1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-15 03:48:02 -05:00
Commit graph

95 commits

Author SHA1 Message Date
Nathan Whitaker
56f31628f7
feat: subcommand to view and update outdated dependencies (#26942)
Closes #20487

Currently spelled

```
deno outdated
```
and
```
deno outdated --update
```

Works across package.json and deno.json, and in workspaces.

There's a bit of duplicated code, I'll refactor to reduce this in follow
ups

## Currently supported:
### Printing outdated deps (current output below which basically mimics
pnpm, but requesting feedback / suggestions)

```
deno outdated
```
![Screenshot 2024-11-19 at 2 01
56 PM](https://github.com/user-attachments/assets/51fea83a-181a-4082-b388-163313ce15e7)

### Updating deps

semver compatible:
```
deno outdated --update
```
latest:
```
deno outdated --latest
```
current output is basic, again would love suggestions
![Screenshot 2024-11-19 at 2 13
46 PM](https://github.com/user-attachments/assets/e4c4db87-cd67-4b74-9ea7-4bd80106d5e9)

#### Filters
```
deno outdated --update "@std/*"
deno outdated --update --latest "@std/* "!@std/fmt"
```
#### Update to specific versions
```
deno outdated --update @std/fmt@1.0.2 @std/cli@^1.0.3
```

### Include all workspace members
```
deno outdated --recursive
deno outdated --update --recursive
```

## Future work
- interactive update
- update deps in js/ts files
- better support for transitive deps

Known issues (to be fixed in follow ups):
- If no top level dependencies have changed, we won't update transitive
deps (even if they could be updated)
- Can't filter transitive deps, or update them to specific versions

## TODO (in this PR):
- ~~spec tests for filters~~
- ~~spec test for mixed workspace (have tested manually)~~
- tweak output
- suggestion when you try `deno update`

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-11-20 15:22:15 -08:00
David Sherret
617350e79c
refactor(resolver): move more resolution code into deno_resolver (#26873)
Follow-up to cjs refactor.

This moves most of the resolution code into the deno_resolver crate.
Still pending is the npm resolution code.
2024-11-14 15:24:25 -05:00
Nathan Whitaker
c371b2a492
fix(install): re-setup bin entries after running lifecycle scripts (#26752)
Fixes #26677

Some packages (like supabase) declare bin entries that don't exist until
lifecycle scripts are run. For instance, the lifecycle script downloads
a binary file which serves as a bin entrypoint.

Unfortunately you can't just defer setting up the bin entries until
after lifecycle scripts have run, because the scripts may rely on them.

I looked into this, and PNPM just re-links bin entries after running
lifecycle scripts. I think that's about the best we can do as well.

Note that we'll only re-setup bin entries for packages whose lifecycle
scripts we run. This should limit the performance cost, as typically a
given project will not have many lifecycle scripts (and of those, many
of them probably don't have bin entries to set up).
2024-11-12 09:23:39 -08:00
Nathan Whitaker
f9a05068d6
fix(install): handle invalid function error, and fallback to junctions regardless of the error (#26730)
Fixes #26116.

Handle the new error and treat is as lacking permission to make
symlinks, but also to make this more robust, just always fall back to
junctions no matter what the actual error is. Instead, warn if the error
isn't one we've handled, but go on to attempt creating the junction
2024-11-05 04:16:53 +00:00
Leo Kettmeir
fe9f0ee593
refactor(runtime/permissions): use concrete error types (#26464) 2024-11-04 09:17:21 -08:00
David Sherret
826e42a5b5
fix: improved support for cjs and cts modules (#26558)
* cts support
* better cjs/cts type checking
* deno compile cjs/cts support
* More efficient detect cjs (going towards stabilization)
* Determination of whether .js, .ts, .jsx, or .tsx is cjs or esm is only
done after loading
* Support `import x = require(...);`

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-11-01 12:27:00 -04:00
David Sherret
90edca21a2
fix: surface package.json location on dep parse failure (#26665)
Related: https://github.com/denoland/deno/issues/26653
2024-10-31 15:35:17 +00:00
Marvin Hagemeister
5f0bb3c6f4
fix: .npmrc settings not being passed to install/add command (#26473)
We weren't passing the resolved npmrc settings to the install commands.
This lead us to always fall back to the default registry url instead of
using the one from npmrc.

