Skip to content

Commit

Permalink
fix: make sure dev deps are saved propery
Browse files Browse the repository at this point in the history
  • Loading branch information
@oakfang @remy
oakfang authored and remy committed Jul 7, 2016
1 parent b1e4829 commit ffe1ad9
Show file tree
Hide file tree
Showing 7 changed files with 473 additions and 21 deletions.
2 changes: 1 addition & 1 deletion cli/commands/protect/wizard.js
View file
Expand Up @@ -361,7 +361,7 @@ function processAnswers(answers, policy, options) {

var lbl = 'Updating npm-shrinkwrap.json...';
return spinner(lbl)
.then(npm.bind(null, 'shrinkwrap', null, live, cwd))
.then(npm.bind(null, 'shrinkwrap', null, live, cwd, null))
.then(spinner.clear(lbl));
}
})
Expand Down
9 changes: 6 additions & 3 deletions lib/npm.js
View file
Expand Up @@ -3,7 +3,8 @@ module.exports = npm;
var debug = require('debug')('snyk');
var exec = require('child_process').exec;

function npm(method, packages, live, cwd) {
function npm(method, packages, live, cwd, flags) {
flags = flags || [];
if (!packages) {
packages = [];
}
Expand All @@ -14,10 +15,12 @@ function npm(method, packages, live, cwd) {

// only if we have packages, then always save, otherwise the command might
// be something like `npm shrinkwrap'
if (packages.length) {
method = '--save ' + method;
if (packages.length && !flags.length) {
flags.push('--save');
}

method += ' ' + flags.join(' ');

return new Promise(function (resolve, reject) {
var cmd = 'npm ' + method + ' ' + packages.join(' ');
if (!cwd) {
Expand Down
32 changes: 23 additions & 9 deletions lib/protect/update.js
View file
Expand Up @@ -12,6 +12,7 @@ var spinner = require('../spinner');
function update(packages, live) {
var lbl = 'Running `npm update`...';
var error = false;

return spinner(lbl).then(function () {
// the uninstall doesn't need versions in the strings
// but install *does* so we build up arrays of both
Expand All @@ -22,13 +23,17 @@ function update(packages, live) {
var remediation = vuln.upgradePath.filter(Boolean)[0];
upgradeWithoutVersions.push(remediation.split('@').shift());

// TODO fix this string
if (vuln.parentDep === 'dev') {
console.log('>>>>>>>>>>>>>>>>');
return {
remediation: remediation,
type: vuln.parentDepType || 'prod',
};
}).reduce(function (ups, vuln) {
if (!ups[vuln.type]) {
ups[vuln.type] = [];
}

return remediation;
});
ups[vuln.type].push(vuln.remediation);
return ups;
}, {});

debug('to upgrade', upgrade);

Expand All @@ -38,12 +43,21 @@ function update(packages, live) {

var toUninstall = _.unique(upgradeWithoutVersions);
var promise = npm('uninstall', toUninstall, live).then(function () {
// FIXME this only adds to prod deps
// it should respect the dep type here
return npm('install', findUpgrades(upgrade), live).catch(function (e) {
var prodUpdate = (upgrade.prod ?
npm('install', findUpgrades(upgrade.prod), live) :
Promise.resolve(true)).catch(function (e) {
error = e;
return false;
});
var devUpdate = (upgrade.dev ?
npm('install', findUpgrades(upgrade.dev), live, null, ['--save-dev']) :
Promise.resolve(true)).catch(function (e) {
error = e;
return false;
});
return Promise.all([prodUpdate, devUpdate]).then(function (results) {
return results[0] && results[1];
});
});

return promise;
Expand Down
8 changes: 4 additions & 4 deletions lib/test.js
View file
Expand Up @@ -122,11 +122,11 @@ function test(root, options, callback) {
vuln.shrinkwrap = plucked.shrinkwrap;
vuln.bundled = plucked.bundled;

vuln.depType = plucked.depType;

var parentPkg = moduleToOjbect(vuln.from[1]);
var parent = modules.pluck(vuln.from.slice(0, 2), parentPkg.name, parentPkg.version);
vuln.parentDep = parent.depType;
var parent = modules.pluck(vuln.from.slice(0, 2),
parentPkg.name,
parentPkg.version);
vuln.parentDepType = parent.depType;
});
}
}
Expand Down

0 comments on commit ffe1ad9

Please sign in to comment.