Skip to content

feat: implement npmMinimalAgeGate and npmPreapprovedPackages config options #6901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
arcanis merged 19 commits into from
Sep 18, 2025
+714 −5
Merged

feat: implement npmMinimalAgeGate and npmPreapprovedPackages config options #6901

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
a05df86
feat: implement `minimumNpmReleaseAge` and `minimumNpmReleaseAgeExclu…
bienzaaron Sep 17, 2025
db24b78
fix: support `npm:` prefix for locators too
bienzaaron Sep 17, 2025
900a7d2
test: adding tests for `minimumNpmReleaseAge` and `minimumNpmReleaseA…
bienzaaron Sep 17, 2025
11f5edd
fix: rename options to better align with existing npm-related options
bienzaaron Sep 17, 2025
eccba6c
fix: change the way unknowns are resolved to fix `add`/`up`
bienzaaron Sep 17, 2025
257fa2d
fix: fix release packages based on ci output
bienzaaron Sep 17, 2025
84d4b5d
refactor: rename options
bienzaaron Sep 17, 2025
0c7b130
Revert "fix: change the way unknowns are resolved to fix `add`/`up`"
bienzaaron Sep 17, 2025
ebd41b5
refactor: move exclusion logic to a helper
bienzaaron Sep 17, 2025
79d3aa7
fix: crawl package versions from highest to lowest if `latest` tag do…
bienzaaron Sep 17, 2025
55b5185
refactor: rename gate check function
bienzaaron Sep 17, 2025
9db6b3b
docs: update doc language to match option name
bienzaaron Sep 17, 2025
93957a6
refactor: move npm-related configs into plugin-npm
bienzaaron Sep 17, 2025
98e58ad
fix: if latest is unsuitable, ensure we don't select a higher version
bienzaaron Sep 17, 2025
fb35bc8
simplify `npmPreapprovedPackages`
bienzaaron Sep 17, 2025
ef35b65
Couple of tweaks
arcanis Sep 17, 2025
b0d4031
Merge remote-tracking branch 'origin/master' into pr/bienzaaron/6901
arcanis Sep 17, 2025
0cdbdfb
Merge remote-tracking branch 'origin/master' into pr/bienzaaron/6901
arcanis Sep 17, 2025
e4cd5dd
Versions
arcanis Sep 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions .pnp.cjs
View file
Open in desktop

Large diffs are not rendered by default.

35 changes: 35 additions & 0 deletions .yarn/versions/25eb93a2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
releases:
"@yarnpkg/core": minor
"@yarnpkg/plugin-essentials": minor
"@yarnpkg/plugin-npm": minor
"@yarnpkg/plugin-compat": minor
"@yarnpkg/plugin-constraints": minor
"@yarnpkg/plugin-dlx": minor
"@yarnpkg/plugin-exec": minor
"@yarnpkg/plugin-file": minor
"@yarnpkg/plugin-git": minor
"@yarnpkg/plugin-github": minor
"@yarnpkg/plugin-http": minor
"@yarnpkg/plugin-init": minor
"@yarnpkg/plugin-interactive-tools": minor
"@yarnpkg/plugin-jsr": minor
"@yarnpkg/plugin-link": minor
"@yarnpkg/plugin-nm": minor
"@yarnpkg/plugin-npm-cli": minor
"@yarnpkg/plugin-pack": minor
"@yarnpkg/plugin-patch": minor
"@yarnpkg/plugin-pnp": minor
"@yarnpkg/plugin-pnpm": minor
"@yarnpkg/plugin-stage": minor
"@yarnpkg/plugin-typescript": minor
"@yarnpkg/plugin-version": minor
"@yarnpkg/plugin-workspace-tools": minor
"@yarnpkg/builder": minor
"@yarnpkg/cli": minor
"@yarnpkg/doctor": minor
"@yarnpkg/extensions": minor
"@yarnpkg/nm": minor
"@yarnpkg/pnpify": minor
"@yarnpkg/sdks": minor


2 changes: 1 addition & 1 deletion packages/acceptance-tests/pkg-tests-core/sources/utils/makeTemporaryEnv.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ const mte = generatePkgDriver({
) {
const rcEnv: Record<string, any> = {};
for (const [key, value] of Object.entries(config))
rcEnv[`YARN_${key.replace(/([A-Z])/g, `_$1`).toUpperCase()}`] = Array.isArray(value) ? value.join(`;`) : value;
rcEnv[`YARN_${key.replace(/([A-Z])/g, `_$1`).toUpperCase()}`] = Array.isArray(value) ? value.join(`,`) : value;
Copy link
Contributor Author

