Standardize repo from module template

[mcmire]

• Update Yarn to v3
• Bring over updated GitHub workflows from module template, including those for automated publishing
• Bump ESLint config packages to 11.x and apply any fixes necessary to satisfy new changes, including addition of any missing JSDocs
• Add Prettier to lint pipeline, applying any fixes necessary
• Bump TypeScript to 4.8.x
• Add TypeDoc
• Add standard sections to README, including Contributing

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore es5-ext@0.10.62

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
es5-ext@0.10.62 (upgraded)	postinstall	package.json via tinyify@3.1.0

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
@metamask/eslint-config-browser@11.1.0	None	+109	metamaskbot
@metamask/eslint-config-typescript@11.1.0	None	+110	metamaskbot
@metamask/eslint-config-nodejs@11.1.0	None	+110	metamaskbot
prettier-plugin-packagejson@2.4.3	None	+18	matzkoh
ts-node@10.9.1	filesystem, shell, environment	+15	cspotcode
eslint-plugin-prettier@4.2.1	None	+44	jounqin
eslint-config-prettier@8.8.0	None	+42	lydell
eslint-plugin-jsdoc@39.9.1	None	+48	gajus
@types/node@17.0.45	None	+0	types
typedoc@0.23.28	network, filesystem, shell, environment	+10	typedoc-bot

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
@lavamoat/allow-scripts@2.3.0	2.0.3...2.3.0	None	+15/-15	kumavis
tape@5.6.3	5.0.0...5.6.3	environment	+58/-32	ljharb
browserify@16.5.2	16.5.1...16.5.2	None	+25/-27	goto-bus-stop
typescript@4.8.4	4.0.3...4.8.4	None	+0/-0	typescript-bot
tinyify@3.1.0	3.0.0...3.1.0	None	+38/-37	substack
@metamask/eslint-config@11.1.0	4.1.0...11.1.0	None	+108/-83	metamaskbot
eslint-plugin-import@2.27.5	2.22.1...2.27.5	None	+96/-82	ljharb
sinon@9.2.4	9.0.2...9.2.4	environment	+6/-6	mrgnrdrck
eslint@8.38.0	7.11.0...8.38.0	environment	+41/-59	eslintbot

🚮 Removed packages: @typescript-eslint/eslint-plugin@4.5.0, @typescript-eslint/parser@4.5.0, eslint-plugin-json@2.1.1

[mcmire]

Note that we will need to add an NPM_TOKEN in order to merge this pull request.

[Gudahtt]

This has been setup

[mcmire]

There should be no functional changes to this file. The Node version should be the same as well as the set of published files. I did change typings to types but that should work the same.

[mcmire]

ESLint was complaining that window was unavailable in Node tests. We do set it at the top of this file, but since it's global, I opted to change all instances of window to global in this file.

[mcmire]

I opted to keep the ES target the same, although I think we could upgrade this in a future PR.

[mcmire]

I opted to keep the build script the same, but in a future PR, I think we could just use tsc in a future PR like we do in the module template. That would raise the question on how to use this library in a Node context, but I really wonder whether that makes sense.

[mcmire]

With regard to the Socket report above, es5-ext's postinstall script has some extraneous code in it for protest purposes, but this appears to be innocuous. We may be able to remove this dependency by upgrading either browserify or tinyify (or removing those dependencies altogether).

[mcmire]

Here are the differences for dist/index.js before this PR and after:

