-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support monorepos #1677
support monorepos #1677
Conversation
allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of `node_modules` directly inside package that have a dev dependency to these plugins.
In `loadNpmTasks()`` try to resolve package location. In case package not found, try to resolve it's location using `require.resolve()`
add integration test for monorepo case, where grunt plugin hoisted to the `node_modules` above package having dev dependency to it
@vladikoff any way this can get reviewed or merged? |
ping @shama 👋 |
@micellius so one use case this may break is if your // all tasks are located under the '/dist/tasks' folder.
grunt.loadNpmTasks('grunt-foo/dist'); Because Perhaps this use case is unique to me, but I don't think its that farfetched that users might have a Interested to hear your thoughts... |
I think we've intended to support a |
@shama this would be great. Please keep us posted. In our monorepo, we basically have to copy all the grunt* packages into each packages |
In case `loadNpmTasks()` is called with relative path instead of just module name, try to resolve module name and find relevant package.json, but use tasks from specified relative path.
@redonkulus , I pushed the change that takes your use case into account by trying to normalize the argument of task.loadNpmTasks = function(name) {
loadTasksMessage('"' + name + '" local Npm module');
var root = path.resolve('node_modules');
var pkgpath = path.join(root, name);
var pkgfile = path.join(pkgpath, 'package.json');
// If package does not exist where grunt expects it to be,
// try to find it using Node's package path resolution mechanism
if (!grunt.file.exists(pkgpath)) {
var nameParts = name.split('/');
// In case name points to directory inside module,
// get real name of the module with respect to scope (if any)
var normailzedName = (name[0] === '@' ? nameParts.slice(0,2).join('/') : nameParts[0]);
try {
pkgfile = require.resolve(normailzedName + '/package.json');
root = pkgfile.substr(0, pkgfile.length - normailzedName.length - '/package.json'.length);
} catch (err) {
grunt.log.error('Local Npm module "' + normailzedName + '" not found. Is it installed?');
return;
}
}
...
// Process task plugins.
var tasksdir = path.join(root, name, 'tasks');
if (grunt.file.exists(tasksdir)) {
loadTasks(tasksdir);
} else {
grunt.log.error('Local Npm module "' + name + '" not found. Is it installed?');
}
} Now you should be able to use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making the change. Just one comment on path separators.
// If package does not exist where grunt expects it to be, | ||
// try to find it using Node's package path resolution mechanism | ||
if (!grunt.file.exists(pkgpath)) { | ||
var nameParts = name.split('/'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to use path.sep
to support windows?
Looks like there are three more uses of /
below too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@redonculus , I tested my PR on windows and it works fine. There is a need to use path.sep
only if someone is using syntax like require(".\\my\\foo\\index.js")
. While this may work on windows, it fails on other platform. In opposite, using require("./my/foo/index.js")
works on all platforms (including windows). So, practically, I don't see any reason someone would use windows specific paths, if there is a way to write cross-platform code with less typing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok that’s fine then. If it works on windows then I’m good.
