Auto update lock files after adding overrides

Author: jdalton

src/commands/optimize.ts

@@ -200,9 +200,11 @@ export const optimize: CliSubcommand = {
     if (commandContext) {
       const {
         agent,
+        agentExecPath,
         isPrivate,
         isWorkspace,
         lockSrc,
+        lockPath,
         pkgJsonPath,
         pkgJsonStr,
         pkgJson,
@@ -273,10 +275,19 @@ export const optimize: CliSubcommand = {
       const { size: count } = aoState.packageNames
       if (count) {
         console.log(`Added ${count} Socket.dev optimized overrides 🚀`)
-        if (agent === 'npm') {
-          const spinner = ora('Updating package-lock.json...').start()
-          const wrapperPath = path.join(distPath, 'npm-cli.js')
-          try {
+      } else {
+        console.log('Congratulations! Already Socket.dev optimized 🎉')
+      }
+
+      const lockName = lockPath ? path.basename(lockPath) : 'lock file'
+      const isNpm = agent === 'npm'
+      if (isNpm || count) {
+        // Always update package-lock.json until the npm overrides PR lands:
+        // https://github.com/npm/cli/pull/7025
+        const spinner = ora(`Updating ${lockName}...`).start()
+        try {
+          if (isNpm) {
+            const wrapperPath = path.join(distPath, 'npm-cli.js')
             await spawn(process.execPath, [wrapperPath, 'install'], {
               stdio: 'pipe',
               env: (<unknown>{
@@ -285,15 +296,14 @@ export const optimize: CliSubcommand = {
                 UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: '1'
               }) as NodeJS.ProcessEnv
             })
-          } catch {
-            console.log(
-              '✘ socket npm install: Failed to update package-lock.json'
-            )
+          } else {
+            await spawn(agentExecPath, ['install'], { stdio: 'pipe' })
           }
           spinner.stop()
+        } catch {
+          spinner.stop()
+          console.log(`✘ socket ${agent} install: Failed to update ${lockName}`)
         }
-      } else {
-        console.log('Congratulations! Already Socket.dev optimized 🎉')
       }
     }
   }

src/utils/package-manager-detector.ts

@@ -4,6 +4,7 @@ import { parse as parseBunLockb } from '@socketregistry/hyrious__bun.lockb'
 import spawn from '@npmcli/promise-spawn'
 import browserslist from 'browserslist'
 import semver from 'semver'
+import which from 'which'
 
 import { existsSync, findUp, readFileBinary, readFileUtf8 } from './fs'
 import { parseJSONObject } from './json'
@@ -52,6 +53,7 @@ export type DetectOptions = {
 
 export type DetectResult = Readonly<{
   agent: AgentPlusBun
+  agentExecPath: string
   agentVersion: string | undefined
   isPrivate: boolean
   isWorkspace: boolean
@@ -67,19 +69,27 @@ export type DetectResult = Readonly<{
   }
 }>
 
-type ReadLockFile = (lockPath: string) => Promise<string | undefined>
+type ReadLockFile = (
+  lockPath: string,
+  agentExecPath?: string
+) => Promise<string | undefined>
 
 const readLockFileByAgent: Record<AgentPlusBun, ReadLockFile> = (() => {
   const wrapReader =
-    (reader: (lockPath: string) => Promise<string | undefined>): ReadLockFile =>
-    async (lockPath: string) => {
+    (
+      reader: (
+        lockPath: string,
+        agentExecPath?: string
+      ) => Promise<string | undefined>
+    ): ReadLockFile =>
+    async (lockPath: string, agentExecPath?: string) => {
       try {
-        return await reader(lockPath)
+        return await reader(lockPath, agentExecPath)
       } catch {}
       return undefined
     }
   return {
-    bun: wrapReader(async (lockPath: string) => {
+    bun: wrapReader(async (lockPath: string, agentExecPath?: string) => {
       let lockBuffer: Buffer | undefined
       try {
         lockBuffer = <Buffer>await readFileBinary(lockPath)
@@ -91,7 +101,7 @@ const readLockFileByAgent: Record<AgentPlusBun, ReadLockFile> = (() => {
       } catch {}
       // To print a Yarn lockfile to your console without writing it to disk use `bun bun.lockb`.
       // https://bun.sh/guides/install/yarnlock
-      return (await spawn('bun', [lockPath])).stdout
+      return (await spawn(agentExecPath ?? 'bun', [lockPath])).stdout
     }),
     npm: wrapReader(async (lockPath: string) => await readFileUtf8(lockPath)),
     pnpm: wrapReader(async (lockPath: string) => await readFileUtf8(lockPath)),
@@ -151,6 +161,7 @@ export async function detect({
     agent = 'npm'
     onUnknown?.(pkgManager)
   }
+  const agentExecPath = (await which(agent, { nothrow: true })) ?? agent
 
   let lockSrc: string | undefined
   const targets = {
@@ -167,7 +178,6 @@ export async function detect({
       !!pkgJson['workspaces'] ||
       (agent === 'pnpm' &&
         existsSync(path.join(pkgPath, 'pnpm-workspace.yaml')))
-
     let browser: boolean | undefined
     let node: boolean | undefined
     const browserField = getOwn(pkgJson, 'browser')
@@ -201,12 +211,12 @@ export async function detect({
     }
     lockSrc =
       typeof lockPath === 'string'
-        ? await readLockFileByAgent[agent](lockPath)
+        ? await readLockFileByAgent[agent](lockPath, agentExecPath)
         : undefined
   }
-
   return <DetectResult>{
     agent,
+    agentExecPath,
     agentVersion,
     isPrivate,
     isWorkspace,