Add files for Yarn 3 and Yarn 4

.eslintignore

@@ -1,3 +1,3 @@
-test/yarn-berry.cjs
+test/yarn-*.cjs
 dist
 coverage

.gitattributes

@@ -1 +1 @@
-test/yarn-berry.cjs linguist-vendored
+test/yarn-*.cjs linguist-vendored

.prettierignore

@@ -1,5 +1,5 @@
-test/yarn-berry.cjs
 coverage
+test/yarn-*.cjs
 **/pnpm-lock.yaml
 **/*-output.json
 **/.pnp.cjs

lib/yarn-auditor.ts

@@ -1,6 +1,4 @@
 import type { YarnAudit, YarnBerryAuditReport } from "audit-types";
-import { execSync } from "child_process";
-import * as semver from "semver";
 import { blue, red, yellow } from "./colors.js";
 import { reportAudit, runProgram } from "./common.js";
 import {
@@ -9,38 +7,14 @@ import {
   type AuditCiFullConfig,
 } from "./config.js";
 import Model, { type Summary } from "./model.js";
-
-const MINIMUM_YARN_CLASSIC_VERSION = "1.12.3";
-const MINIMUM_YARN_BERRY_VERSION = "2.4.0";
-/**
- * Change this to the appropriate version when
- * yarn audit --registry is supported:
- * @see https://github.com/yarnpkg/yarn/issues/7012
- */
-const MINIMUM_YARN_AUDIT_REGISTRY_VERSION = "99.99.99";
-
-function getYarnVersion(cwd?: string) {
-  const version = execSync("yarn -v", { cwd }).toString().replace("\n", "");
-  return version;
-}
-
-function yarnSupportsClassicAudit(yarnVersion: string | semver.SemVer) {
-  return semver.satisfies(yarnVersion, `^${MINIMUM_YARN_CLASSIC_VERSION}`);
-}
-
-function yarnSupportsBerryAudit(yarnVersion: string | semver.SemVer) {
-  return semver.gte(yarnVersion, MINIMUM_YARN_BERRY_VERSION);
-}
-
-function yarnSupportsAudit(yarnVersion: string | semver.SemVer) {
-  return (
-    yarnSupportsClassicAudit(yarnVersion) || yarnSupportsBerryAudit(yarnVersion)
-  );
-}
-
-function yarnAuditSupportsRegistry(yarnVersion: string | semver.SemVer) {
-  return semver.gte(yarnVersion, MINIMUM_YARN_AUDIT_REGISTRY_VERSION);
-}
+import {
+  MINIMUM_YARN_BERRY_VERSION,
+  MINIMUM_YARN_CLASSIC_VERSION,
+  getYarnVersion,
+  yarnAuditSupportsRegistry,
+  yarnSupportsAudit,
+  yarnSupportsClassicAudit,
+} from "./yarn-version.js";
 
 const printJson = (data: unknown) => {
   console.log(JSON.stringify(data, undefined, 2));
@@ -83,7 +57,7 @@ export async function auditWithFullConfig(
   let missingLockFile = false;
   const model = new Model(config);
 
-  const yarnVersion = getYarnVersion(directory);
+  const yarnVersion = getYarnVersion(yarnExec, directory);
   const isYarnVersionSupported = yarnSupportsAudit(yarnVersion);
   if (!isYarnVersionSupported) {
     throw new Error(

lib/yarn-version.ts

@@ -0,0 +1,39 @@
+import { execSync } from "child_process";
+import semver from "semver";
+
+export const MINIMUM_YARN_CLASSIC_VERSION = "1.12.3";
+export const MINIMUM_YARN_BERRY_VERSION = "2.4.0";
+/**
+ * Change this to the appropriate version when
+ * yarn audit --registry is supported:
+ * @see https://github.com/yarnpkg/yarn/issues/7012
+ */
+const MINIMUM_YARN_AUDIT_REGISTRY_VERSION = "99.99.99";
+
+export function yarnSupportsClassicAudit(yarnVersion: string | semver.SemVer) {
+  return semver.satisfies(yarnVersion, `^${MINIMUM_YARN_CLASSIC_VERSION}`);
+}
+
+export function yarnSupportsBerryAudit(yarnVersion: string | semver.SemVer) {
+  return semver.gte(yarnVersion, MINIMUM_YARN_BERRY_VERSION);
+}
+
+export function yarnSupportsAudit(yarnVersion: string | semver.SemVer) {
+  return (
+    yarnSupportsClassicAudit(yarnVersion) || yarnSupportsBerryAudit(yarnVersion)
+  );
+}
+
+export function yarnAuditSupportsRegistry(yarnVersion: string | semver.SemVer) {
+  return semver.gte(yarnVersion, MINIMUM_YARN_AUDIT_REGISTRY_VERSION);
+}
+
+const versionMap = new Map<string, string>();
+export function getYarnVersion(yarnExec = "yarn", cwd?: string) {
+  const key = `${yarnExec}:${cwd}`;
+  let version = versionMap.get(key);
+  if (version) return version;
+  version = execSync(`${yarnExec} -v`, { cwd }).toString().replace("\n", "");
+  versionMap.set(key, version);
+  return version;
+}

test/README.md

@@ -0,0 +1,5 @@
+# Yarn Berry tests
+
+Also, the `.yarnrc.yml` file in each Yarn Berry test project re-exports the `yarn-*.cjs` file at the root of tests.
+Re-exporting the file reduces duplication and version mismatching for tests.
+Currently, this project is set up to use the latest version v2.4.0 (at the time of writing this, Dec 6th, 2020).

test/yarn-1-auditor.spec.ts

@@ -0,0 +1,12 @@
+import path from "path";
+import { SemVer } from "semver";
+import { performAuditTests } from "./yarn-auditor.js";
+
+const version = "1.22.19";
+
+const yarnAbsolutePath = path.resolve(__dirname, `./yarn-${version}.cjs`);
+
+performAuditTests({
+  yarnAbsolutePath,
+  yarnVersion: new SemVer(version),
+});

test/yarn-1-config-file/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-critical/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-critical/package.json → test/yarn-1-critical/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "audit-ci-yarn-critical-vulnerability",
+  "name": "audit-ci-yarn-1-critical-vulnerability",
   "description": "Test package.json with critical vulnerability",
   "dependencies": {
     "open": "0.0.5"

test/yarn-1-duplicate-paths/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-high/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-low/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-moderate/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-none/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-skip-dev/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-workspace-empty/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-1-workspace/.yarnrc.yml

@@ -0,0 +1 @@
+yarnPath: "../yarn-1.22.19.cjs"

test/yarn-workspace-empty/package.json → test/yarn-1-workspace/package.json

@@ -1,6 +1,6 @@
 {
   "private": true,
-  "name": "audit-ci-yarn-workspace-empty",
+  "name": "audit-ci-yarn-workspace",
   "description": "Test yarn workspace",
   "workspaces": [
     "packages/*"