
linkType: hard

"fast-glob@npm:^3.3.1, fast-glob@npm:^3.3.2":
version: 3.3.2
resolution: "fast-glob@npm:3.3.2"
Expand Down Expand Up @@ -3407,6 +3445,15 @@ __metadata:
languageName: node
linkType: hard

"fill-range@npm:^7.1.1":
version: 7.1.1
resolution: "fill-range@npm:7.1.1"
dependencies:
to-regex-range: ^5.0.1
checksum: b4abfbca3839a3d55e4ae5ec62e131e2e356bf4859ce8480c64c4876100f4df292a63e5bb1618e1d7460282ca2b305653064f01654474aa35c68000980f17798
languageName: node
linkType: hard

"find-up@npm:^2.0.0":
version: 2.1.0
resolution: "find-up@npm:2.1.0"
Expand Down Expand Up @@ -3652,21 +3699,6 @@ __metadata:
languageName: node
linkType: hard

"glob@npm:^10.2.2":
version: 10.2.2
resolution: "glob@npm:10.2.2"
dependencies:
foreground-child: ^3.1.0
jackspeak: ^2.0.3
minimatch: ^9.0.0
minipass: ^5.0.0
path-scurry: ^1.7.0
bin:
glob: dist/cjs/src/bin.js
checksum: 33cbbbea74deb605107715f2ee51937953271ff2f6ce712b57d95a714e2f1bf272fa2c2b0c5101097bf98d3e5d40856941af498b05bce07567aca1a6e3cc7ae9
languageName: node
linkType: hard

"glob@npm:^10.3.10":
version: 10.4.5
resolution: "glob@npm:10.4.5"
Expand Down Expand Up @@ -3734,6 +3766,20 @@ __metadata:
languageName: node
linkType: hard

"globby@npm:^11.1.0":
version: 11.1.0
resolution: "globby@npm:11.1.0"
dependencies:
array-union: ^2.1.0
dir-glob: ^3.0.1
fast-glob: ^3.2.9
ignore: ^5.2.0
merge2: ^1.4.1
slash: ^3.0.0
checksum: b4be8885e0cfa018fc783792942d53926c35c50b3aefd3fdcfb9d22c627639dc26bd2327a40a0b74b074100ce95bb7187bfeae2f236856aa3de183af7a02aea6
languageName: node
linkType: hard

"gopd@npm:^1.0.1, gopd@npm:^1.1.0, gopd@npm:^1.2.0":
version: 1.2.0
resolution: "gopd@npm:1.2.0"
Expand Down Expand Up @@ -4382,19 +4428,6 @@ __metadata:
languageName: node
linkType: hard

"jackspeak@npm:^2.0.3":
version: 2.1.1
resolution: "jackspeak@npm:2.1.1"
dependencies:
"@pkgjs/parseargs": ^0.11.0
cliui: ^8.0.1
dependenciesMeta:
"@pkgjs/parseargs":
optional: true
checksum: ddd1a41c613dd12ec1a3568dd014e42d166f7f007e0d6ea3bf1d1d0f5480147c17ff27606e9131aa23489849e67bd6abf0b8cff90b17fa65271a35cbf74b2b1e
languageName: node
linkType: hard

"jackspeak@npm:^3.1.2":
version: 3.4.3
resolution: "jackspeak@npm:3.4.3"
Expand Down Expand Up @@ -5140,13 +5173,6 @@ __metadata:
languageName: node
linkType: hard

"lru-cache@npm:^9.0.0":
version: 9.1.1
resolution: "lru-cache@npm:9.1.1"
checksum: 4d703bb9b66216bbee55ead82a9682820a2b6acbdfca491b235390b1ef1056000a032d56dfb373fdf9ad4492f1fa9d04cc9a05a77f25bd7ce6901d21ad9b68b7
languageName: node
linkType: hard

