Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Convert package to ESM #113

Merged
merged 14 commits into from
Dec 4, 2023
Merged

Convert package to ESM #113

merged 14 commits into from
Dec 4, 2023

Conversation

rekmarks
Copy link
Member

@rekmarks rekmarks commented Dec 1, 2023

Converts this package to an ESM module. Kudos to this guide and this issue: TypeStrong/ts-node#1997

In our organization, this is only possible for this package because it is not used anywhere else, as we rely on CommonJS extensively.

Changes in detail:

  • Update package.json for ESM compatibility
  • Replace all require() with import statements
  • Add .js file extension to all file imports in TypeScript source files
  • Update TypeScript, ESLint, and Jest configs for ESM compatibility and recommended best practices
    • TypeScript (tsconfig.json)
      • Update the module/moduleResolution fields to Node16.
      • I chose Node16 over NodeNext, as the behavior of NodeNext may change in the future. See here for details.
    • ESLint (.eslintrc.cjs)
      • parseOptions.sourceType = 'module'
    • Jest (jest.config.cjs)
      • Update the moduleNameMapper to strip the .js from local file imports. See here for details.
  • Replace ts-node with tsx, which has better ESM compatibility.
  • Update jest-it-up

@rekmarks rekmarks force-pushed the esm branch 4 times, most recently from 00abc15 to 717f9a3 Compare December 1, 2023 20:01
Copy link

socket-security bot commented Dec 2, 2023

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
tsx 4.6.2 eval, network, filesystem, shell, environment +1 525 kB hirokiosame
jest-it-up 2.2.0...3.0.0 None +13/-7 4.33 MB rbardini

🚮 Removed packages: ts-node@10.9.1

Copy link

socket-security bot commented Dec 2, 2023

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: @inquirer/type@1.1.5, mute-stream@1.0.0, esbuild@0.18.20, tsx@4.6.2

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@rekmarks rekmarks force-pushed the esm branch 2 times, most recently from 366a95b to 909aef0 Compare December 2, 2023 06:52
@rekmarks
Copy link
Member Author

rekmarks commented Dec 2, 2023

@SocketSecurity ignore @inquirer/type@1.1.5 mute-stream@1.0.0 esbuild@0.18.20 tsx@4.6.1

I've checked all of these, the authors seem legit.
@inquirer/type is not unpublished, contrary to what the Socket Security report says.

@rekmarks rekmarks marked this pull request as ready for review December 2, 2023 07:02
@rekmarks rekmarks requested a review from a team as a code owner December 2, 2023 07:02
@rekmarks rekmarks requested review from mcmire and legobeat December 2, 2023 07:07
package.json Outdated Show resolved Hide resolved
.eslintrc.cjs Outdated Show resolved Hide resolved
@rekmarks rekmarks requested a review from legobeat December 3, 2023 23:49
@rekmarks
Copy link
Member Author

rekmarks commented Dec 4, 2023

@SocketSecurity ignore tsx@4.6.2

@mcmire
Copy link
Contributor

mcmire commented Dec 4, 2023

@rekmarks Sorry for the conflicts. We just merged a PR that had a wide array of changes. I want to get this PR in the next release though, so I'm happy to work on resolving these conflicts for you — just let me know.

@rekmarks
Copy link
Member Author

rekmarks commented Dec 4, 2023

@mcmire no, no: someone had to suffer here, and under the circumstances it should be me. I'll resolve the conflicts!

@rekmarks
Copy link
Member Author

rekmarks commented Dec 4, 2023

Alright, this is ready for re-review!

Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@rekmarks rekmarks merged commit 151c286 into main Dec 4, 2023
16 checks passed
@rekmarks rekmarks deleted the esm branch December 4, 2023 20:22
@rekmarks rekmarks mentioned this pull request Dec 8, 2023
rekmarks added a commit that referenced this pull request Dec 8, 2023
This PR updates `execa` to `^8.0.1`. Since `execa@>=6.0.0` is ESM-only and `jest` only has experimental ESM support (jestjs/jest#10976), this required switching from `ts-jest` to `babel-jest`. To minimize dependency transpilation, the ESM packages that are necessary to transpile are enumerated in `jest.config.js`.

This version of `execa` includes [automatic escaping of shell arguments](https://github.com/sindresorhus/execa/tree/v8.0.1#execafile-arguments-options), which was the entire point of #112, #113, and this PR.

The state of ESM support in the Node.js ecosystem is absolutely horrible, and I would not recommend further migrations for the time being. We should continue to dual-release our packages and avoid ESM-only dependencies until the ecosystem has matured. For details see the above `jest` issue and nodejs/node#37648.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants