Use editablePkgJson.content instead of plucking it.

Author: jdalton

.config/rollup.dist.config.mjs

@@ -240,7 +240,7 @@ function resetDependencies(deps) {
 
 async function updateDepStats(depStats) {
   const editablePkgJson = await readPackageJson(rootPath, { editable: true })
-  const { content: pkgJson } = editablePkgJson
+
   const oldDepStats = existsSync(depStatsPath)
     ? await readJson(depStatsPath)
     : undefined
@@ -250,7 +250,7 @@ async function updateDepStats(depStats) {
     // preserves dependencies that are indirectly referenced through spawned
     // processes and not directly imported.
     Object.fromEntries(
-      Object.entries(pkgJson.dependencies).filter(
+      Object.entries(editablePkgJson.content.dependencies).filter(
         ({ 0: key }) => !oldDepStats?.transitives?.[key]
       )
     )
@@ -259,9 +259,9 @@ async function updateDepStats(depStats) {
   delete depStats.dependencies[SENTRY_NODE]
   // Remove transitives from dependencies.
   for (const key of Object.keys(oldDepStats?.transitives ?? {})) {
-    if (pkgJson.dependencies[key]) {
-      depStats.transitives[key] = pkgJson.dependencies[key]
-      depStats.external[key] = pkgJson.dependencies[key]
+    if (editablePkgJson.content.dependencies[key]) {
+      depStats.transitives[key] = editablePkgJson.content.dependencies[key]
+      depStats.external[key] = editablePkgJson.content.dependencies[key]
       delete depStats.dependencies[key]
     }
   }
@@ -289,9 +289,8 @@ async function updateDepStats(depStats) {
 
 async function updatePackageJson() {
   const editablePkgJson = await readPackageJson(rootPath, { editable: true })
-  const { content: pkgJson } = editablePkgJson
-  const bin = resetBin(pkgJson.bin)
-  const dependencies = resetDependencies(pkgJson.dependencies)
+  const bin = resetBin(editablePkgJson.content.bin)
+  const dependencies = resetDependencies(editablePkgJson.content.dependencies)
   editablePkgJson.update({
     name: SOCKET_CLI_PACKAGE_NAME,
     description: SOCKET_DESCRIPTION,

src/commands/fix/npm-fix.ts

@@ -84,7 +84,6 @@ export async function npmFix(
   }
 
   const editablePkgJson = await readPackageJson(cwd, { editable: true })
-  const { content: pkgJson } = editablePkgJson
 
   await arb.buildIdealTree()
 
@@ -138,14 +137,17 @@ export async function npmFix(
           targetVersion = node.package.version!
           const fixSpec = `${name}@^${targetVersion}`
           const revertData = {
-            ...(pkgJson.dependencies
-              ? { dependencies: pkgJson.dependencies }
+            ...(editablePkgJson.content.dependencies
+              ? { dependencies: editablePkgJson.content.dependencies }
               : undefined),
-            ...(pkgJson.optionalDependencies
-              ? { optionalDependencies: pkgJson.optionalDependencies }
+            ...(editablePkgJson.content.optionalDependencies
+              ? {
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
+                }
               : undefined),
-            ...(pkgJson.peerDependencies
-              ? { peerDependencies: pkgJson.peerDependencies }
+            ...(editablePkgJson.content.peerDependencies
+              ? { peerDependencies: editablePkgJson.content.peerDependencies }
               : undefined)
           } as PackageJson
 
@@ -156,6 +158,7 @@ export async function npmFix(
               editablePkgJson,
               arb.idealTree!,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop

src/commands/fix/pnpm-fix.ts

@@ -11,6 +11,7 @@ import {
 } from '@socketsecurity/registry/lib/packages'
 
 import { enableAutoMerge, openGitHubPullRequest } from './open-pr'
+import { applyRange } from './shared'
 import constants from '../../constants'
 import {
   SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,
@@ -91,7 +92,6 @@ export async function pnpmFix(
   spinner?.start()
 
   const editablePkgJson = await readPackageJson(cwd, { editable: true })
-  const { content: pkgJson } = editablePkgJson
 
   let actualTree = await getActualTree(cwd)
 