"make-dir@npm:^3.0.0":
version: 3.1.0
resolution: "make-dir@npm:3.1.0"
Expand Down Expand Up @@ -5236,7 +5262,7 @@ __metadata:
languageName: node
linkType: hard

"merge2@npm:^1.3.0":
"merge2@npm:^1.3.0, merge2@npm:^1.4.1":
version: 1.4.1
resolution: "merge2@npm:1.4.1"
checksum: 7268db63ed5169466540b6fb947aec313200bcf6d40c5ab722c22e242f651994619bcd85601602972d3c85bd2cc45a358a4c61937e9f11a061919a1da569b0c2
Expand All @@ -5253,6 +5279,16 @@ __metadata:
languageName: node
linkType: hard

"micromatch@npm:^4.0.8":
version: 4.0.8
resolution: "micromatch@npm:4.0.8"
dependencies:
braces: ^3.0.3
picomatch: ^2.3.1
checksum: 79920eb634e6f400b464a954fcfa589c4e7c7143209488e44baf627f9affc8b1e306f41f4f0deedde97e69cb725920879462d3e750ab3bd3c1aed675bb3a8966
languageName: node
linkType: hard

"mimic-fn@npm:^2.1.0":
version: 2.1.0
resolution: "mimic-fn@npm:2.1.0"
Expand Down Expand Up @@ -5285,15 +5321,6 @@ __metadata:
languageName: node
linkType: hard

"minimatch@npm:^9.0.0":
version: 9.0.0
resolution: "minimatch@npm:9.0.0"
dependencies:
brace-expansion: ^2.0.1
checksum: 7bd57899edd1d1b0560f50b5b2d1ea4ad2a366c5a2c8e0a943372cf2f200b64c256bae45a87a80915adbce27fa36526264296ace0da57b600481fe5ea3e372e5
languageName: node
linkType: hard

"minimatch@npm:^9.0.4":
version: 9.0.5
resolution: "minimatch@npm:9.0.5"
Expand Down Expand Up @@ -5388,13 +5415,6 @@ __metadata:
languageName: node
linkType: hard

"minipass@npm:^5.0.0":
version: 5.0.0
resolution: "minipass@npm:5.0.0"
checksum: 425dab288738853fded43da3314a0b5c035844d6f3097a8e3b5b29b328da8f3c1af6fc70618b32c29ff906284cf6406b6841376f21caaadd0793c1d5a6a620ea
languageName: node
linkType: hard

"minipass@npm:^5.0.0 || ^6.0.2 || ^7.0.0, minipass@npm:^7.1.2":
version: 7.1.2
resolution: "minipass@npm:7.1.2"
Expand Down Expand Up @@ -5431,7 +5451,7 @@ __metadata:
"@types/signale": ^1.4.4
eslint: ^9.16.0
fix-tsup-cjs: ^1.2.0
glob: ^10.2.2
globby: ^11.1.0
lodash: ^4.17.21
signale: ^1.4.0
tmp: ^0.2.1
Expand Down Expand Up @@ -5874,13 +5894,10 @@ __metadata:
languageName: node
linkType: hard

"path-scurry@npm:^1.7.0":
version: 1.7.0
resolution: "path-scurry@npm:1.7.0"
dependencies:
lru-cache: ^9.0.0
minipass: ^5.0.0
checksum: 4e86df0fa6848cef1ba672d4a332b8dbd0297c42d5123bcc419d714c34b25ee6775b0d2e66dd5e698a38e9bcd808f8fc47333e3a3357307cada98e16bfae8b98
"path-type@npm:^4.0.0":
version: 4.0.0
resolution: "path-type@npm:4.0.0"
checksum: 5b1e2daa247062061325b8fdbfd1fb56dde0a448fb1455453276ea18c60685bdad23a445dc148cf87bc216be1573357509b7d4060494a6fd768c7efad833ee45
languageName: node
linkType: hard

Expand Down
Loading