--- /tmp/detect-provider-before.js	2023-01-17 14:42:34
+++ /tmp/detect-provider-after.js	2023-01-17 14:41:50
@@ -1,4 +1,13 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 /**
  * Returns a Promise that resolves to the value of window.ethereum if it is
  * set within the given timeout, or null.
@@ -6,58 +15,71 @@
  * are provided.
  *
  * @param options - Options bag.
- * @param options.mustBeMetaMask - Whether to only look for MetaMask providers.
- * Default: false
+ * @param options.mustBeMetaMask - Whether to only look for MetaMask providers
+ * (default: false).
  * @param options.silent - Whether to silence console errors. Does not affect
- * thrown errors. Default: false
+ * thrown errors (default: false).
  * @param options.timeout - Milliseconds to wait for 'ethereum#initialized' to
- * be dispatched. Default: 3000
+ * be dispatched (default: 3000).
  * @returns A Promise that resolves with the Provider if it is detected within
  * given timeout, otherwise null.
  */
 function detectEthereumProvider({ mustBeMetaMask = false, silent = false, timeout = 3000, } = {}) {
-    _validateInputs();
-    let handled = false;
-    return new Promise((resolve) => {
-        if (window.ethereum) {
-            handleEthereum();
-        }
-        else {
-            window.addEventListener('ethereum#initialized', handleEthereum, { once: true });
-            setTimeout(() => {
+    return __awaiter(this, void 0, void 0, function* () {
+        _validateInputs();
+        let handled = false;
+        return new Promise((resolve) => {
+            if (window.ethereum) {
                 handleEthereum();
-            }, timeout);
-        }
-        function handleEthereum() {
-            if (handled) {
-                return;
             }
-            handled = true;
-            window.removeEventListener('ethereum#initialized', handleEthereum);
-            const { ethereum } = window;
-            if (ethereum && (!mustBeMetaMask || ethereum.isMetaMask)) {
-                resolve(ethereum);
-            }
             else {
-                const message = mustBeMetaMask && ethereum
-                    ? 'Non-MetaMask window.ethereum detected.'
-                    : 'Unable to detect window.ethereum.';
-                !silent && console.error('@metamask/detect-provider:', message);
-                resolve(null);
+                window.addEventListener('ethereum#initialized', handleEthereum, {
+                    once: true,
+                });
+                setTimeout(() => {
+                    handleEthereum();
+                }, timeout);
             }
+            /**
+             * Reads `window.ethereum`, resolving the promise with the value if it is is
+             * present and matches the requirement of being a MetaMask provider or if no
+             * such requirement has been specified; or otherwise rejects the promise
+             * with an error.
+             */
+            function handleEthereum() {
+                if (handled) {
+                    return;
+                }
+                handled = true;
+                window.removeEventListener('ethereum#initialized', handleEthereum);
+                const { ethereum } = window;
+                if (ethereum && (!mustBeMetaMask || ethereum.isMetaMask)) {
+                    resolve(ethereum);
+                }
+                else {
+                    const message = mustBeMetaMask && ethereum
+                        ? 'Non-MetaMask window.ethereum detected.'
+                        : 'Unable to detect window.ethereum.';
+                    !silent && console.error('@metamask/detect-provider:', message);
