-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.js
executable file
·96 lines (89 loc) · 3.08 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/env node
// Hi, great to see you!
// Everyone should read code they run.
// You deserve a medal
// |@@@@| |####|
// \@@@@| |####/
// \@@@| |###/
// `@@|_____|##'
// \ 0 /
// .-'''''-.
// .' * * * `.
// : *DEV-OPS* :
// : ~ A W A R D ~ :
// : * * :
// `. * * * .'
// `-.....-'
const spawnShell = require('spawn-shell')
const path = require('path')
const console = require('console')
const fs = require('fs-extra')
const tar = require('tar')
const common = require('./common')
//Prepare a temporary bundle folder
const dir = path.resolve(process.cwd(), 'secure-dependencies-bundle')
fs.ensureDirSync(dir);
fs.emptyDirSync(dir)
//npm --prefix requires package.json to be in the location given
fs.copySync('package.json', path.resolve(dir, './package.json'));
//now npm has the package-lock
if(fs.existsSync('package-lock.json')) {
fs.copySync('package-lock.json', path.resolve(dir, './package-lock.json'));
}
//Shrinkwrap is important, we don't want to silently skip it
if (fs.existsSync('npm-shrinkwrap.json')) {
fs.copySync('npm-shrinkwrap.json', path.resolve(dir, './npm-shrinkwrap.json'));
}
//but shrinkwrap is uncomfortable for daily development, so you can store it in a file that only this bundler will use.
//TODO: make this configurable with commandline argument
if (fs.existsSync('npm-shrinkwrap-production.json')) {
fs.copySync('npm-shrinkwrap-production.json', path.resolve(dir, './npm-shrinkwrap.json'));
}
//shrinkwrap is old news, package-lock has to be there too!
if (fs.existsSync('package-lock.json')) {
fs.copySync('package-lock.json', path.resolve(dir, './package-lock.json'));
}
//support audit resolutions
if (fs.existsSync('audit-resolv.json')) {
fs.copySync('audit-resolv.json', path.resolve(dir, './audit-resolv.json'));
}
const tarball = path.resolve(process.cwd(), common.getTarballName(dir))
//Get rid of the previous tarball, because I'm afraid tar could merge instead of overwriting
fs.removeSync(tarball)
//The main purpose of this is to reject the promise based on exit code
function promiseCommand(command) {
const opts = {
env: process.env
};
console.log('>>>>', command)
return spawnShell(command, opts).exitPromise
.then((exitCode) => {
if (exitCode === 0) {
return;
} else {
throw Error("Exit " + exitCode)
}
})
}
Promise.resolve()
.then(() => promiseCommand(`npm install --production --no-optional --unsafe-perm=false --prefix=${dir}`))
//Gues what, almost nothing supports --prefix
.then(() => promiseCommand(`cd ${dir} && npm prune --production`))
.then(() => promiseCommand(`cd ${dir} && npm dedupe`))
.then(() => promiseCommand(`cd ${dir} && check-audit`))
.then(() => tar.c(
{
gzip: true,
file: tarball
},
[path.resolve(dir, 'node_modules')]
))
.then(() => {
fs.removeSync(dir)
console.log('Done. Here is your tarball:')
console.log(tarball)
})
.catch((err) => {
console.log(err)
exit(1)
})