Fixes https://github.com/denoland/deno/issues/26139
Fixes https://github.com/denoland/deno/issues/26033
Fixes https://github.com/denoland/deno/issues/25924
Fixes https://github.com/denoland/deno/issues/25822
Fixes https://github.com/denoland/deno/issues/26152

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-24 20:03:56 +02:00
Marvin Hagemeister
4b99cde504
fix(npm): ensure scoped package name is encoded in URLs (#26390)
Fixes https://github.com/denoland/deno/issues/26385
2024-10-18 20:38:57 +02:00
Nathan Whitaker
7c3c13cecf
fix(install): retry downloads of registry info / tarballs (#26278)
Fixes #26085.

Adds a basic retry utility with some defaults, starts off with a 100ms
wait, then 250ms, then 500ms

I've applied the retry in the http client, reusing an existing function,
so this also applies to retrying downloads of deno binaries in `upgrade`
and `compile`. I can make a separate function that doesn't retry so this
doesn't affect `upgrade` and `compile`, but it seemed desirable to have
retries there too, so I left it in.
2024-10-15 16:46:42 -07:00
Nathan Whitaker
7a990d9d42
feat(npm): support --allow-scripts on deno run (and deno add, deno test, etc) (#26075)
Fixes https://github.com/denoland/deno/issues/25533. Fixes
https://github.com/denoland/deno/issues/25396.

Previously we only supported it on `deno install` and `deno cache`,
which is annoying if you're using `nodeModulesDir: auto`.

Also changes from printing output of lifecycle scripts directly to
capturing the output and only printing it on error.
2024-10-12 12:14:32 -07:00
David Sherret
2de4faa483
refactor: improve node permission checks (#26028)
Does less work when requesting permissions with `-A`
2024-10-04 20:55:41 +01:00
David Sherret
edac916604
fix(install): surface package.json dependency errors (#26023) 2024-10-04 07:52:00 +00:00
Nathan Whitaker
275418473e
fix(install): store tags associated with package in node_modules dir (#26000)
Fixes #25998. Fixes https://github.com/denoland/deno/issues/25928.

Originally I was just going to make this an error message instead of a
panic, but once I got to a minimal repro I felt that this really should
work.

The panic occurs when you have `nodeModulesDir: manual` (or a
package.json present), and you have an npm package with a tag in your
deno.json (see the spec test that illustrates this).

This code path only actually executes when trying to choose an
appropriate package version from `node_modules/.deno`, so we should be
able to fix it by storing some extra data at install time.

The fix proposed here is to repurpose the `.initialized` file that we
store in `node_modules` to store the tags associated with a package.
Basically, if you have a version requirement with a tag (e.g.
`npm:chalk@latest`), when we set up the node_modules folder for that
package, we store the tag (`latest`) in `.initialized`. Then, when doing
BYONM resolution, if we have a version requirement with a tag, we read
that file and check if the tag is present.

The downside is that we do more work when setting up `node_modules`. We
_could_ do this only when BYONM is enabled, but that would have the
downside of needing to re-run `deno install` when you switch from auto
-> manual, though maybe that's not a big deal.
2024-10-02 17:16:46 -07:00
Nathan Whitaker
cb74975ab2
fix(install): compare versions directly to decide whether to create a child node_modules dir for a workspace member (#26001)
Fixes #25861.

Previously we were attempting to match the version requirement against
the version already present in `node_modules` root, and if they didn't
match we would create a node_modules dir in the workspace member's
directory with the dependency.

Aside from the fact that this caused the panic, on second thought it
just doesn't make sense in general. We shouldn't be semver matching, as
resolution has already occurred and decided what package versions are
required. Instead, we can just compare the versions directly.
2024-10-02 15:11:43 -07:00
David Sherret
cac28b5262
feat(byonm): support deno run npm:<package> when package is not in package.json (#25981)
Closes https://github.com/denoland/deno/issues/25905
2024-10-02 21:17:39 +01:00
Nayeem Rahman
3881b71734
feat(lsp): quick fix for @deno-types="npm:@types/*" (#25954) 2024-10-01 22:55:02 +01:00
David Sherret
69ab720025
refactor: move ByonmNpmResolver to deno_resolver (#25937)
Some more slow progress on moving all the resolution code into
deno_resolver.
2024-09-30 13:33:32 +00:00
David Sherret
1bb47805d6
refactor: move NpmCacheDir to deno_cache_dir (#25916)
Part of the ongoing work to move more of Deno's resolution out of the
CLI crate (for use in Wasm and other things)

Includes:

* https://github.com/denoland/deno_cache_dir/pull/60
2024-09-28 08:50:16 -04:00
Nathan Whitaker
fbddd5a2eb
fix(node): Pass NPM_PROCESS_STATE to subprocesses via temp file instead of env var (#25896)
Fixes https://github.com/denoland/deno/issues/25401. Fixes
https://github.com/denoland/deno/issues/25841. Fixes
https://github.com/denoland/deno/issues/25891.
2024-09-27 12:35:37 -07:00
Bartek Iwańczuk
eff64238b6
feat: Don't warn about --allow-script when using esbuild (#25894)
`esbuild` can work fine without needing to run post-install script, so
to make it easier on users (especially people using Vite) we are not prompting to run with
`--allow-scripts` again.

We only do that for version >= 0.18.0 to be sure.
2024-09-26 23:37:49 +00:00
Nathan Whitaker
543c687c34
feat(install): warn repeatedly about not-run lifecycle scripts on explicit installs (#25878)
Currently we only warn once. With this PR, we continue to warn about
not-run scripts on explicit `deno install` (or cache). For `run` (or
other subcommands) we only warn the once, as we do currently.
2024-09-26 17:13:33 +00:00
Nathan Whitaker
13c53d9727
fix(installl): make bin entries executable even if not put in node_modules/.bin (#25873)
Fixes https://github.com/denoland/deno/issues/25862.

npm only makes bin entries executable if they get linked into `.bin`, as
we did before this PR. So this PR actually deviates from npm, because
it's the only reasonable way to fix this that I can think of.

---

The reason this was broken in moment is the following:

Moment has dependencies on two typescript versions: 1.8 and 3.1

If you have two packages with conflicting bin entries (i.e. two
typescript versions which both have a bin entry `tsc`), in npm it is
non-deterministic and undefined which one will end up in `.bin`.

npm, due to implementation differences, chooses to put typescript 1.8
into the `.bin` directory, and so `node_modules/typescript/bin/tsc` ends
up getting marked executable. We, however, choose typescript 3.2, and so
we end up making `node_modules/typescript3/bin/tsc` executable.

As part of its tests, moment executes `node_modules/typescript/bin/tsc`.
Because we didn't make it executable, this fails.

Since the conflict resolution is undefined in npm, instead of trying to
match it, I think it makes more sense to just make bin entries
executable even if they aren't chosen in the case of a conflict.
2024-09-26 09:36:25 -07:00
Nathan Whitaker
36ebc03f17
fix(cli): Warn on not-run lifecycle scripts with global cache (#25786)
Refactors the lifecycle scripts code to extract out the common
functionality and then uses that to provide a warning in the global
resolver.

While ideally we would still support them with the global cache, for now
a warning is at least better than the status quo (where people are
unaware why their packages aren't working).
2024-09-24 19:23:57 +00:00
Bartek Iwańczuk
5b14c71daf
feat: improve warnings for deprecations and lifecycle script for npm packages (#25694)
This commit improves warning messages for deprecated npm packages
and packages that rely on lifecycle script.
2024-09-18 19:04:25 +00:00
David Sherret
62e952559f
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
2024-09-16 21:39:37 +01:00
David Sherret
af2d992ecd
feat: TypeScript 5.6 and npm:@types/node@22 (#25614) 2024-09-14 11:58:47 +01:00
David Sherret
72f025c743
fix: remove recently added deno.json node_modules aliasing (#25542)
This was initially added in #25399 in order to make transitioning over
from package.json to deno.json more easy, but it causes some problems
that are shown in the issue and it also means that the output of `deno
install` would have different resolution than `npm install`. Overall, I
think it's too much complexity to be smarter about this and it's
probably best to not do it. If someone needs an aliased folder then they
should keep using a package.json

Closes #25538
2024-09-09 20:19:29 +00:00
Nathan Whitaker
292344af42
fix(install): Make sure target node_modules exists when symlinking (#25494)
Fixes https://github.com/denoland/deno/issues/25493
2024-09-06 19:08:56 +00:00
David Sherret
c6d1b0a1cc
fix(byonm): resolve npm deps of jsr deps (#25399)
This allows using npm deps of jsr deps without having to add them to the
root package.json.