+                    resolve(null);
+                }
+            }
+        });
+        /**
+         * Ensures that the options to `detectEthereumProvider` are correct.
+         */
+        function _validateInputs() {
+            if (typeof mustBeMetaMask !== 'boolean') {
+                throw new Error(`@metamask/detect-provider: Expected option 'mustBeMetaMask' to be a boolean.`);
+            }
+            if (typeof silent !== 'boolean') {
+                throw new Error(`@metamask/detect-provider: Expected option 'silent' to be a boolean.`);
+            }
+            if (typeof timeout !== 'number') {
+                throw new Error(`@metamask/detect-provider: Expected option 'timeout' to be a number.`);
+            }
         }
     });
-    function _validateInputs() {
-        if (typeof mustBeMetaMask !== 'boolean') {
-            throw new Error(`@metamask/detect-provider: Expected option 'mustBeMetaMask' to be a boolean.`);
-        }
-        if (typeof silent !== 'boolean') {
-            throw new Error(`@metamask/detect-provider: Expected option 'silent' to be a boolean.`);
-        }
-        if (typeof timeout !== 'number') {
-            throw new Error(`@metamask/detect-provider: Expected option 'timeout' to be a number.`);
-        }
-    }
 }
 module.exports = detectEthereumProvider;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQWdCQTs7Ozs7Ozs7Ozs7Ozs7O0dBZUc7QUFDSCxTQUFTLHNCQUFzQixDQUErQixFQUM1RCxjQUFjLEdBQUcsS0FBSyxFQUN0QixNQUFNLEdBQUcsS0FBSyxFQUNkLE9BQU8sR0FBRyxJQUFJLEdBQ2YsR0FBRyxFQUFFO0lBRUosZUFBZSxFQUFFLENBQUM7SUFFbEIsSUFBSSxPQUFPLEdBQUcsS0FBSyxDQUFDO0lBRXBCLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtRQUM3QixJQUFLLE1BQWlCLENBQUMsUUFBUSxFQUFFO1lBRS9CLGNBQWMsRUFBRSxDQUFDO1NBRWxCO2FBQU07WUFFTCxNQUFNLENBQUMsZ0JBQWdCLENBQ3JCLHNCQUFzQixFQUN0QixjQUFjLEVBQ2QsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLENBQ2YsQ0FBQztZQUVGLFVBQVUsQ0FBQyxHQUFHLEVBQUU7Z0JBQ2QsY0FBYyxFQUFFLENBQUM7WUFDbkIsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1NBQ2I7UUFFRCxTQUFTLGNBQWM7WUFFckIsSUFBSSxPQUFPLEVBQUU7Z0JBQ1gsT0FBTzthQUNSO1lBQ0QsT0FBTyxHQUFHLElBQUksQ0FBQztZQUVmLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxzQkFBc0IsRUFBRSxjQUFjLENBQUMsQ0FBQztZQUVuRSxNQUFNLEVBQUUsUUFBUSxFQUFFLEdBQUcsTUFBZ0IsQ0FBQztZQUV0QyxJQUFJLFFBQVEsSUFBSSxDQUFDLENBQUMsY0FBYyxJQUFJLFFBQVEsQ0FBQyxVQUFVLENBQUMsRUFBRTtnQkFDeEQsT0FBTyxDQUFDLFFBQXdCLENBQUMsQ0FBQzthQUNuQztpQkFBTTtnQkFFTCxNQUFNLE9BQU8sR0FBRyxjQUFjLElBQUksUUFBUTtvQkFDeEMsQ0FBQyxDQUFDLHdDQUF3QztvQkFDMUMsQ0FBQyxDQUFDLG1DQUFtQyxDQUFDO2dCQUV4QyxDQUFDLE1BQU0sSUFBSSxPQUFPLENBQUMsS0FBSyxDQUFDLDRCQUE0QixFQUFFLE9BQU8sQ0FBQyxDQUFDO2dCQUNoRSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7YUFDZjtRQUNILENBQUM7SUFDSCxDQUFDLENBQUMsQ0FBQztJQUVILFNBQVMsZUFBZTtRQUN0QixJQUFJLE9BQU8sY0FBYyxLQUFLLFNBQVMsRUFBRTtZQUN2QyxNQUFNLElBQUksS0FBSyxDQUFDLDhFQUE4RSxDQUFDLENBQUM7U0FDakc7UUFDRCxJQUFJLE9BQU8sTUFBTSxLQUFLLFNBQVMsRUFBRTtZQUMvQixNQUFNLElBQUksS0FBSyxDQUFDLHNFQUFzRSxDQUFDLENBQUM7U0FDekY7UUFDRCxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRTtZQUMvQixNQUFNLElBQUksS0FBSyxDQUFDLHNFQUFzRSxDQUFDLENBQUM7U0FDekY7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQWxGRCxpQkFBUyxzQkFBc0IsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImludGVyZmFjZSBNZXRhTWFza0V0aGVyZXVtUHJvdmlkZXIge1xuICBpc01ldGFNYXNrPzogYm9vbGVhbjtcbiAgb25jZShldmVudE5hbWU6IHN0cmluZyB8IHN5bWJvbCwgbGlzdGVuZXI6ICguLi5hcmdzOiBhbnlbXSkgPT4gdm9pZCk6IHRoaXM7XG4gIG9uKGV2ZW50TmFtZTogc3RyaW5nIHwgc3ltYm9sLCBsaXN0ZW5lcjogKC4uLmFyZ3M6IGFueVtdKSA9PiB2b2lkKTogdGhpcztcbiAgb2ZmKGV2ZW50TmFtZTogc3RyaW5nIHwgc3ltYm9sLCBsaXN0ZW5lcjogKC4uLmFyZ3M6IGFueVtdKSA9PiB2b2lkKTogdGhpcztcbiAgYWRkTGlzdGVuZXIoZXZlbnROYW1lOiBzdHJpbmcgfCBzeW1ib2wsIGxpc3RlbmVyOiAoLi4uYXJnczogYW55W10pID0+IHZvaWQpOiB0aGlzO1xuICByZW1vdmVMaXN0ZW5lcihldmVudE5hbWU6IHN0cmluZyB8IHN5bWJvbCwgbGlzdGVuZXI6ICguLi5hcmdzOiBhbnlbXSkgPT4gdm9pZCk6IHRoaXM7XG4gIHJlbW92ZUFsbExpc3RlbmVycyhldmVudD86IHN0cmluZyB8IHN5bWJvbCk6IHRoaXM7XG59XG5cbmludGVyZmFjZSBXaW5kb3cge1xuICBldGhlcmV1bT86IE1ldGFNYXNrRXRoZXJldW1Qcm92aWRlcjtcbn1cblxuZXhwb3J0ID0gZGV0ZWN0RXRoZXJldW1Qcm92aWRlcjtcblxuLyoqXG4gKiBSZXR1cm5zIGEgUHJvbWlzZSB0aGF0IHJlc29sdmVzIHRvIHRoZSB2YWx1ZSBvZiB3aW5kb3cuZXRoZXJldW0gaWYgaXQgaXNcbiAqIHNldCB3aXRoaW4gdGhlIGdpdmVuIHRpbWVvdXQsIG9yIG51bGwuXG4gKiBUaGUgUHJvbWlzZSB3aWxsIG5vdCByZWplY3QsIGJ1dCBhbiBlcnJvciB3aWxsIGJlIHRocm93biBpZiBpbnZhbGlkIG9wdGlvbnNcbiAqIGFyZSBwcm92aWRlZC5cbiAqXG4gKiBAcGFyYW0gb3B0aW9ucyAtIE9wdGlvbnMgYmFnLlxuICogQHBhcmFtIG9wdGlvbnMubXVzdEJlTWV0YU1hc2sgLSBXaGV0aGVyIHRvIG9ubHkgbG9vayBmb3IgTWV0YU1hc2sgcHJvdmlkZXJzLlxuICogRGVmYXVsdDogZmFsc2VcbiAqIEBwYXJhbSBvcHRpb25zLnNpbGVudCAtIFdoZXRoZXIgdG8gc2lsZW5jZSBjb25zb2xlIGVycm9ycy4gRG9lcyBub3QgYWZmZWN0XG4gKiB0aHJvd24gZXJyb3JzLiBEZWZhdWx0OiBmYWxzZVxuICogQHBhcmFtIG9wdGlvbnMudGltZW91dCAtIE1pbGxpc2Vjb25kcyB0byB3YWl0IGZvciAnZXRoZXJldW0jaW5pdGlhbGl6ZWQnIHRvXG4gKiBiZSBkaXNwYXRjaGVkLiBEZWZhdWx0OiAzMDAwXG4gKiBAcmV0dXJucyBBIFByb21pc2UgdGhhdCByZXNvbHZlcyB3aXRoIHRoZSBQcm92aWRlciBpZiBpdCBpcyBkZXRlY3RlZCB3aXRoaW5cbiAqIGdpdmVuIHRpbWVvdXQsIG90aGVyd2lzZSBudWxsLlxuICovXG5mdW5jdGlvbiBkZXRlY3RFdGhlcmV1bVByb3ZpZGVyPFQgPSBNZXRhTWFza0V0aGVyZXVtUHJvdmlkZXI+KHtcbiAgbXVzdEJlTWV0YU1hc2sgPSBmYWxzZSxcbiAgc2lsZW50ID0gZmFsc2UsXG4gIHRpbWVvdXQgPSAzMDAwLFxufSA9IHt9KTogUHJvbWlzZTxUIHwgbnVsbD4ge1xuXG4gIF92YWxpZGF0ZUlucHV0cygpO1xuXG4gIGxldCBoYW5kbGVkID0gZmFsc2U7XG5cbiAgcmV0dXJuIG5ldyBQcm9taXNlKChyZXNvbHZlKSA9PiB7XG4gICAgaWYgKCh3aW5kb3cgYXMgV2luZG93KS5ldGhlcmV1bSkge1xuXG4gICAgICBoYW5kbGVFdGhlcmV1bSgpO1xuXG4gICAgfSBlbHNlIHtcblxuICAgICAgd2luZG93LmFkZEV2ZW50TGlzdGVuZXIoXG4gICAgICAgICdldGhlcmV1bSNpbml0aWFsaXplZCcsXG4gICAgICAgIGhhbmRsZUV0aGVyZXVtLFxuICAgICAgICB7IG9uY2U6IHRydWUgfSxcbiAgICAgICk7XG5cbiAgICAgIHNldFRpbWVvdXQoKCkgPT4ge1xuICAgICAgICBoYW5kbGVFdGhlcmV1bSgpO1xuICAgICAgfSwgdGltZW91dCk7XG4gICAgfVxuXG4gICAgZnVuY3Rpb24gaGFuZGxlRXRoZXJldW0oKSB7XG5cbiAgICAgIGlmIChoYW5kbGVkKSB7XG4gICAgICAgIHJldHVybjtcbiAgICAgIH1cbiAgICAgIGhhbmRsZWQgPSB0cnVlO1xuXG4gICAgICB3aW5kb3cucmVtb3ZlRXZlbnRMaXN0ZW5lcignZXRoZXJldW0jaW5pdGlhbGl6ZWQnLCBoYW5kbGVFdGhlcmV1bSk7XG5cbiAgICAgIGNvbnN0IHsgZXRoZXJldW0gfSA9IHdpbmRvdyBhcyBXaW5kb3c7XG5cbiAgICAgIGlmIChldGhlcmV1bSAmJiAoIW11c3RCZU1ldGFNYXNrIHx8IGV0aGVyZXVtLmlzTWV0YU1hc2spKSB7XG4gICAgICAgIHJlc29sdmUoZXRoZXJldW0gYXMgdW5rbm93biBhcyBUKTtcbiAgICAgIH0gZWxzZSB7XG5cbiAgICAgICAgY29uc3QgbWVzc2FnZSA9IG11c3RCZU1ldGFNYXNrICYmIGV0aGVyZXVtXG4gICAgICAgICAgPyAnTm9uLU1ldGFNYXNrIHdpbmRvdy5ldGhlcmV1bSBkZXRlY3RlZC4nXG4gICAgICAgICAgOiAnVW5hYmxlIHRvIGRldGVjdCB3aW5kb3cuZXRoZXJldW0uJztcblxuICAgICAgICAhc2lsZW50ICYmIGNvbnNvbGUuZXJyb3IoJ0BtZXRhbWFzay9kZXRlY3QtcHJvdmlkZXI6JywgbWVzc2FnZSk7XG4gICAgICAgIHJlc29sdmUobnVsbCk7XG4gICAgICB9XG4gICAgfVxuICB9KTtcblxuICBmdW5jdGlvbiBfdmFsaWRhdGVJbnB1dHMoKSB7XG4gICAgaWYgKHR5cGVvZiBtdXN0QmVNZXRhTWFzayAhPT0gJ2Jvb2xlYW4nKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYEBtZXRhbWFzay9kZXRlY3QtcHJvdmlkZXI6IEV4cGVjdGVkIG9wdGlvbiAnbXVzdEJlTWV0YU1hc2snIHRvIGJlIGEgYm9vbGVhbi5gKTtcbiAgICB9XG4gICAgaWYgKHR5cGVvZiBzaWxlbnQgIT09ICdib29sZWFuJykge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBAbWV0YW1hc2svZGV0ZWN0LXByb3ZpZGVyOiBFeHBlY3RlZCBvcHRpb24gJ3NpbGVudCcgdG8gYmUgYSBib29sZWFuLmApO1xuICAgIH1cbiAgICBpZiAodHlwZW9mIHRpbWVvdXQgIT09ICdudW1iZXInKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYEBtZXRhbWFzay9kZXRlY3QtcHJvdmlkZXI6IEV4cGVjdGVkIG9wdGlvbiAndGltZW91dCcgdG8gYmUgYSBudW1iZXIuYCk7XG4gICAgfVxuICB9XG59XG4iXX0=
+//# sourceMappingURL=index.js.map
\ No newline at end of file