@bienzaaron bienzaaron Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like an a bug leftover from a while ago or something. My tests were failing because the array was not being parsed correctly -- they are comma-delimited when passed as YARN_ - see

berry/packages/yarnpkg-core/sources/Configuration.ts

Lines 754 to 759 in 5aad466

if (definition.isArray || (definition.type === SettingsType.ANY && Array.isArray(value))) {
if (!Array.isArray(value)) {
return String(value).split(/,/).map(segment => {
return parseSingleValue(configuration, path, segment, definition, folder);
});
} else {


const nativePath = npath.fromPortablePath(path);
const nativeHomePath = npath.dirname(nativePath);
Expand Down
23 changes: 21 additions & 2 deletions packages/acceptance-tests/pkg-tests-core/sources/utils/tests.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ export const TEST_TIMEOUT = os.endianness() === `BE`
? 300000
: 75000;

export type PackageEntry = Map<string, {path: string, packageJson: Record<string, any>}>;
export type PackageEntry = Map<string, {path: string, packageJson: Record<string, any>, releaseDate: string | undefined}>;
export type PackageRegistry = Map<string, PackageEntry>;

interface RunDriverOptions extends Record<string, any> {
Expand Down Expand Up @@ -177,6 +177,24 @@ export const ADVISORIES = new Map<string, Array<npmAuditTypes.AuditMetadata>>([
}]],
]);

const RELEASE_DATE_PACKAGES: Record<string, Record<string, number | string>> = {
"release-date": {
"1.0.0": new Date(new Date().getTime() - /* 10 days */ 1000 * 60 * 60 * 24 * 10).toISOString(),
"1.1.0": new Date(new Date().getTime() - /* 5 days */ 1000 * 60 * 60 * 24 * 5).toISOString(),
"1.1.1": new Date().toISOString(),
},
"release-date-transitive": {
"1.0.0": new Date(new Date().getTime() - /* 10 days */ 1000 * 60 * 60 * 24 * 10).toISOString(),
"1.1.0": new Date(new Date().getTime() - /* 5 days */ 1000 * 60 * 60 * 24 * 5).toISOString(),
"1.1.1": new Date().toISOString(),
},
"@scoped/release-date": {
"1.0.0": new Date(new Date().getTime() - /* 10 days */ 1000 * 60 * 60 * 24 * 10).toISOString(),
"1.1.0": new Date(new Date().getTime() - /* 5 days */ 1000 * 60 * 60 * 24 * 5).toISOString(),
"1.1.1": new Date().toISOString(),
},
};

Copy link
Contributor Author

@bienzaaron bienzaaron Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

open to a better way of storing/computing this metadata.

The only other thought I had was to store a delta (e.g. 5 days) in the fixture package.json metadata and calculate the registry response as now - delta from that. Less hardcoding that way.

Copy link
Member

@arcanis arcanis Sep 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The way you implemented it seems good to me 👍

export const validLogins = {
fooUser: new Login(`foo-user`),
barUser: new Login(`bar-user`),
Expand Down Expand Up @@ -233,7 +251,7 @@ export const getPackageRegistry = (): Promise<PackageRegistry> => {
const packageFile = ppath.join(packagesDir, packageName, Filename.manifest);
const packageJson = await xfs.readJsonPromise(packageFile);

const {name, version} = packageJson;
const {name, version}: {name: string, version: string} = packageJson;
if (name.startsWith(`git-`))
continue;

Expand Down Expand Up @@ -422,6 +440,7 @@ export const startPackageServer = ({type}: {type: keyof typeof packageServerUrls
}),
)),
),
time: name in RELEASE_DATE_PACKAGES ? RELEASE_DATE_PACKAGES[name] : undefined,
[`dist-tags`]: {
latest: semver.maxSatisfying(versions, `*`),
...distTags,
Expand Down
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/@scoped__release-date-1.0.0/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
4 changes: 4 additions & 0 deletions ...ges/acceptance-tests/pkg-tests-fixtures/packages/@scoped__release-date-1.0.0/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "@scoped/release-date",
"version": "1.0.0"
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/@scoped__release-date-1.1.0/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
4 changes: 4 additions & 0 deletions ...ges/acceptance-tests/pkg-tests-fixtures/packages/@scoped__release-date-1.1.0/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "@scoped/release-date",
"version": "1.1.0"
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/@scoped__release-date-1.1.1/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
4 changes: 4 additions & 0 deletions ...ges/acceptance-tests/pkg-tests-fixtures/packages/@scoped__release-date-1.1.1/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "@scoped/release-date",
"version": "1.1.1"
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-1.0.0/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-1.0.0/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"name": "release-date",
"version": "1.0.0",
"dependencies": {
"release-date-transitive": "^1.0.0"
}
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-1.1.0/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-1.1.0/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"name": "release-date",
"version": "1.1.0",
"dependencies": {
"release-date-transitive": "^1.0.0"
}
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-1.1.1/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-1.1.1/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"name": "release-date",
"version": "1.1.1",
"dependencies": {
"release-date-transitive": "^1.0.0"
}
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-transitive-1.0.0/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
4 changes: 4 additions & 0 deletions ...s/acceptance-tests/pkg-tests-fixtures/packages/release-date-transitive-1.0.0/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "release-date-transitive",
"version": "1.0.0"
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-transitive-1.1.0/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
4 changes: 4 additions & 0 deletions ...s/acceptance-tests/pkg-tests-fixtures/packages/release-date-transitive-1.1.0/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "release-date-transitive",
"version": "1.1.0"
}
7 changes: 7 additions & 0 deletions packages/acceptance-tests/pkg-tests-fixtures/packages/release-date-transitive-1.1.1/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
module.exports = require(`./package.json`);

for (const key of [`dependencies`, `devDependencies`, `peerDependencies`]) {
for (const dep of Object.keys(module.exports[key] || {})) {
module.exports[key][dep] = require(dep);
}
}
4 changes: 4 additions & 0 deletions ...s/acceptance-tests/pkg-tests-fixtures/packages/release-date-transitive-1.1.1/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "release-date-transitive",
"version": "1.1.1"
}
Loading
Loading