Works by taking the package requirement and scanning the
`node_modules/.deno` directory for the best matching package, so it
relies on deno's node_modules structure.

Additionally to make the transition from package.json to deno.json
easier, Deno now:

1. Installs npm deps in a deno.json at the same time as installing npm
deps from a package.json.
2. Uses the alias in the import map for `node_modules/<alias>` for
better package.json compatiblity.
2024-09-04 14:00:44 +00:00
David Sherret
bf7571a6f9
fix: make some warnings more standard (#25324) 2024-09-03 10:45:01 +02:00
David Sherret
f891e73bbf
refactor: remove DENO_FUTURE (#25314) 2024-08-30 21:58:24 +00:00
David Sherret
b708a13eb0
feat: improve lockfile v4 to store normalized version constraints and be more terse (#25247)
Stores normalized version constraints in the lockfile, which will
improve reproducibility and will fix a bug with duplicate specifiers
ending up in the lockfile. Also, gets rid of some duplicate data in the
specifiers area of the lockfile.
2024-08-28 14:17:47 -04:00
Nathan Whitaker
f606402677
fix(install): Use relative symlinks in deno install (#25164)
Fixes https://github.com/denoland/deno/issues/25161
2024-08-22 21:55:17 +00:00
HasanAlrimawi
0704454755
feat: Print deprecation message for npm packages (#24992)
This commit adds ability to print deprecation notices
for npm packages that have been marked as deprecated.

Closes #24013
2024-08-20 19:53:53 +02:00
David Sherret
f1c58ec041
feat(unstable): ability to use a local copy of jsr packages (#25068) 2024-08-20 14:11:43 +00:00
Asher Gomez
f89b531149
feat(node): support username and _password in .npmrc file (#24793)
Closes #23950
2024-08-14 18:53:15 +02:00
Nathan Whitaker
854c7ba198
fix(install): Properly handle dist tags when setting up node_modules (#24968)
Fixes https://github.com/denoland/deno/issues/24966.
Fixes https://github.com/denoland/deno/issues/24932.
2024-08-09 13:35:54 +00:00
Satya Rohith
8c2f1f5a55
chore: upgrade to rust 1.80 (#24778) 2024-07-29 12:58:04 -04:00
David Sherret
3bf147fe28
refactor: decouple node resolution from deno_core (#24724) 2024-07-25 19:08:14 -04:00
David Sherret
52ababc4bf
fix(node): better detection for when to surface node resolution errors (#24653) 2024-07-24 00:22:24 +00:00
Nathan Whitaker
a4c76add56
fix(cli): Respect implied BYONM from DENO_FUTURE in deno task (#24652)
Regression from
04f9db5b22

Originally I thought to fix the issue in the PR we needed to explicitly
pass through the `node-modules-dir` flag, but after applying the correct
fix that david pointed out (setting `NPM_PROCESS_STATE`) that wasn't
necessary (or correct).

We had a test for deno task with BYONM, but it only tested with
`"unstable": ["byonm"]` in deno.json, so it didn't catch this.
2024-07-19 18:59:04 +00:00
Bartek Iwańczuk
7b33623b1d
Reland "refactor(fetch): reimplement fetch with hyper instead of reqwest" (#24593)
Originally landed in
f6fd6619e7.
Reverted in https://github.com/denoland/deno/pull/24574.

This reland contains a fix that sends "Accept: */*" header for calls made
from "FileFetcher". Absence of this header made downloading source code
from JSR broken. This is tested by ensuring this header is present in the
test server that servers JSR packages.