[mcmire]

We will also need a PUBLISH_DOCS_TOKEN in order to merge this pull request.

[Gudahtt]

This has been setup

[mcmire]

@legobeat Thanks for trying to get these tests to pass. I opted to merge the build job into the lint job and that seemed to fix the issue. Do you think your change is needed any longer?

[legobeat]

Cheers @mcmire and yes, if build-before-lint is fine then the .gitkeep file doesn't seem necessary 👍

[legobeat]

Considering that the yarn upgrade rewrites the entire lockfile and the rest of the changes are quite wide, is it possible to do the yarn upgrade and lockfile regeneration separately from the rest?

[legobeat]

The upgrade of es5-ext from 0.10.50 to 0.10.62 actually introduces a nagware postinstall script which reads the local system timezone and changes behavior (displaying a message) based on the result. Are we OK with depending on it considering that?

OP thread: medikoo/es5-ext#116

The postinstall script is present from 0.10.54.

[Gudahtt]

I'm not seeing a reference to es5-ext@0.10.62 in the lockfile - the only reference appears to be to v0.10.53 (both before and after this PR)

[legobeat]

I'm not seeing a reference to es5-ext@0.10.62 in the lockfile - the only reference appears to be to v0.10.53 (both before and after this PR)

You're right. I (got) caught (by) it by looking at the Socket Security bot. Curiously, it still flags for 0.10.62 despite forcing a rerun: https://github.com/MetaMask/detect-provider/pull/69/checks?check_run_id=12882624815

[mcmire]

I've extracted the Yarn v3 upgrade to a separate PR: #82 /cc @legobeat

I may be able to extract some other things as well to break this PR up further. Putting this in draft in the meantime.

[mcmire]

I'll break this up into pieces.