@@ -139,16 +139,22 @@ export async function pnpmFix(
         let installed = false
         let saved = false
         if (targetVersion && targetPackument) {
-          const oldPnpm = pkgJson[PNPM] as StringKeyValueObject | undefined
-          const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
+          const oldPnpm = editablePkgJson.content[PNPM] as
+            | StringKeyValueObject
+            | undefined
+          const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
           const oldOverrides = (oldPnpm as StringKeyValueObject)?.[OVERRIDES] as
             | Record<string, string>
             | undefined
-          const overridesCount = oldOverrides
+          const oldOverridesCount = oldOverrides
             ? Object.keys(oldOverrides).length
             : 0
           const overrideKey = `${node.name}@${vulnerableVersionRange}`
-          const overrideRange = `^${targetVersion}`
+          const overrideRange = applyRange(
+            oldOverrides?.[overrideKey] ?? targetVersion,
+            targetVersion,
+            rangeStyle
+          )
           const fixSpec = `${name}@${overrideRange}`
           const updateData = {
             [PNPM]: {
@@ -160,26 +166,29 @@ export async function pnpmFix(
             }
           }
           const revertData = {
-            [PNPM]: pnpmKeyCount
+            [PNPM]: oldPnpmKeyCount
               ? {
                   ...oldPnpm,
                   [OVERRIDES]:
-                    overridesCount === 1
+                    oldOverridesCount === 1
                       ? undefined
                       : {
                           [overrideKey]: undefined,
                           ...oldOverrides
                         }
                 }
               : undefined,
-            ...(pkgJson.dependencies
-              ? { dependencies: pkgJson.dependencies }
+            ...(editablePkgJson.content.dependencies
+              ? { dependencies: editablePkgJson.content.dependencies }
               : undefined),
-            ...(pkgJson.optionalDependencies
-              ? { optionalDependencies: pkgJson.optionalDependencies }
+            ...(editablePkgJson.content.optionalDependencies
+              ? {
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
+                }
               : undefined),
-            ...(pkgJson.peerDependencies
-              ? { peerDependencies: pkgJson.peerDependencies }
+            ...(editablePkgJson.content.peerDependencies
+              ? { peerDependencies: editablePkgJson.content.peerDependencies }
               : undefined)
           } as PackageJson
 
@@ -191,6 +200,7 @@ export async function pnpmFix(
               editablePkgJson,
               actualTree,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop

src/commands/optimize/add-overrides.ts

@@ -80,10 +80,12 @@ export async function addOverrides(
   if (editablePkgJson === undefined) {
     editablePkgJson = await readPackageJson(pkgPath, { editable: true })
   }
-  const { content: pkgJson } = editablePkgJson
-
   const workspaceName = path.relative(rootPath, pkgPath)
-  const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson)
+  const workspaceGlobs = await getWorkspaceGlobs(
+    agent,
+    pkgPath,
+    editablePkgJson
+  )
   const isRoot = pkgPath === rootPath
   const isLockScanned = isRoot && !prod
   const isWorkspace = !!workspaceGlobs
@@ -104,12 +106,12 @@ export async function addOverrides(
   }
 
   const overridesDataObjects = [] as GetOverridesResult[]
-  if (pkgJson['private'] || isWorkspace) {
-    overridesDataObjects.push(overridesDataByAgent.get(agent)!(pkgJson))
+  if (editablePkgJson.content['private'] || isWorkspace) {
+    overridesDataObjects.push(overridesDataByAgent.get(agent)!(editablePkgJson))
   } else {
     overridesDataObjects.push(
-      overridesDataByAgent.get(NPM)!(pkgJson),
-      overridesDataByAgent.get(YARN_CLASSIC)!(pkgJson)
+      overridesDataByAgent.get(NPM)!(editablePkgJson),
+      overridesDataByAgent.get(YARN_CLASSIC)!(editablePkgJson)
     )
   }
 