---------

Co-authored-by: Sean McArthur <sean@seanmonstar.com>
2024-07-18 01:37:31 +02:00
Nathan Whitaker
c9da27e147
fix(cli): Create child node_modules for conflicting dependency versions, respect aliases in package.json (#24609)
Fixes #24419.
2024-07-16 20:30:28 +00:00
Nathan Whitaker
04f9db5b22
fix(node): Fix --allow-scripts with no deno.json (#24533)
We would resolve the wrong package.json, resulting in an inability to
run CJS (or other node-mode) scripts
2024-07-15 12:11:09 -07:00
David Sherret
29186d7e59
fix(workspace): do not resolve to self for npm pkg depending on matching req (#24591)
Closes #24584
2024-07-15 15:08:51 -04:00
Ryan Dahl
e0cfc9da39
Revert "refactor(fetch): reimplement fetch with hyper instead of reqwest (#24237)" (#24574)
This reverts commit f6fd6619e7.

I'm seeing a difference between canary and 1.45.2. In
`deno-docs/reference_gen` I can't download dax when running `deno task
types`

```
~/src/deno-docs/reference_gen# deno upgrade --canary
Looking up latest canary version
Found latest version f6fd6619e7
Downloading https://dl.deno.land/canary/f6fd6619e708a515831f707438368d81b0c9aa56/deno-aarch64-apple-darwin.zip
Deno is upgrading to version f6fd6619e7
Archive:  /var/folders/9v/kys6gqns6kl8nksyn4l1f9v40000gn/T/.tmpb5lDnq/deno.zip
  inflating: deno
Upgraded successfully

~/src/deno-docs/reference_gen# deno -v
deno 1.45.2+f6fd661

~/src/deno-docs/reference_gen# rm -rf /Users/ry/Library/Caches/deno

~/src/deno-docs/reference_gen# deno task types
Task types deno task types:deno && deno task types:node
Task types:deno deno run --allow-read --allow-write --allow-run --allow-env --allow-sys deno-docs.ts
error: JSR package manifest for '@david/dax' failed to load. expected value at line 1 column 1
    at file:///Users/ry/src/deno-docs/reference_gen/deno-docs.ts:2:15

~/src/deno-docs/reference_gen# deno upgrade --version 1.45.2
Downloading https://github.com/denoland/deno/releases/download/v1.45.2/deno-aarch64-apple-darwin.zip
Deno is upgrading to version 1.45.2
Archive:  /var/folders/9v/kys6gqns6kl8nksyn4l1f9v40000gn/T/.tmp3R7uhF/deno.zip
  inflating: deno
Upgraded successfully

~/src/deno-docs/reference_gen# rm -rf /Users/ry/Library/Caches/deno

~/src/deno-docs/reference_gen# deno task types
Task types deno task types:deno && deno task types:node
Task types:deno deno run --allow-read --allow-write --allow-run --allow-env --allow-sys deno-docs.ts
Task types:node deno run --allow-read --allow-write=. --allow-env --allow-sys node-docs.ts
```
2024-07-13 21:08:23 +00:00
Sean McArthur
f6fd6619e7
refactor(fetch): reimplement fetch with hyper instead of reqwest (#24237)
This commit re-implements `ext/fetch` and all dependent crates
using `hyper` and `hyper-util`, instead of `reqwest`.

The reasoning is that we want to have greater control and access
to low level `hyper` APIs when implementing `fetch` API as well
as `node:http` module.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-07-13 00:51:37 +02:00
Nathan Whitaker
3d0e1b65b1
fix(node): Ignore broken default install scripts (#24534)
NPM inserts a default install script when a package has a `binding.gyp`
file.

It's possible, however, for the package to exclude the `binding.gyp`
file when they publish, and in this case the install script will never
succeed for a user of the package.

This happens with `fsevents`, for instance. They don't include the
`binding.gyp` file in their published tarball, but the default install
script appears in the manifest served by `npm`.

This causes us to warn that `fsevents` has an install script, but when
you try to run it it fails due to `binding.gyp` not existing.
2024-07-11 18:39:45 +00:00
David Sherret
f950f59983
fix(npm): only warn about lifecycle scripts not being run when setting up directory (#24530)
Closes #24518
2024-07-11 16:41:42 +00:00