deps: upgrade tslib to 2.4.0, remove @yarn-tool/resolve-package

agilgur5 · agilgur5 · commit 189aaa5e141b · 2022-05-14T11:25:14.000-04:00
- tslib 2.4.0 is forward and backward-compatible with older and newer
  Node exports mechanisms, so the Node 17 error should no longer be
  present
  - it has the older `./` and the newer `./*` in its package exports,
    which should allow for `package.json` to be read in both older and
    newer implementations

- this allows us to remove the extra dep on `@yarn-tool/resolve-package`
  as well
  - other than less unnecessary deps being good,
    `@yarn-tool/resolve-package` is also a not well-documented package
    with very few users, which does not make for a good security posture
    for rpt2 (which has historically prioritized supply chain security
    in other issues around deps) or, in particular, its consumers, which
    there are very many of (in contrast with `@yarn-tool`)
  - per my issue comment, we could also have avoided the extra dep prior
    to the tslib upgrade by resolving to absolute paths, as Node only
    does a "weak" encapsulation of relative imports

- test: add a small unit test for tslib.ts to ensure that this method
  works and passes on different Node versions in CI
  - more a smoke test that it runs at all, the testing is additional
    and a bit duplicative of the source tbh
diff --git a/__tests__/tslib.spec.ts b/__tests__/tslib.spec.ts
@@ -0,0 +1,11 @@
+import { test, expect } from "@jest/globals";
+import * as fs from "fs-extra";
+
+import { tslibVersion, tslibSource } from "../src/tslib";
+
+test("tslib", async () => {
+  expect(tslibVersion).toEqual(require("tslib/package.json").version);
+
+  const tslibES6 = await fs.readFile(require.resolve("tslib/tslib.es6.js"), "utf8");
+  expect(tslibSource).toEqual(tslibES6);
+});
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -33,11 +33,10 @@
   },
   "dependencies": {
     "@rollup/pluginutils": "^4.1.2",
-    "@yarn-tool/resolve-package": "^1.0.40",
     "find-cache-dir": "^3.3.2",
     "fs-extra": "^10.0.0",
     "resolve": "^1.20.0",
-    "tslib": "^2.3.1"
+    "tslib": "^2.4.0"
   },
   "peerDependencies": {
     "rollup": ">=1.26.3",
diff --git a/src/tslib.ts b/src/tslib.ts
@@ -5,12 +5,12 @@ export const TSLIB = "tslib";
 export const TSLIB_VIRTUAL = "\0tslib.js";
 export let tslibSource: string;
 export let tslibVersion: string;
+
 try
 {
 	// tslint:disable-next-line:no-string-literal no-var-requires
-	const _ = require("@yarn-tool/resolve-package").resolvePackage('tslib');
-	const tslibPackage = _.pkg;
-	const tslibPath = _.resolveLocation(tslibPackage.module);
+	const tslibPackage = require("tslib/package.json");
+	const tslibPath = require.resolve("tslib/" + tslibPackage.module);
 	tslibSource = readFileSync(tslibPath, "utf8");
 	tslibVersion = tslibPackage.version;
 } catch (e)
