Merge pull request #1507 from snyk/fix/support-globs-pattern-yarn-wor…

…kspaces

fix: support globs pattern in yarn workspaces definitions

package.json

@@ -69,6 +69,7 @@
     "graphlib": "^2.1.8",
     "inquirer": "^7.3.3",
     "lodash": "^4.17.20",
+    "micromatch": "4.0.2",
     "needle": "2.5.0",
     "open": "^7.0.3",
     "os-name": "^3.0.0",

src/lib/plugins/nodejs-plugin/yarn-workspaces-parser.ts

@@ -1,6 +1,7 @@
 import * as baseDebug from 'debug';
 import * as pathUtil from 'path';
 import * as _ from 'lodash';
+import * as micromatch from 'micromatch';
 
 const debug = baseDebug('snyk-yarn-workspaces');
 import * as lockFileParser from 'snyk-nodejs-lockfile-parser';
@@ -59,15 +60,13 @@ export async function processYarnWorkspaces(
       ...getWorkspacesMap(packageJson),
     };
     for (const workspaceRoot of Object.keys(yarnWorkspacesMap)) {
-      const workspaces = yarnWorkspacesMap[workspaceRoot].workspaces || [];
-
-      const match = workspaces
-        .map((pattern) => {
-          return packageJsonFileName.includes(pattern.replace(/\*/, ''));
-        })
-        .filter(Boolean);
+      const match = packageJsonBelongsToWorkspace(
+        packageJsonFileName,
+        yarnWorkspacesMap,
+        workspaceRoot,
+      );
 
-      if (match && match.length) {
+      if (match) {
         debug(`${packageJsonFileName} matches an existing workspace pattern`);
         yarnWorkspacesFilesMap[packageJsonFileName] = {
           root: workspaceRoot,
@@ -147,3 +146,21 @@ export function getWorkspacesMap(file: {
   }
   return yarnWorkspacesMap;
 }
+
+function packageJsonBelongsToWorkspace(
+  packageJsonFileName: string,
+  yarnWorkspacesMap: YarnWorkspacesMap,
+  workspaceRoot,
+): boolean {
+  const workspaceRootFolder = path.dirname(workspaceRoot);
+  const workspacesGlobs = (
+    yarnWorkspacesMap[workspaceRoot].workspaces || []
+  ).map((p) => path.join(workspaceRootFolder, p));
+  const filePath = path.normalize(packageJsonFileName);
+
+  const match = micromatch.isMatch(
+    filePath,
+    workspacesGlobs.map((p) => (p.endsWith('/**') ? p : p + '/**')),
+  );
+  return match;
+}

test/acceptance/cli-test/cli-test.yarn-workspaces.spec.ts

@@ -98,7 +98,12 @@ export const YarnWorkspacesTests: AcceptanceTests = {
       );
       t.match(
         result.getDisplayResults(),
-        'Tested 3 projects, no vulnerable paths were found.',
+        'Project name:      apple-lib',
+        'yarn project in output',
+      );
+      t.match(
+        result.getDisplayResults(),
+        'Tested 4 projects, no vulnerable paths were found.',
         'no vulnerable paths found as both policies detected and applied.',
       );
       let policyCount = 0;
@@ -115,7 +120,7 @@ export const YarnWorkspacesTests: AcceptanceTests = {
           ? '\\yarn-workspaces\\package.json'
           : 'yarn-workspaces/package.json';
 
-      params.server.popRequests(3).forEach((req) => {
+      params.server.popRequests(4).forEach((req) => {
         t.equal(req.method, 'POST', 'makes POST request');
         t.equal(
           req.headers['x-snyk-cli-version'],

test/acceptance/workspaces/yarn-workspaces/libs/apple-lib/package.json

@@ -0,0 +1,12 @@
+{
+  "name": "apple-lib",
+  "version": "1.0.0",
+  "license": "UNLICENSED",
+  "main": "./src/index.js",
+  "scripts": {
+    "precommit": "lint-staged"
+  },
+  "dependencies": {
+    "node-uuid": "1.3.0"
+  }
+}

test/acceptance/workspaces/yarn-workspaces/package.json

@@ -1,7 +1,8 @@
 {
   "private": true,
   "workspaces": [
-    "packages/*"
+    "packages/*",
+    "libs/**/*"
   ],
   "resolutions": {
     "node-fetch": "^2.3.0"