@@ -118,7 +120,7 @@ export async function addOverrides(
   )
 
   const depAliasMap = new Map<string, string>()
-  const depEntries = getDependencyEntries(pkgJson)
+  const depEntries = getDependencyEntries(editablePkgJson)
 
   const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
     semver.satisfies(

src/commands/optimize/get-dependency-entries.ts

@@ -1,14 +1,12 @@
-import { readPackageJson } from '@socketsecurity/registry/lib/packages'
+import type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'
 
-type PackageJson = Awaited<ReturnType<typeof readPackageJson>>
-
-export function getDependencyEntries(pkgJson: PackageJson) {
+export function getDependencyEntries(editablePkgJson: EditablePackageJson) {
   const {
     dependencies,
     devDependencies,
     optionalDependencies,
     peerDependencies
-  } = pkgJson
+  } = editablePkgJson.content
   return [
     [
       'dependencies',

src/commands/optimize/get-overrides-by-agent.ts

@@ -1,8 +1,8 @@
 import constants from '../../constants'
 
-import type { Overrides } from './types'
+import type { NpmOverrides, Overrides, PnpmOrYarnOverrides } from './types'
 import type { Agent } from '../../utils/package-environment'
-import type { PackageJson } from '@socketsecurity/registry/lib/packages'
+import type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'
 
 const {
   BUN,
@@ -15,45 +15,52 @@ const {
   YARN_CLASSIC
 } = constants
 
-function getOverridesDataBun(pkgJson: PackageJson) {
-  const overrides = (pkgJson as any)?.[RESOLUTIONS] ?? {}
+function getOverridesDataBun(editablePkgJson: EditablePackageJson) {
+  const overrides =
+    editablePkgJson.content?.[RESOLUTIONS] ?? ({} as PnpmOrYarnOverrides)
   return { type: YARN_BERRY, overrides }
 }
 
 // npm overrides documentation:
 // https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
-function getOverridesDataNpm(pkgJson: PackageJson) {
-  const overrides = (pkgJson as any)?.[OVERRIDES] ?? {}
+function getOverridesDataNpm(editablePkgJson: EditablePackageJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES] ?? ({} as NpmOverrides)
   return { type: NPM, overrides }
 }
 
 // pnpm overrides documentation:
 // https://pnpm.io/package_json#pnpmoverrides
-function getOverridesDataPnpm(pkgJson: PackageJson) {
-  const overrides = (pkgJson as any)?.pnpm?.[OVERRIDES] ?? {}
+function getOverridesDataPnpm(editablePkgJson: EditablePackageJson) {
+  const overrides =
+    (editablePkgJson.content as any)?.[PNPM]?.[OVERRIDES] ??
+    ({} as PnpmOrYarnOverrides)
   return { type: PNPM, overrides }
 }
 
-function getOverridesDataVlt(pkgJson: PackageJson) {
-  const overrides = (pkgJson as any)?.[OVERRIDES] ?? {}
+function getOverridesDataVlt(editablePkgJson: EditablePackageJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES] ?? ({} as NpmOverrides)
   return { type: VLT, overrides }
 }
 
 // Yarn resolutions documentation:
 // https://yarnpkg.com/configuration/manifest#resolutions
-function getOverridesDataYarn(pkgJson: PackageJson) {
-  const overrides = (pkgJson as any)?.[RESOLUTIONS] ?? {}
+function getOverridesDataYarn(editablePkgJson: EditablePackageJson) {
+  const overrides =
+    editablePkgJson.content?.[RESOLUTIONS] ?? ({} as PnpmOrYarnOverrides)
   return { type: YARN_BERRY, overrides }
 }
 