What's the status on this PR? Any reason it hasn't been merged asides from the path.sep comment mentioned above? |
@Lucaszw I have been busy traveling that last few weeks so I haven’t had time to test this yet but will try out the latest changes in this PR this week. @micellius please see my comment above about using |
@redonkulus Awesome! |
@micellius @Lucaszw I've tested this locally and it works well. Its up to @shama in how he wants to proceed with this PR. |
@vladikoff thanks for merging this in. When do you think this will be released to npm? |
@redonkulus I am thinking to tag this with v1.2.0 this week. How's that? |
@vladikoff that would be perfect, thanks! |
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [grunt](https://gruntjs.com/) ([source](https://redirect.github.com/gruntjs/grunt)) | [`~1.1.0` -> `~1.5.3`](https://renovatebot.com/diffs/npm/grunt/1.1.0/1.5.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/grunt/1.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/grunt/1.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/grunt/1.1.0/1.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/grunt/1.1.0/1.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2020-7729](https://nvd.nist.gov/vuln/detail/CVE-2020-7729) The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. #### [CVE-2022-0436](https://nvd.nist.gov/vuln/detail/CVE-2022-0436) Grunt prior to version 1.5.2 is vulnerable to path traversal. #### [CVE-2022-1537](https://nvd.nist.gov/vuln/detail/CVE-2022-1537) file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. --- ### Release Notes <details> <summary>gruntjs/grunt (grunt)</summary> ### [`v1.5.3`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.5.3) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.5.2...v1.5.3) - Merge pull request [#​1745](https://redirect.github.com/gruntjs/grunt/issues/1745) from gruntjs/fix-copy-op [`572d79b`](https://redirect.github.com/gruntjs/grunt/commit/572d79b) - Patch up race condition in symlink copying. [`58016ff`](https://redirect.github.com/gruntjs/grunt/commit/58016ff) - Merge pull request [#​1746](https://redirect.github.com/gruntjs/grunt/issues/1746) from JamieSlome/patch-1 [`0749e1d`](https://redirect.github.com/gruntjs/grunt/commit/0749e1d) - Create SECURITY.md [`69b7c50`](https://redirect.github.com/gruntjs/grunt/commit/69b7c50) ### [`v1.5.2`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.5.2) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2) - Update Changelog [`7f15fd5`](https://redirect.github.com/gruntjs/grunt/commit/7f15fd5) - Merge pull request [#​1743](https://redirect.github.com/gruntjs/grunt/issues/1743) from gruntjs/cleanup-link [`b0ec6e1`](https://redirect.github.com/gruntjs/grunt/commit/b0ec6e1) - Clean up link handling [`433f91b`](https://redirect.github.com/gruntjs/grunt/commit/433f91b) ### [`v1.5.1`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.5.1) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1) - Merge pull request [#​1742](https://redirect.github.com/gruntjs/grunt/issues/1742) from gruntjs/update-symlink-test [`ad22608`](https://redirect.github.com/gruntjs/grunt/commit/ad22608) - Fix symlink test [`0652305`](https://redirect.github.com/gruntjs/grunt/commit/0652305) ### [`v1.5.0`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.5.0) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0) - Updated changelog [`b2b2c2b`](https://redirect.github.com/gruntjs/grunt/commit/b2b2c2b) - Merge pull request [#​1740](https://redirect.github.com/gruntjs/grunt/issues/1740) from gruntjs/update-deps-22-10 [`3eda6ae`](https://redirect.github.com/gruntjs/grunt/commit/3eda6ae) - Update testing matrix [`47d32de`](https://redirect.github.com/gruntjs/grunt/commit/47d32de) - More updates [`2e9161c`](https://redirect.github.com/gruntjs/grunt/commit/2e9161c) - Remove console log [`04b960e`](https://redirect.github.com/gruntjs/grunt/commit/04b960e) - Update dependencies, tests... [`aad3d45`](https://redirect.github.com/gruntjs/grunt/commit/aad3d45) - Merge pull request [#​1736](https://redirect.github.com/gruntjs/grunt/issues/1736) from justlep/main [`fdc7056`](https://redirect.github.com/gruntjs/grunt/commit/fdc7056) - support .cjs extension [`e35fe54`](https://redirect.github.com/gruntjs/grunt/commit/e35fe54) ### [`v1.4.1`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.4.1) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1) - Update Changelog [`e7625e5`](https://redirect.github.com/gruntjs/grunt/commit/e7625e5) - Merge pull request [#​1731](https://redirect.github.com/gruntjs/grunt/issues/1731) from gruntjs/update-options [`5d67e34`](https://redirect.github.com/gruntjs/grunt/commit/5d67e34) - Fix ci install [`d13bf88`](https://redirect.github.com/gruntjs/grunt/commit/d13bf88) - Switch to Actions [`08896ae`](https://redirect.github.com/gruntjs/grunt/commit/08896ae) - Update grunt-known-options [`eee0673`](https://redirect.github.com/gruntjs/grunt/commit/eee0673) - Add note about a breaking change [`1b6e288`](https://redirect.github.com/gruntjs/grunt/commit/1b6e288) ### [`v1.4.0`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.4.0) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.3.0...v1.4.0) - Merge pull request [#​1728](https://redirect.github.com/gruntjs/grunt/issues/1728) from gruntjs/update-deps-changelog [`63b2e89`](https://redirect.github.com/gruntjs/grunt/commit/63b2e89) - Update changelog and util dep [`106ed17`](https://redirect.github.com/gruntjs/grunt/commit/106ed17) - Merge pull request [#​1727](https://redirect.github.com/gruntjs/grunt/issues/1727) from gruntjs/update-deps-apr [`49de70b`](https://redirect.github.com/gruntjs/grunt/commit/49de70b) - Update CLI and nodeunit [`47cf8b6`](https://redirect.github.com/gruntjs/grunt/commit/47cf8b6) - Merge pull request [#​1722](https://redirect.github.com/gruntjs/grunt/issues/1722) from gruntjs/update-through [`e86db1c`](https://redirect.github.com/gruntjs/grunt/commit/e86db1c) - Update deps [`4952368`](https://redirect.github.com/gruntjs/grunt/commit/4952368) ### [`v1.3.0`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.3.0) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.2.1...v1.3.0) - Merge pull request [#​1720](https://redirect.github.com/gruntjs/grunt/issues/1720) from gruntjs/update-changelog-deps [`faab6be`](https://redirect.github.com/gruntjs/grunt/commit/faab6be) - Update Changelog and legacy-util dependency [`520fedb`](https://redirect.github.com/gruntjs/grunt/commit/520fedb) - Merge pull request [#​1719](https://redirect.github.com/gruntjs/grunt/issues/1719) from gruntjs/yaml-refactor [`7e669ac`](https://redirect.github.com/gruntjs/grunt/commit/7e669ac) - Switch to use `safeLoad` for loading YML files via `file.readYAML`. [`e350cea`](https://redirect.github.com/gruntjs/grunt/commit/e350cea) - Merge pull request [#​1718](https://redirect.github.com/gruntjs/grunt/issues/1718) from gruntjs/legacy-log-bumo [`7125f49`](https://redirect.github.com/gruntjs/grunt/commit/7125f49) - Bump legacy-log [`00d5907`](https://redirect.github.com/gruntjs/grunt/commit/00d5907) ### [`v1.2.1`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.2.1) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.2.0...v1.2.1) - Changelog update [`ae11839`](https://redirect.github.com/gruntjs/grunt/commit/ae11839) - Merge pull request [#​1715](https://redirect.github.com/gruntjs/grunt/issues/1715) from sibiraj-s/remove-path-is-absolute [`9d23cb6`](https://redirect.github.com/gruntjs/grunt/commit/9d23cb6) - Remove path-is-absolute dependency [`e789b1f`](https://redirect.github.com/gruntjs/grunt/commit/e789b1f) ### [`v1.2.0`](https://redirect.github.com/gruntjs/grunt/releases/tag/v1.2.0) [Compare Source](https://redirect.github.com/gruntjs/grunt/compare/v1.1.0...v1.2.0) - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugin[https://github.com/gruntjs/grunt/pull/1677](https://redirect.github.com/gruntjs/grunt/pull/1677)nt/pull/1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency. This is considerably more user-friendly than dropping the require entirely, but doing so is feasible with the latest grunt-cli as users may simply use grunt --require [https://github.com/gruntjs/grunt/pull/1675](https://redirect.github.com/gruntjs/grunt/pull/1675)thub.com/gruntjs/grunt/pull/1675) - Exposes Grunt Option keys for ease of use. ([https://github.com/gruntjs/grunt/pull/1570](https://redirect.github.com/gruntjs/grunt/pull/1570)1570) - Avoiding infinite loop on very long command names. ([https://github.com/gruntjs/grunt/pull/1697](https://redirect.github.com/gruntjs/grunt/pull/1697)1697) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Asia/Bangkok, Automerge - "0 */6 * * *" in timezone Asia/Bangkok. 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/davidsneighbour/hugo-modules). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
allow usage of grunt plugins that are located in any location that
is visible to Node.js and NPM, instead of
node_modules
directlyinside package that have a dev dependency to these plugins.
Fix #1676.