 // Yarn resolutions documentation:
 // https://classic.yarnpkg.com/en/docs/selective-version-resolutions
-function getOverridesDataClassic(pkgJson: PackageJson) {
-  const overrides = (pkgJson as any)?.[RESOLUTIONS] ?? {}
+function getOverridesDataYarnClassic(editablePkgJson: EditablePackageJson) {
+  const overrides =
+    editablePkgJson.content?.[RESOLUTIONS] ?? ({} as PnpmOrYarnOverrides)
   return { type: YARN_CLASSIC, overrides }
 }
 
-export type GetOverrides = (pkgJson: PackageJson) => GetOverridesResult
+export type GetOverrides = (
+  editablePkgJson: EditablePackageJson
+) => GetOverridesResult
 
 export type GetOverridesResult = { type: Agent; overrides: Overrides }
 
@@ -63,5 +70,5 @@ export const overridesDataByAgent = new Map<Agent, GetOverrides>([
   [PNPM, getOverridesDataPnpm],
   [VLT, getOverridesDataVlt],
   [YARN_BERRY, getOverridesDataYarn],
-  [YARN_CLASSIC, getOverridesDataClassic]
-])
+  [YARN_CLASSIC, getOverridesDataYarnClassic]
+] as ReadonlyArray<[Agent, GetOverrides]>)

src/commands/optimize/get-workspace-globs.ts

@@ -2,15 +2,13 @@ import path from 'node:path'
 
 import { parse as yamlParse } from 'yaml'
 
-import { readPackageJson } from '@socketsecurity/registry/lib/packages'
 import { isNonEmptyString } from '@socketsecurity/registry/lib/strings'
 
 import constants from '../../constants'
 import { safeReadFile } from '../../utils/fs'
 
 import type { Agent } from '../../utils/package-environment'
-
-type PackageJson = Awaited<ReturnType<typeof readPackageJson>>
+import type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'
 
 const { PNPM } = constants
 
@@ -19,7 +17,7 @@ const PNPM_WORKSPACE = `${PNPM}-workspace`
 export async function getWorkspaceGlobs(
   agent: Agent,
   pkgPath: string,
-  pkgJson: PackageJson
+  editablePkgJson: EditablePackageJson
 ): Promise<string[] | undefined> {
   let workspacePatterns
   if (agent === PNPM) {
@@ -39,7 +37,7 @@ export async function getWorkspaceGlobs(
       }
     }
   } else {
-    workspacePatterns = pkgJson['workspaces']
+    workspacePatterns = editablePkgJson.content['workspaces']
   }
   return Array.isArray(workspacePatterns)
     ? workspacePatterns

src/commands/optimize/update-manifest-by-agent.ts

@@ -60,8 +60,7 @@ function updatePkgJsonField(
   field: string,
   value: any
 ) {
-  const { content: pkgJson } = editablePkgJson
-  const oldValue = pkgJson[field]
+  const oldValue = editablePkgJson.content[field]
   if (oldValue) {
     // The field already exists so we simply update the field value.
     if (field === PNPM) {
@@ -86,14 +85,14 @@ function updatePkgJsonField(
                   overrides: undefined
                 }
               }
-            : { [field]: undefined }) as typeof pkgJson
+            : { [field]: undefined }) as typeof editablePkgJson.content
         )
       }
     } else if (field === OVERRIDES || field === RESOLUTIONS) {
       // Properties with undefined values are omitted when saved as JSON.
       editablePkgJson.update({
         [field]: hasKeys(value) ? value : undefined
-      } as typeof pkgJson)
+      } as typeof editablePkgJson.content)
     } else {
       editablePkgJson.update({ [field]: value })
     }
@@ -108,7 +107,7 @@ function updatePkgJsonField(
   // Since the field doesn't exist we want to insert it into the package.json
   // in a place that makes sense, e.g. close to the "dependencies" field. If
   // we can't find a place to insert the field we'll add it to the bottom.
-  const entries = Object.entries(pkgJson)
+  const entries = Object.entries(editablePkgJson.content)
   let insertIndex = -1
   let isPlacingHigher = false
   if (field === OVERRIDES) {